Will Wayland ever support graphical sudo?

Is this a permanent feature of Wayland (there by design)

No. This has nothing to do with the wayland protocol. It is rather a question of environment setup.

Wayland uses a socket, its name is stored in WAYLAND_DISPLAY. It is located in XDG_RUNTIME_DIR that is normally set up for user access only. But root can access it, too. (Some applications also regard XDG_SESSION_TYPE which can have values wayland or x11 to decide whether to use X or Wayland.)

sudo deletes most environment variables including XDG_RUNTIME_DIR and WAYLAND_DISPLAY.

You can run wayland applications as root with:

sudo env XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR WAYLAND_SOCKET=$WAYLAND_SOCKET waylandapplication

or shorter with -EH to preserve almost all environment variables (but setting HOME to /root). This will include DISPLAY and XAUTHORITY for Xwayland access, too:

sudo -EH application

Though, if the application running as root writes anything in XDG_RUNTIME_DIR, it can cause file permission issues for user applications.

However, running graphical applications as root in wayland is much less a security issue than it is in X11.

To avoid using X11 accidently, you can run without DISPLAY:

sudo -EH env DISPLAY=  waylandapplication

I'm looking for a documented statement (roadmap, design page...), not preference or opinion.

The Wayland documentation mentions WAYLAND_DISPLAY, but I do not find anything about XDG_RUNTIME_DIR. Though, all wayland compositors including the reference implementation weston depend on XDG_RUNTIME_DIR.

If WAYLAND_DISPLAY would be at another location, it would not be a problem to run applications from arbitrary users on the same wayland display. But XDG_RUNTIME_DIR ist specified to be restricted on the logged-in user and should contain user related sockets:

$XDG_RUNTIME_DIR defines the base directory relative to which user-specific non-essential runtime files and other file objects (such as sockets, named pipes, ...) should be stored. The directory MUST be owned by the user, and he MUST be the only one having read and write access to it. Its Unix access mode MUST be 0700.

The issues with running another user or root on wayland are rather related to the XDG_RUNTIME_DIR specification than to wayland itself. If you specify a custom XDG_RUNTIME_DIR in /tmp with arbitrary access (thus breaking its specification), all users can use the wayland display.

There is some hope for the future not to need XDG_RUNTIME_DIR, but it depends on the implementation: Wayland docu chap.4:

Beginning in Wayland 1.15, implementations can optionally support server socket endpoints located at arbitrary locations in the filesystem by setting WAYLAND_DISPLAY to the absolute path at which the server endpoint listens.

Tags:

Sudo

Su

Wayland