Running X11 Apps Via Different User

Mbm329 05:14, March 12, 2012 (UTC)

We have a user (fred) that needs to run an X11 application as another user (barney). The problem with this is that X11 doesn't like to allow the application to run as another user (security feature) and rejects the connection.

Connecting to Display... X11 connection rejected because of wrong authentication. X connection to 192.168.1.2:10.0 broken (explicit kill or server shutdown).

There is one way to do this by exporting fred's X11 magic cookie by hand and importing it as barney. However, for users that don't know how to do this, and/or lazy users that "Just Want It To Work"^^TM^^, I decided to keep the process simple.

We tend to let sudo manage who can run what as another user. So keeping with the theme, I wrote xsudo. Just a wrapper that handles the xauth nextract/nmerge work, and lets sudo determine who can run what.


 * 1) !/bin/sh

usage { echo "USAGE:\n ${0} -u   " exit 1 }

while [ "${1}" != '' ] ;do case ${1} in   -u)      user=${2}      shift 2    ;;    *) command=${@} break ;; esac done

if echo "${command}" | grep ^\- >/dev/null ;then echo "${command}" invalid command. usage fi

if [ "${user}" = '' ] ;then echo "User not specified" usage fi

if [ ${DISPLAY} = '' ] ;then echo "$DISPLAY is not set. You must have a $DISPLAY variable set." usage fi

MY_HOME=${HOME} USER_HOME=$(echo ~${user})

sudo -v rval=$? if [ ${rval} -gt 0 ] ;then echo "Sudo validation failed." usage fi

cookie=$(xauth nextract - $DISPLAY)

export HOME=${USER_HOME} echo "${cookie}" | sudo -u ${user} xauth nmerge - sudo -u ${user} ${command}

export HOME=${MY_HOME}

Place it in a directory commonly accessed by your users (/usr/local/bin) and turn their :( into a :)