Fandom

BrainScraps Wiki

Running X11 Apps Via Different User

21pages on
this wiki
Add New Page
Comments0 Share

Mbm329 05:14, March 12, 2012 (UTC)

We have a user (fred) that needs to run an X11 application as another user (barney). The problem with this is that X11 doesn't like to allow the application to run as another user (security feature) and rejects the connection.

Connecting to Display...
X11 connection rejected because of wrong authentication.
X connection to 192.168.1.2:10.0 broken (explicit kill or server shutdown).

There is one way to do this by exporting fred's X11 magic cookie by hand and importing it as barney. However, for users that don't know how to do this, and/or lazy users that "Just Want It To Work"^^TM^^, I decided to keep the process simple.

We tend to let sudo manage who can run what as another user. So keeping with the theme, I wrote xsudo. Just a wrapper that handles the xauth nextract/nmerge work, and lets sudo determine who can run what.

#!/bin/sh

usage() {
  echo "USAGE:\n  ${0} -u <user> <command> <args>"
  exit 1
}

while [ "${1}" != '' ] ;do
  case ${1} in
    -u)
      user=${2}
      shift 2
    ;;
    *)
      command=${@}
      break
    ;;
  esac
done

if echo "${command}" | grep ^\- >/dev/null ;then
  echo "${command}" invalid command.
  usage
fi

if [ "${user}" = '' ] ;then
  echo "User not specified"
  usage
fi

if [ ${DISPLAY} = '' ] ;then
  echo "$DISPLAY is not set.  You must have a $DISPLAY variable set."
  usage
fi

MY_HOME=${HOME}
USER_HOME=$(echo ~${user})

sudo -v
rval=$?
if [ ${rval} -gt 0 ] ;then
  echo "Sudo validation failed."
  usage
fi

cookie=$(xauth nextract - $DISPLAY)

export HOME=${USER_HOME}
echo "${cookie}" | sudo -u ${user} xauth nmerge -
sudo -u ${user} ${command}

export HOME=${MY_HOME}

Place it in a directory commonly accessed by your users (/usr/local/bin) and turn their :( into a :)

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.