how to use xauth to run graphical application via other user on linux The Next CEO of Stack...

If I blow insulation everywhere in my attic except the door trap, will heat escape through it?

Can a single photon have an energy density?

Trouble understanding the speech of overseas colleagues

WOW air has ceased operation, can I get my tickets refunded?

Why doesn't a table tennis ball float on the surface? How do we calculate buoyancy here?

What's the point of interval inversion?

Anatomically Correct Strange Women In Ponds Distributing Swords

Why didn't Khan get resurrected in the Genesis Explosion?

Was a professor correct to chastise me for writing "Prof. X" rather than "Professor X"?

Should I tutor a student who I know has cheated on their homework?

Is a stroke of luck acceptable after a series of unfavorable events?

What size rim is OK?

How to start emacs in "nothing" mode (`fundamental-mode`)

A pseudo-riley?

Term for the "extreme-extension" version of a straw man fallacy?

MAZDA 3 2006 (UK) - poor acceleration then takes off at 3250 revs

How to be diplomatic in refusing to write code that breaches the privacy of our users

What happens if you roll doubles 3 times then land on "Go to jail?"

Return the Closest Prime Number

Is it okay to store user locations?

Increase performance creating Mandelbrot set in python

Any way to transfer all permissions from one role to another?

How can I open an app using Terminal?

What can we do to stop prior company from asking us questions?



how to use xauth to run graphical application via other user on linux



The Next CEO of Stack Overflowsudo to other user doesn't preserve DISPLAY variableHow to run a server on port 80 as a normal user on Linux?Accessing SSH_AUTH_SOCK from another non-root userHow to configure PHP CLI on linux ubuntu to run as www-data?su between regular user accounts fails with “su: incorrect password”How can I implement ansible with per-host passwords, securely?Setting default permissions on newly created files/foldersLimit number of concurrent users switching to root account?How to set the minimum acl permissions for an user who is included in two or more user groups with different permissions in linux?setup apache www directory for multiple users over sftpGetting info about a weird directory












46















My regular user account is, let's say, user1. I created separate user2 for some x application that i would like to run while being logged into x as user1 but in a way that will prevent it from read/write access to user1 data. I thought that i could use xauth and sudo/su to user2 from user1 to run this application. How do i do this? I'm not sure how to configure xauth.










share|improve this question



























    46















    My regular user account is, let's say, user1. I created separate user2 for some x application that i would like to run while being logged into x as user1 but in a way that will prevent it from read/write access to user1 data. I thought that i could use xauth and sudo/su to user2 from user1 to run this application. How do i do this? I'm not sure how to configure xauth.










    share|improve this question

























      46












      46








      46


      17






      My regular user account is, let's say, user1. I created separate user2 for some x application that i would like to run while being logged into x as user1 but in a way that will prevent it from read/write access to user1 data. I thought that i could use xauth and sudo/su to user2 from user1 to run this application. How do i do this? I'm not sure how to configure xauth.










      share|improve this question














      My regular user account is, let's say, user1. I created separate user2 for some x application that i would like to run while being logged into x as user1 but in a way that will prevent it from read/write access to user1 data. I thought that i could use xauth and sudo/su to user2 from user1 to run this application. How do i do this? I'm not sure how to configure xauth.







      linux sudo






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Aug 6 '09 at 16:19









      PhilPhil

      75651731




      75651731






















          11 Answers
          11






          active

          oldest

          votes


















          30














          To use xauth selectively, as user1 run:



          xauth list|grep `uname -n`


          This prints the hexkey authorization entries for you . You could have different displays associated with those hosts as well.



          As user2 set your display (assuming default case):



          DISPLAY=:0; export DISPLAY


          Then run:



          xauth add $DISPLAY . hexkey


          Note the dot after the $DISPLAY and before the hexkey.



          When access is no longer needed, as user2 you can run:



          xauth remove $DISPLAY





          share|improve this answer
























          • Problem 1: user2 has no .Xauthority file in user2's home directory. Problem 2: Somehow and for some reason I dont' understand, after su, XAUTHORITY holds the filepath to user1's. But that file is not readable by user2.

            – Otheus
            Nov 4 '15 at 12:34











          • Seems, you forgot unset XAUTHORITY under user2

            – socketpair
            Dec 28 '15 at 21:37













          • is the hexkey in the xauth add command the same as from xauth list or do I have to create a random new one?

            – bonanza
            Jul 15 '16 at 6:56











          • bonanza: it is the the one output from xauth list.

            – John Eikenberry
            Jan 4 '17 at 22:40











          • Another way to do this is would be something like... "xauth extract - $DISPLAY | sudo -iu steam xauth merge -". In this case I have XAUTHORITY set in .profile, so the 'sudo -i' gets that set right.

            – John Eikenberry
            Jan 4 '17 at 22:42





















          12














          I put in my .zshrc a line with export XAUTHORITY=~/.Xauthority and now I am able to execute sudo -E xcommand. After a lot of googling, for me this was the easiest way.






          share|improve this answer



















          • 1





            Note that this procedure would not normally require you to use sudo -E (and using -E is disabled on most default installs) because normally the default sudoers configuration would allow the XAUTHORITY environment variable to be passed to sudo.

            – Guss
            Jul 20 '11 at 14:33











          • @Guss It doesn't require -E. It can be set as a variable that can be passed, and either Red Hat or Debian suggests it.

            – Daniel C. Sobral
            May 3 '12 at 20:15











          • @DanielC.Sobral - that's what I said :-)

            – Guss
            May 4 '12 at 20:19











          • @Guss Oh, sorry. I somehow inverted every sentence you wrote. :-)

            – Daniel C. Sobral
            May 4 '12 at 21:37











          • Still didn't work for me, on Mac OS X with zsh

            – Sridhar-Sarnobat
            Aug 22 '17 at 15:52



















          10














          Assuming debian or ubuntu (should be similar on Red Hat / SUSE).



          sudo apt-get install sux
          sux user -c 'command'





          share|improve this answer
























          • +1 good answer, no point in reinventing the wheel. Incidentally, sux mostly does what my answer above suggests. It's more powerful and easier to use of course.

            – sleske
            Aug 7 '09 at 12:13











          • You may note, that 'sux' indeed is a simple shell script, too..

            – Martin Mächler
            Feb 2 '13 at 17:18






          • 4





            sux is unmaintained (and removed from Debian/Ubuntu's repositories): packages.qa.debian.org/s/sux/news/20140101T172633Z.html

            – Rob W
            Feb 5 '16 at 20:28



















          9














          First: Don't use xhost +, it's rather insecure (blanket allow/deny).



          Rather use the X-Cookie mechanism:



          su user2
          cp /home/user1/.Xauthority /home/user2/.Xauthority
          export DISPLAY=:0


          Alternatively, if you have sux installed, use that (see ehempel's answer).



          In both cases user2 will use the secret cookie in .Xauthority to authorize to the X server, and no one else will have access to it.



          Notes:




          • Depending on your file permissions, you might have to copy .Xauthority in some other way.

          • Instead of copying .Xauthority, you can also use xauth to extract and copy the authorization key (see Randall's answer). If you have multiple keys in the .Xauthority file this is more selective; otherwise it is a matter of taste.






          share|improve this answer


























          • yeah,i have root access on that machine

            – Phil
            Aug 6 '09 at 17:52











          • This is just manually copying the xauth cookies via root access. This is no different from using xauth as Randall explains in the (current) top answer, except it copies every cookie that 'xauth list' would show. So this is less secure than the top xauth answer which would only add the cookies you pick.

            – John Eikenberry
            Jan 4 '17 at 22:39











          • @JohnEikenberry: True, thanks for pointing this out. I updated my answer.

            – sleske
            Feb 16 '17 at 9:43



















          7














          This will fix the problem for all users:



          cat <<EOF > /etc/profile.d/xauth.sh
          #!/sbin/bash
          export XAUTHORITY=~/.Xauthority
          EOF





          share|improve this answer
























          • This is basically what I've done and it works great, thanks!

            – Guss
            Jul 20 '11 at 14:32



















          3














          As root:



          xhost local:yourusername


          Where yourusername is your user name :)



          Then do su as your user
          xclock should work if it's installed






          share|improve this answer































            2














            These are just hacks:




            • xauth + (unsecure)

            • ssh -X user2@localhost (ugly)


            sleske above has, I think, the proper solution.






            share|improve this answer
























            • ssh -X is a very simple and elegant solution, not depending on any deprecated/unmaintained gtk/kde stuff (which require installing more binaries with SUID bit...).

              – Stefan
              Mar 10 '18 at 20:52



















            2














            I found something that works great for me on KDE



            kdesu -u username /path/to/program





            share|improve this answer
























            • On debian part of kde-cli-tools, and not in $PATH but in /usr/lib/x86_64-linux-gnu/libexec/kf5/kdesu (obviously depending on architecture).

              – Stefan
              Mar 10 '18 at 20:48



















            0














            This way made in suse/opensuse :
            http://www.novell.com/support/kb/doc.php?id=7003743



            Simply modifying the /etc/pam.d/su, adding the option (bold) :




            session optional pam_xauth.so systemuser=1




            Then you can switch with su without - :




            su user2




            and run the app graphically.






            share|improve this answer































              0














              Thids is WAY TOO CONVOLUTED for me who just wants to use Synaptic on Bionic Beaver.



              I try one solution and that leads me to 20 other "things" that don't work as they should so all you have in the end is a bunch of half measures trying to hold the OS together with bubble gum and shoestrings.



              Who are these people that work for nothing and have probably had very little formal traiing training to maintain and upgrade an OS let alone writing good software that's well tested with no knowledge or understanding of of the whole which ultimately becomes a patch to a patch for a patch. With each release it just gets worse.



              Same thing happened to Firefox causing them to abandon all those years of effort to become a branch of Chrome. Even Windows isn't all that great but it works well enough to be reliable. If the government hadn't gave them a pass on liability it would be a much better system.



              Time to face the fact that unpaid software will never be a good solution in a capitalist world.





              share








              New contributor




              CityguyUSA is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
              Check out our Code of Conduct.




























                -1














                For GNOME (and without any desktop environment really, I use it with icewm only) gksu:



                gksu -u username program





                share|improve this answer
























                • "gksu has been deprecated for years": bugs.debian.org/cgi-bin/bugreport.cgi?bug=867236

                  – Stefan
                  Mar 10 '18 at 20:45











                • @Stefan note that this Debian bug is about premise that elevating privileges for whole program is bad idea, and that the program should instead be modified to just execute minimal helpers with elevated privileges instead (using PolicyKit). This question (and my answer) is about reducing privileges, which is another thing altogether and in fact good idea (for example, for random browsing I have shortcut that execute firefox under some less privileged account that my default one, so any exploit there can't touch my data - and gksu(8) is quite fine for that)

                  – Matija Nalis
                  Mar 12 '18 at 14:40











                • All that is fine, but using a deprecated and unmaintained SUID binary is just wrong. This answer might have been useful in the past, but isn't anymore.

                  – Stefan
                  Mar 12 '18 at 21:42












                Your Answer








                StackExchange.ready(function() {
                var channelOptions = {
                tags: "".split(" "),
                id: "2"
                };
                initTagRenderer("".split(" "), "".split(" "), channelOptions);

                StackExchange.using("externalEditor", function() {
                // Have to fire editor after snippets, if snippets enabled
                if (StackExchange.settings.snippets.snippetsEnabled) {
                StackExchange.using("snippets", function() {
                createEditor();
                });
                }
                else {
                createEditor();
                }
                });

                function createEditor() {
                StackExchange.prepareEditor({
                heartbeatType: 'answer',
                autoActivateHeartbeat: false,
                convertImagesToLinks: true,
                noModals: true,
                showLowRepImageUploadWarning: true,
                reputationToPostImages: 10,
                bindNavPrevention: true,
                postfix: "",
                imageUploader: {
                brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
                contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
                allowUrls: true
                },
                onDemand: true,
                discardSelector: ".discard-answer"
                ,immediatelyShowMarkdownHelp:true
                });


                }
                });














                draft saved

                draft discarded


















                StackExchange.ready(
                function () {
                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f51005%2fhow-to-use-xauth-to-run-graphical-application-via-other-user-on-linux%23new-answer', 'question_page');
                }
                );

                Post as a guest















                Required, but never shown

























                11 Answers
                11






                active

                oldest

                votes








                11 Answers
                11






                active

                oldest

                votes









                active

                oldest

                votes






                active

                oldest

                votes









                30














                To use xauth selectively, as user1 run:



                xauth list|grep `uname -n`


                This prints the hexkey authorization entries for you . You could have different displays associated with those hosts as well.



                As user2 set your display (assuming default case):



                DISPLAY=:0; export DISPLAY


                Then run:



                xauth add $DISPLAY . hexkey


                Note the dot after the $DISPLAY and before the hexkey.



                When access is no longer needed, as user2 you can run:



                xauth remove $DISPLAY





                share|improve this answer
























                • Problem 1: user2 has no .Xauthority file in user2's home directory. Problem 2: Somehow and for some reason I dont' understand, after su, XAUTHORITY holds the filepath to user1's. But that file is not readable by user2.

                  – Otheus
                  Nov 4 '15 at 12:34











                • Seems, you forgot unset XAUTHORITY under user2

                  – socketpair
                  Dec 28 '15 at 21:37













                • is the hexkey in the xauth add command the same as from xauth list or do I have to create a random new one?

                  – bonanza
                  Jul 15 '16 at 6:56











                • bonanza: it is the the one output from xauth list.

                  – John Eikenberry
                  Jan 4 '17 at 22:40











                • Another way to do this is would be something like... "xauth extract - $DISPLAY | sudo -iu steam xauth merge -". In this case I have XAUTHORITY set in .profile, so the 'sudo -i' gets that set right.

                  – John Eikenberry
                  Jan 4 '17 at 22:42


















                30














                To use xauth selectively, as user1 run:



                xauth list|grep `uname -n`


                This prints the hexkey authorization entries for you . You could have different displays associated with those hosts as well.



                As user2 set your display (assuming default case):



                DISPLAY=:0; export DISPLAY


                Then run:



                xauth add $DISPLAY . hexkey


                Note the dot after the $DISPLAY and before the hexkey.



                When access is no longer needed, as user2 you can run:



                xauth remove $DISPLAY





                share|improve this answer
























                • Problem 1: user2 has no .Xauthority file in user2's home directory. Problem 2: Somehow and for some reason I dont' understand, after su, XAUTHORITY holds the filepath to user1's. But that file is not readable by user2.

                  – Otheus
                  Nov 4 '15 at 12:34











                • Seems, you forgot unset XAUTHORITY under user2

                  – socketpair
                  Dec 28 '15 at 21:37













                • is the hexkey in the xauth add command the same as from xauth list or do I have to create a random new one?

                  – bonanza
                  Jul 15 '16 at 6:56











                • bonanza: it is the the one output from xauth list.

                  – John Eikenberry
                  Jan 4 '17 at 22:40











                • Another way to do this is would be something like... "xauth extract - $DISPLAY | sudo -iu steam xauth merge -". In this case I have XAUTHORITY set in .profile, so the 'sudo -i' gets that set right.

                  – John Eikenberry
                  Jan 4 '17 at 22:42
















                30












                30








                30







                To use xauth selectively, as user1 run:



                xauth list|grep `uname -n`


                This prints the hexkey authorization entries for you . You could have different displays associated with those hosts as well.



                As user2 set your display (assuming default case):



                DISPLAY=:0; export DISPLAY


                Then run:



                xauth add $DISPLAY . hexkey


                Note the dot after the $DISPLAY and before the hexkey.



                When access is no longer needed, as user2 you can run:



                xauth remove $DISPLAY





                share|improve this answer













                To use xauth selectively, as user1 run:



                xauth list|grep `uname -n`


                This prints the hexkey authorization entries for you . You could have different displays associated with those hosts as well.



                As user2 set your display (assuming default case):



                DISPLAY=:0; export DISPLAY


                Then run:



                xauth add $DISPLAY . hexkey


                Note the dot after the $DISPLAY and before the hexkey.



                When access is no longer needed, as user2 you can run:



                xauth remove $DISPLAY






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Aug 7 '09 at 18:11









                RandallRandall

                49634




                49634













                • Problem 1: user2 has no .Xauthority file in user2's home directory. Problem 2: Somehow and for some reason I dont' understand, after su, XAUTHORITY holds the filepath to user1's. But that file is not readable by user2.

                  – Otheus
                  Nov 4 '15 at 12:34











                • Seems, you forgot unset XAUTHORITY under user2

                  – socketpair
                  Dec 28 '15 at 21:37













                • is the hexkey in the xauth add command the same as from xauth list or do I have to create a random new one?

                  – bonanza
                  Jul 15 '16 at 6:56











                • bonanza: it is the the one output from xauth list.

                  – John Eikenberry
                  Jan 4 '17 at 22:40











                • Another way to do this is would be something like... "xauth extract - $DISPLAY | sudo -iu steam xauth merge -". In this case I have XAUTHORITY set in .profile, so the 'sudo -i' gets that set right.

                  – John Eikenberry
                  Jan 4 '17 at 22:42





















                • Problem 1: user2 has no .Xauthority file in user2's home directory. Problem 2: Somehow and for some reason I dont' understand, after su, XAUTHORITY holds the filepath to user1's. But that file is not readable by user2.

                  – Otheus
                  Nov 4 '15 at 12:34











                • Seems, you forgot unset XAUTHORITY under user2

                  – socketpair
                  Dec 28 '15 at 21:37













                • is the hexkey in the xauth add command the same as from xauth list or do I have to create a random new one?

                  – bonanza
                  Jul 15 '16 at 6:56











                • bonanza: it is the the one output from xauth list.

                  – John Eikenberry
                  Jan 4 '17 at 22:40











                • Another way to do this is would be something like... "xauth extract - $DISPLAY | sudo -iu steam xauth merge -". In this case I have XAUTHORITY set in .profile, so the 'sudo -i' gets that set right.

                  – John Eikenberry
                  Jan 4 '17 at 22:42



















                Problem 1: user2 has no .Xauthority file in user2's home directory. Problem 2: Somehow and for some reason I dont' understand, after su, XAUTHORITY holds the filepath to user1's. But that file is not readable by user2.

                – Otheus
                Nov 4 '15 at 12:34





                Problem 1: user2 has no .Xauthority file in user2's home directory. Problem 2: Somehow and for some reason I dont' understand, after su, XAUTHORITY holds the filepath to user1's. But that file is not readable by user2.

                – Otheus
                Nov 4 '15 at 12:34













                Seems, you forgot unset XAUTHORITY under user2

                – socketpair
                Dec 28 '15 at 21:37







                Seems, you forgot unset XAUTHORITY under user2

                – socketpair
                Dec 28 '15 at 21:37















                is the hexkey in the xauth add command the same as from xauth list or do I have to create a random new one?

                – bonanza
                Jul 15 '16 at 6:56





                is the hexkey in the xauth add command the same as from xauth list or do I have to create a random new one?

                – bonanza
                Jul 15 '16 at 6:56













                bonanza: it is the the one output from xauth list.

                – John Eikenberry
                Jan 4 '17 at 22:40





                bonanza: it is the the one output from xauth list.

                – John Eikenberry
                Jan 4 '17 at 22:40













                Another way to do this is would be something like... "xauth extract - $DISPLAY | sudo -iu steam xauth merge -". In this case I have XAUTHORITY set in .profile, so the 'sudo -i' gets that set right.

                – John Eikenberry
                Jan 4 '17 at 22:42







                Another way to do this is would be something like... "xauth extract - $DISPLAY | sudo -iu steam xauth merge -". In this case I have XAUTHORITY set in .profile, so the 'sudo -i' gets that set right.

                – John Eikenberry
                Jan 4 '17 at 22:42















                12














                I put in my .zshrc a line with export XAUTHORITY=~/.Xauthority and now I am able to execute sudo -E xcommand. After a lot of googling, for me this was the easiest way.






                share|improve this answer



















                • 1





                  Note that this procedure would not normally require you to use sudo -E (and using -E is disabled on most default installs) because normally the default sudoers configuration would allow the XAUTHORITY environment variable to be passed to sudo.

                  – Guss
                  Jul 20 '11 at 14:33











                • @Guss It doesn't require -E. It can be set as a variable that can be passed, and either Red Hat or Debian suggests it.

                  – Daniel C. Sobral
                  May 3 '12 at 20:15











                • @DanielC.Sobral - that's what I said :-)

                  – Guss
                  May 4 '12 at 20:19











                • @Guss Oh, sorry. I somehow inverted every sentence you wrote. :-)

                  – Daniel C. Sobral
                  May 4 '12 at 21:37











                • Still didn't work for me, on Mac OS X with zsh

                  – Sridhar-Sarnobat
                  Aug 22 '17 at 15:52
















                12














                I put in my .zshrc a line with export XAUTHORITY=~/.Xauthority and now I am able to execute sudo -E xcommand. After a lot of googling, for me this was the easiest way.






                share|improve this answer



















                • 1





                  Note that this procedure would not normally require you to use sudo -E (and using -E is disabled on most default installs) because normally the default sudoers configuration would allow the XAUTHORITY environment variable to be passed to sudo.

                  – Guss
                  Jul 20 '11 at 14:33











                • @Guss It doesn't require -E. It can be set as a variable that can be passed, and either Red Hat or Debian suggests it.

                  – Daniel C. Sobral
                  May 3 '12 at 20:15











                • @DanielC.Sobral - that's what I said :-)

                  – Guss
                  May 4 '12 at 20:19











                • @Guss Oh, sorry. I somehow inverted every sentence you wrote. :-)

                  – Daniel C. Sobral
                  May 4 '12 at 21:37











                • Still didn't work for me, on Mac OS X with zsh

                  – Sridhar-Sarnobat
                  Aug 22 '17 at 15:52














                12












                12








                12







                I put in my .zshrc a line with export XAUTHORITY=~/.Xauthority and now I am able to execute sudo -E xcommand. After a lot of googling, for me this was the easiest way.






                share|improve this answer













                I put in my .zshrc a line with export XAUTHORITY=~/.Xauthority and now I am able to execute sudo -E xcommand. After a lot of googling, for me this was the easiest way.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Jan 14 '11 at 17:54









                kfl62kfl62

                23157




                23157








                • 1





                  Note that this procedure would not normally require you to use sudo -E (and using -E is disabled on most default installs) because normally the default sudoers configuration would allow the XAUTHORITY environment variable to be passed to sudo.

                  – Guss
                  Jul 20 '11 at 14:33











                • @Guss It doesn't require -E. It can be set as a variable that can be passed, and either Red Hat or Debian suggests it.

                  – Daniel C. Sobral
                  May 3 '12 at 20:15











                • @DanielC.Sobral - that's what I said :-)

                  – Guss
                  May 4 '12 at 20:19











                • @Guss Oh, sorry. I somehow inverted every sentence you wrote. :-)

                  – Daniel C. Sobral
                  May 4 '12 at 21:37











                • Still didn't work for me, on Mac OS X with zsh

                  – Sridhar-Sarnobat
                  Aug 22 '17 at 15:52














                • 1





                  Note that this procedure would not normally require you to use sudo -E (and using -E is disabled on most default installs) because normally the default sudoers configuration would allow the XAUTHORITY environment variable to be passed to sudo.

                  – Guss
                  Jul 20 '11 at 14:33











                • @Guss It doesn't require -E. It can be set as a variable that can be passed, and either Red Hat or Debian suggests it.

                  – Daniel C. Sobral
                  May 3 '12 at 20:15











                • @DanielC.Sobral - that's what I said :-)

                  – Guss
                  May 4 '12 at 20:19











                • @Guss Oh, sorry. I somehow inverted every sentence you wrote. :-)

                  – Daniel C. Sobral
                  May 4 '12 at 21:37











                • Still didn't work for me, on Mac OS X with zsh

                  – Sridhar-Sarnobat
                  Aug 22 '17 at 15:52








                1




                1





                Note that this procedure would not normally require you to use sudo -E (and using -E is disabled on most default installs) because normally the default sudoers configuration would allow the XAUTHORITY environment variable to be passed to sudo.

                – Guss
                Jul 20 '11 at 14:33





                Note that this procedure would not normally require you to use sudo -E (and using -E is disabled on most default installs) because normally the default sudoers configuration would allow the XAUTHORITY environment variable to be passed to sudo.

                – Guss
                Jul 20 '11 at 14:33













                @Guss It doesn't require -E. It can be set as a variable that can be passed, and either Red Hat or Debian suggests it.

                – Daniel C. Sobral
                May 3 '12 at 20:15





                @Guss It doesn't require -E. It can be set as a variable that can be passed, and either Red Hat or Debian suggests it.

                – Daniel C. Sobral
                May 3 '12 at 20:15













                @DanielC.Sobral - that's what I said :-)

                – Guss
                May 4 '12 at 20:19





                @DanielC.Sobral - that's what I said :-)

                – Guss
                May 4 '12 at 20:19













                @Guss Oh, sorry. I somehow inverted every sentence you wrote. :-)

                – Daniel C. Sobral
                May 4 '12 at 21:37





                @Guss Oh, sorry. I somehow inverted every sentence you wrote. :-)

                – Daniel C. Sobral
                May 4 '12 at 21:37













                Still didn't work for me, on Mac OS X with zsh

                – Sridhar-Sarnobat
                Aug 22 '17 at 15:52





                Still didn't work for me, on Mac OS X with zsh

                – Sridhar-Sarnobat
                Aug 22 '17 at 15:52











                10














                Assuming debian or ubuntu (should be similar on Red Hat / SUSE).



                sudo apt-get install sux
                sux user -c 'command'





                share|improve this answer
























                • +1 good answer, no point in reinventing the wheel. Incidentally, sux mostly does what my answer above suggests. It's more powerful and easier to use of course.

                  – sleske
                  Aug 7 '09 at 12:13











                • You may note, that 'sux' indeed is a simple shell script, too..

                  – Martin Mächler
                  Feb 2 '13 at 17:18






                • 4





                  sux is unmaintained (and removed from Debian/Ubuntu's repositories): packages.qa.debian.org/s/sux/news/20140101T172633Z.html

                  – Rob W
                  Feb 5 '16 at 20:28
















                10














                Assuming debian or ubuntu (should be similar on Red Hat / SUSE).



                sudo apt-get install sux
                sux user -c 'command'





                share|improve this answer
























                • +1 good answer, no point in reinventing the wheel. Incidentally, sux mostly does what my answer above suggests. It's more powerful and easier to use of course.

                  – sleske
                  Aug 7 '09 at 12:13











                • You may note, that 'sux' indeed is a simple shell script, too..

                  – Martin Mächler
                  Feb 2 '13 at 17:18






                • 4





                  sux is unmaintained (and removed from Debian/Ubuntu's repositories): packages.qa.debian.org/s/sux/news/20140101T172633Z.html

                  – Rob W
                  Feb 5 '16 at 20:28














                10












                10








                10







                Assuming debian or ubuntu (should be similar on Red Hat / SUSE).



                sudo apt-get install sux
                sux user -c 'command'





                share|improve this answer













                Assuming debian or ubuntu (should be similar on Red Hat / SUSE).



                sudo apt-get install sux
                sux user -c 'command'






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Aug 7 '09 at 2:18









                ehempelehempel

                1474




                1474













                • +1 good answer, no point in reinventing the wheel. Incidentally, sux mostly does what my answer above suggests. It's more powerful and easier to use of course.

                  – sleske
                  Aug 7 '09 at 12:13











                • You may note, that 'sux' indeed is a simple shell script, too..

                  – Martin Mächler
                  Feb 2 '13 at 17:18






                • 4





                  sux is unmaintained (and removed from Debian/Ubuntu's repositories): packages.qa.debian.org/s/sux/news/20140101T172633Z.html

                  – Rob W
                  Feb 5 '16 at 20:28



















                • +1 good answer, no point in reinventing the wheel. Incidentally, sux mostly does what my answer above suggests. It's more powerful and easier to use of course.

                  – sleske
                  Aug 7 '09 at 12:13











                • You may note, that 'sux' indeed is a simple shell script, too..

                  – Martin Mächler
                  Feb 2 '13 at 17:18






                • 4





                  sux is unmaintained (and removed from Debian/Ubuntu's repositories): packages.qa.debian.org/s/sux/news/20140101T172633Z.html

                  – Rob W
                  Feb 5 '16 at 20:28

















                +1 good answer, no point in reinventing the wheel. Incidentally, sux mostly does what my answer above suggests. It's more powerful and easier to use of course.

                – sleske
                Aug 7 '09 at 12:13





                +1 good answer, no point in reinventing the wheel. Incidentally, sux mostly does what my answer above suggests. It's more powerful and easier to use of course.

                – sleske
                Aug 7 '09 at 12:13













                You may note, that 'sux' indeed is a simple shell script, too..

                – Martin Mächler
                Feb 2 '13 at 17:18





                You may note, that 'sux' indeed is a simple shell script, too..

                – Martin Mächler
                Feb 2 '13 at 17:18




                4




                4





                sux is unmaintained (and removed from Debian/Ubuntu's repositories): packages.qa.debian.org/s/sux/news/20140101T172633Z.html

                – Rob W
                Feb 5 '16 at 20:28





                sux is unmaintained (and removed from Debian/Ubuntu's repositories): packages.qa.debian.org/s/sux/news/20140101T172633Z.html

                – Rob W
                Feb 5 '16 at 20:28











                9














                First: Don't use xhost +, it's rather insecure (blanket allow/deny).



                Rather use the X-Cookie mechanism:



                su user2
                cp /home/user1/.Xauthority /home/user2/.Xauthority
                export DISPLAY=:0


                Alternatively, if you have sux installed, use that (see ehempel's answer).



                In both cases user2 will use the secret cookie in .Xauthority to authorize to the X server, and no one else will have access to it.



                Notes:




                • Depending on your file permissions, you might have to copy .Xauthority in some other way.

                • Instead of copying .Xauthority, you can also use xauth to extract and copy the authorization key (see Randall's answer). If you have multiple keys in the .Xauthority file this is more selective; otherwise it is a matter of taste.






                share|improve this answer


























                • yeah,i have root access on that machine

                  – Phil
                  Aug 6 '09 at 17:52











                • This is just manually copying the xauth cookies via root access. This is no different from using xauth as Randall explains in the (current) top answer, except it copies every cookie that 'xauth list' would show. So this is less secure than the top xauth answer which would only add the cookies you pick.

                  – John Eikenberry
                  Jan 4 '17 at 22:39











                • @JohnEikenberry: True, thanks for pointing this out. I updated my answer.

                  – sleske
                  Feb 16 '17 at 9:43
















                9














                First: Don't use xhost +, it's rather insecure (blanket allow/deny).



                Rather use the X-Cookie mechanism:



                su user2
                cp /home/user1/.Xauthority /home/user2/.Xauthority
                export DISPLAY=:0


                Alternatively, if you have sux installed, use that (see ehempel's answer).



                In both cases user2 will use the secret cookie in .Xauthority to authorize to the X server, and no one else will have access to it.



                Notes:




                • Depending on your file permissions, you might have to copy .Xauthority in some other way.

                • Instead of copying .Xauthority, you can also use xauth to extract and copy the authorization key (see Randall's answer). If you have multiple keys in the .Xauthority file this is more selective; otherwise it is a matter of taste.






                share|improve this answer


























                • yeah,i have root access on that machine

                  – Phil
                  Aug 6 '09 at 17:52











                • This is just manually copying the xauth cookies via root access. This is no different from using xauth as Randall explains in the (current) top answer, except it copies every cookie that 'xauth list' would show. So this is less secure than the top xauth answer which would only add the cookies you pick.

                  – John Eikenberry
                  Jan 4 '17 at 22:39











                • @JohnEikenberry: True, thanks for pointing this out. I updated my answer.

                  – sleske
                  Feb 16 '17 at 9:43














                9












                9








                9







                First: Don't use xhost +, it's rather insecure (blanket allow/deny).



                Rather use the X-Cookie mechanism:



                su user2
                cp /home/user1/.Xauthority /home/user2/.Xauthority
                export DISPLAY=:0


                Alternatively, if you have sux installed, use that (see ehempel's answer).



                In both cases user2 will use the secret cookie in .Xauthority to authorize to the X server, and no one else will have access to it.



                Notes:




                • Depending on your file permissions, you might have to copy .Xauthority in some other way.

                • Instead of copying .Xauthority, you can also use xauth to extract and copy the authorization key (see Randall's answer). If you have multiple keys in the .Xauthority file this is more selective; otherwise it is a matter of taste.






                share|improve this answer















                First: Don't use xhost +, it's rather insecure (blanket allow/deny).



                Rather use the X-Cookie mechanism:



                su user2
                cp /home/user1/.Xauthority /home/user2/.Xauthority
                export DISPLAY=:0


                Alternatively, if you have sux installed, use that (see ehempel's answer).



                In both cases user2 will use the secret cookie in .Xauthority to authorize to the X server, and no one else will have access to it.



                Notes:




                • Depending on your file permissions, you might have to copy .Xauthority in some other way.

                • Instead of copying .Xauthority, you can also use xauth to extract and copy the authorization key (see Randall's answer). If you have multiple keys in the .Xauthority file this is more selective; otherwise it is a matter of taste.







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Feb 16 '17 at 9:50

























                answered Aug 6 '09 at 16:35









                sleskesleske

                8,43232440




                8,43232440













                • yeah,i have root access on that machine

                  – Phil
                  Aug 6 '09 at 17:52











                • This is just manually copying the xauth cookies via root access. This is no different from using xauth as Randall explains in the (current) top answer, except it copies every cookie that 'xauth list' would show. So this is less secure than the top xauth answer which would only add the cookies you pick.

                  – John Eikenberry
                  Jan 4 '17 at 22:39











                • @JohnEikenberry: True, thanks for pointing this out. I updated my answer.

                  – sleske
                  Feb 16 '17 at 9:43



















                • yeah,i have root access on that machine

                  – Phil
                  Aug 6 '09 at 17:52











                • This is just manually copying the xauth cookies via root access. This is no different from using xauth as Randall explains in the (current) top answer, except it copies every cookie that 'xauth list' would show. So this is less secure than the top xauth answer which would only add the cookies you pick.

                  – John Eikenberry
                  Jan 4 '17 at 22:39











                • @JohnEikenberry: True, thanks for pointing this out. I updated my answer.

                  – sleske
                  Feb 16 '17 at 9:43

















                yeah,i have root access on that machine

                – Phil
                Aug 6 '09 at 17:52





                yeah,i have root access on that machine

                – Phil
                Aug 6 '09 at 17:52













                This is just manually copying the xauth cookies via root access. This is no different from using xauth as Randall explains in the (current) top answer, except it copies every cookie that 'xauth list' would show. So this is less secure than the top xauth answer which would only add the cookies you pick.

                – John Eikenberry
                Jan 4 '17 at 22:39





                This is just manually copying the xauth cookies via root access. This is no different from using xauth as Randall explains in the (current) top answer, except it copies every cookie that 'xauth list' would show. So this is less secure than the top xauth answer which would only add the cookies you pick.

                – John Eikenberry
                Jan 4 '17 at 22:39













                @JohnEikenberry: True, thanks for pointing this out. I updated my answer.

                – sleske
                Feb 16 '17 at 9:43





                @JohnEikenberry: True, thanks for pointing this out. I updated my answer.

                – sleske
                Feb 16 '17 at 9:43











                7














                This will fix the problem for all users:



                cat <<EOF > /etc/profile.d/xauth.sh
                #!/sbin/bash
                export XAUTHORITY=~/.Xauthority
                EOF





                share|improve this answer
























                • This is basically what I've done and it works great, thanks!

                  – Guss
                  Jul 20 '11 at 14:32
















                7














                This will fix the problem for all users:



                cat <<EOF > /etc/profile.d/xauth.sh
                #!/sbin/bash
                export XAUTHORITY=~/.Xauthority
                EOF





                share|improve this answer
























                • This is basically what I've done and it works great, thanks!

                  – Guss
                  Jul 20 '11 at 14:32














                7












                7








                7







                This will fix the problem for all users:



                cat <<EOF > /etc/profile.d/xauth.sh
                #!/sbin/bash
                export XAUTHORITY=~/.Xauthority
                EOF





                share|improve this answer













                This will fix the problem for all users:



                cat <<EOF > /etc/profile.d/xauth.sh
                #!/sbin/bash
                export XAUTHORITY=~/.Xauthority
                EOF






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Feb 4 '11 at 18:48









                JMSJMS

                7111




                7111













                • This is basically what I've done and it works great, thanks!

                  – Guss
                  Jul 20 '11 at 14:32



















                • This is basically what I've done and it works great, thanks!

                  – Guss
                  Jul 20 '11 at 14:32

















                This is basically what I've done and it works great, thanks!

                – Guss
                Jul 20 '11 at 14:32





                This is basically what I've done and it works great, thanks!

                – Guss
                Jul 20 '11 at 14:32











                3














                As root:



                xhost local:yourusername


                Where yourusername is your user name :)



                Then do su as your user
                xclock should work if it's installed






                share|improve this answer




























                  3














                  As root:



                  xhost local:yourusername


                  Where yourusername is your user name :)



                  Then do su as your user
                  xclock should work if it's installed






                  share|improve this answer


























                    3












                    3








                    3







                    As root:



                    xhost local:yourusername


                    Where yourusername is your user name :)



                    Then do su as your user
                    xclock should work if it's installed






                    share|improve this answer













                    As root:



                    xhost local:yourusername


                    Where yourusername is your user name :)



                    Then do su as your user
                    xclock should work if it's installed







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Sep 8 '15 at 9:26









                    ACVACV

                    1612




                    1612























                        2














                        These are just hacks:




                        • xauth + (unsecure)

                        • ssh -X user2@localhost (ugly)


                        sleske above has, I think, the proper solution.






                        share|improve this answer
























                        • ssh -X is a very simple and elegant solution, not depending on any deprecated/unmaintained gtk/kde stuff (which require installing more binaries with SUID bit...).

                          – Stefan
                          Mar 10 '18 at 20:52
















                        2














                        These are just hacks:




                        • xauth + (unsecure)

                        • ssh -X user2@localhost (ugly)


                        sleske above has, I think, the proper solution.






                        share|improve this answer
























                        • ssh -X is a very simple and elegant solution, not depending on any deprecated/unmaintained gtk/kde stuff (which require installing more binaries with SUID bit...).

                          – Stefan
                          Mar 10 '18 at 20:52














                        2












                        2








                        2







                        These are just hacks:




                        • xauth + (unsecure)

                        • ssh -X user2@localhost (ugly)


                        sleske above has, I think, the proper solution.






                        share|improve this answer













                        These are just hacks:




                        • xauth + (unsecure)

                        • ssh -X user2@localhost (ugly)


                        sleske above has, I think, the proper solution.







                        share|improve this answer












                        share|improve this answer



                        share|improve this answer










                        answered Aug 6 '09 at 17:55









                        alexalex

                        1,27669




                        1,27669













                        • ssh -X is a very simple and elegant solution, not depending on any deprecated/unmaintained gtk/kde stuff (which require installing more binaries with SUID bit...).

                          – Stefan
                          Mar 10 '18 at 20:52



















                        • ssh -X is a very simple and elegant solution, not depending on any deprecated/unmaintained gtk/kde stuff (which require installing more binaries with SUID bit...).

                          – Stefan
                          Mar 10 '18 at 20:52

















                        ssh -X is a very simple and elegant solution, not depending on any deprecated/unmaintained gtk/kde stuff (which require installing more binaries with SUID bit...).

                        – Stefan
                        Mar 10 '18 at 20:52





                        ssh -X is a very simple and elegant solution, not depending on any deprecated/unmaintained gtk/kde stuff (which require installing more binaries with SUID bit...).

                        – Stefan
                        Mar 10 '18 at 20:52











                        2














                        I found something that works great for me on KDE



                        kdesu -u username /path/to/program





                        share|improve this answer
























                        • On debian part of kde-cli-tools, and not in $PATH but in /usr/lib/x86_64-linux-gnu/libexec/kf5/kdesu (obviously depending on architecture).

                          – Stefan
                          Mar 10 '18 at 20:48
















                        2














                        I found something that works great for me on KDE



                        kdesu -u username /path/to/program





                        share|improve this answer
























                        • On debian part of kde-cli-tools, and not in $PATH but in /usr/lib/x86_64-linux-gnu/libexec/kf5/kdesu (obviously depending on architecture).

                          – Stefan
                          Mar 10 '18 at 20:48














                        2












                        2








                        2







                        I found something that works great for me on KDE



                        kdesu -u username /path/to/program





                        share|improve this answer













                        I found something that works great for me on KDE



                        kdesu -u username /path/to/program






                        share|improve this answer












                        share|improve this answer



                        share|improve this answer










                        answered Aug 6 '09 at 23:44









                        PhilPhil

                        75651731




                        75651731













                        • On debian part of kde-cli-tools, and not in $PATH but in /usr/lib/x86_64-linux-gnu/libexec/kf5/kdesu (obviously depending on architecture).

                          – Stefan
                          Mar 10 '18 at 20:48



















                        • On debian part of kde-cli-tools, and not in $PATH but in /usr/lib/x86_64-linux-gnu/libexec/kf5/kdesu (obviously depending on architecture).

                          – Stefan
                          Mar 10 '18 at 20:48

















                        On debian part of kde-cli-tools, and not in $PATH but in /usr/lib/x86_64-linux-gnu/libexec/kf5/kdesu (obviously depending on architecture).

                        – Stefan
                        Mar 10 '18 at 20:48





                        On debian part of kde-cli-tools, and not in $PATH but in /usr/lib/x86_64-linux-gnu/libexec/kf5/kdesu (obviously depending on architecture).

                        – Stefan
                        Mar 10 '18 at 20:48











                        0














                        This way made in suse/opensuse :
                        http://www.novell.com/support/kb/doc.php?id=7003743



                        Simply modifying the /etc/pam.d/su, adding the option (bold) :




                        session optional pam_xauth.so systemuser=1




                        Then you can switch with su without - :




                        su user2




                        and run the app graphically.






                        share|improve this answer




























                          0














                          This way made in suse/opensuse :
                          http://www.novell.com/support/kb/doc.php?id=7003743



                          Simply modifying the /etc/pam.d/su, adding the option (bold) :




                          session optional pam_xauth.so systemuser=1




                          Then you can switch with su without - :




                          su user2




                          and run the app graphically.






                          share|improve this answer


























                            0












                            0








                            0







                            This way made in suse/opensuse :
                            http://www.novell.com/support/kb/doc.php?id=7003743



                            Simply modifying the /etc/pam.d/su, adding the option (bold) :




                            session optional pam_xauth.so systemuser=1




                            Then you can switch with su without - :




                            su user2




                            and run the app graphically.






                            share|improve this answer













                            This way made in suse/opensuse :
                            http://www.novell.com/support/kb/doc.php?id=7003743



                            Simply modifying the /etc/pam.d/su, adding the option (bold) :




                            session optional pam_xauth.so systemuser=1




                            Then you can switch with su without - :




                            su user2




                            and run the app graphically.







                            share|improve this answer












                            share|improve this answer



                            share|improve this answer










                            answered Jul 25 '13 at 21:26









                            pojempojem

                            1




                            1























                                0














                                Thids is WAY TOO CONVOLUTED for me who just wants to use Synaptic on Bionic Beaver.



                                I try one solution and that leads me to 20 other "things" that don't work as they should so all you have in the end is a bunch of half measures trying to hold the OS together with bubble gum and shoestrings.



                                Who are these people that work for nothing and have probably had very little formal traiing training to maintain and upgrade an OS let alone writing good software that's well tested with no knowledge or understanding of of the whole which ultimately becomes a patch to a patch for a patch. With each release it just gets worse.



                                Same thing happened to Firefox causing them to abandon all those years of effort to become a branch of Chrome. Even Windows isn't all that great but it works well enough to be reliable. If the government hadn't gave them a pass on liability it would be a much better system.



                                Time to face the fact that unpaid software will never be a good solution in a capitalist world.





                                share








                                New contributor




                                CityguyUSA is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                Check out our Code of Conduct.

























                                  0














                                  Thids is WAY TOO CONVOLUTED for me who just wants to use Synaptic on Bionic Beaver.



                                  I try one solution and that leads me to 20 other "things" that don't work as they should so all you have in the end is a bunch of half measures trying to hold the OS together with bubble gum and shoestrings.



                                  Who are these people that work for nothing and have probably had very little formal traiing training to maintain and upgrade an OS let alone writing good software that's well tested with no knowledge or understanding of of the whole which ultimately becomes a patch to a patch for a patch. With each release it just gets worse.



                                  Same thing happened to Firefox causing them to abandon all those years of effort to become a branch of Chrome. Even Windows isn't all that great but it works well enough to be reliable. If the government hadn't gave them a pass on liability it would be a much better system.



                                  Time to face the fact that unpaid software will never be a good solution in a capitalist world.





                                  share








                                  New contributor




                                  CityguyUSA is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                  Check out our Code of Conduct.























                                    0












                                    0








                                    0







                                    Thids is WAY TOO CONVOLUTED for me who just wants to use Synaptic on Bionic Beaver.



                                    I try one solution and that leads me to 20 other "things" that don't work as they should so all you have in the end is a bunch of half measures trying to hold the OS together with bubble gum and shoestrings.



                                    Who are these people that work for nothing and have probably had very little formal traiing training to maintain and upgrade an OS let alone writing good software that's well tested with no knowledge or understanding of of the whole which ultimately becomes a patch to a patch for a patch. With each release it just gets worse.



                                    Same thing happened to Firefox causing them to abandon all those years of effort to become a branch of Chrome. Even Windows isn't all that great but it works well enough to be reliable. If the government hadn't gave them a pass on liability it would be a much better system.



                                    Time to face the fact that unpaid software will never be a good solution in a capitalist world.





                                    share








                                    New contributor




                                    CityguyUSA is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                    Check out our Code of Conduct.










                                    Thids is WAY TOO CONVOLUTED for me who just wants to use Synaptic on Bionic Beaver.



                                    I try one solution and that leads me to 20 other "things" that don't work as they should so all you have in the end is a bunch of half measures trying to hold the OS together with bubble gum and shoestrings.



                                    Who are these people that work for nothing and have probably had very little formal traiing training to maintain and upgrade an OS let alone writing good software that's well tested with no knowledge or understanding of of the whole which ultimately becomes a patch to a patch for a patch. With each release it just gets worse.



                                    Same thing happened to Firefox causing them to abandon all those years of effort to become a branch of Chrome. Even Windows isn't all that great but it works well enough to be reliable. If the government hadn't gave them a pass on liability it would be a much better system.



                                    Time to face the fact that unpaid software will never be a good solution in a capitalist world.






                                    share








                                    New contributor




                                    CityguyUSA is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                    Check out our Code of Conduct.








                                    share


                                    share






                                    New contributor




                                    CityguyUSA is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                    Check out our Code of Conduct.









                                    answered 6 mins ago









                                    CityguyUSACityguyUSA

                                    1




                                    1




                                    New contributor




                                    CityguyUSA is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                    Check out our Code of Conduct.





                                    New contributor





                                    CityguyUSA is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                    Check out our Code of Conduct.






                                    CityguyUSA is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                    Check out our Code of Conduct.























                                        -1














                                        For GNOME (and without any desktop environment really, I use it with icewm only) gksu:



                                        gksu -u username program





                                        share|improve this answer
























                                        • "gksu has been deprecated for years": bugs.debian.org/cgi-bin/bugreport.cgi?bug=867236

                                          – Stefan
                                          Mar 10 '18 at 20:45











                                        • @Stefan note that this Debian bug is about premise that elevating privileges for whole program is bad idea, and that the program should instead be modified to just execute minimal helpers with elevated privileges instead (using PolicyKit). This question (and my answer) is about reducing privileges, which is another thing altogether and in fact good idea (for example, for random browsing I have shortcut that execute firefox under some less privileged account that my default one, so any exploit there can't touch my data - and gksu(8) is quite fine for that)

                                          – Matija Nalis
                                          Mar 12 '18 at 14:40











                                        • All that is fine, but using a deprecated and unmaintained SUID binary is just wrong. This answer might have been useful in the past, but isn't anymore.

                                          – Stefan
                                          Mar 12 '18 at 21:42
















                                        -1














                                        For GNOME (and without any desktop environment really, I use it with icewm only) gksu:



                                        gksu -u username program





                                        share|improve this answer
























                                        • "gksu has been deprecated for years": bugs.debian.org/cgi-bin/bugreport.cgi?bug=867236

                                          – Stefan
                                          Mar 10 '18 at 20:45











                                        • @Stefan note that this Debian bug is about premise that elevating privileges for whole program is bad idea, and that the program should instead be modified to just execute minimal helpers with elevated privileges instead (using PolicyKit). This question (and my answer) is about reducing privileges, which is another thing altogether and in fact good idea (for example, for random browsing I have shortcut that execute firefox under some less privileged account that my default one, so any exploit there can't touch my data - and gksu(8) is quite fine for that)

                                          – Matija Nalis
                                          Mar 12 '18 at 14:40











                                        • All that is fine, but using a deprecated and unmaintained SUID binary is just wrong. This answer might have been useful in the past, but isn't anymore.

                                          – Stefan
                                          Mar 12 '18 at 21:42














                                        -1












                                        -1








                                        -1







                                        For GNOME (and without any desktop environment really, I use it with icewm only) gksu:



                                        gksu -u username program





                                        share|improve this answer













                                        For GNOME (and without any desktop environment really, I use it with icewm only) gksu:



                                        gksu -u username program






                                        share|improve this answer












                                        share|improve this answer



                                        share|improve this answer










                                        answered Sep 27 '17 at 17:59









                                        Matija NalisMatija Nalis

                                        1,8711628




                                        1,8711628













                                        • "gksu has been deprecated for years": bugs.debian.org/cgi-bin/bugreport.cgi?bug=867236

                                          – Stefan
                                          Mar 10 '18 at 20:45











                                        • @Stefan note that this Debian bug is about premise that elevating privileges for whole program is bad idea, and that the program should instead be modified to just execute minimal helpers with elevated privileges instead (using PolicyKit). This question (and my answer) is about reducing privileges, which is another thing altogether and in fact good idea (for example, for random browsing I have shortcut that execute firefox under some less privileged account that my default one, so any exploit there can't touch my data - and gksu(8) is quite fine for that)

                                          – Matija Nalis
                                          Mar 12 '18 at 14:40











                                        • All that is fine, but using a deprecated and unmaintained SUID binary is just wrong. This answer might have been useful in the past, but isn't anymore.

                                          – Stefan
                                          Mar 12 '18 at 21:42



















                                        • "gksu has been deprecated for years": bugs.debian.org/cgi-bin/bugreport.cgi?bug=867236

                                          – Stefan
                                          Mar 10 '18 at 20:45











                                        • @Stefan note that this Debian bug is about premise that elevating privileges for whole program is bad idea, and that the program should instead be modified to just execute minimal helpers with elevated privileges instead (using PolicyKit). This question (and my answer) is about reducing privileges, which is another thing altogether and in fact good idea (for example, for random browsing I have shortcut that execute firefox under some less privileged account that my default one, so any exploit there can't touch my data - and gksu(8) is quite fine for that)

                                          – Matija Nalis
                                          Mar 12 '18 at 14:40











                                        • All that is fine, but using a deprecated and unmaintained SUID binary is just wrong. This answer might have been useful in the past, but isn't anymore.

                                          – Stefan
                                          Mar 12 '18 at 21:42

















                                        "gksu has been deprecated for years": bugs.debian.org/cgi-bin/bugreport.cgi?bug=867236

                                        – Stefan
                                        Mar 10 '18 at 20:45





                                        "gksu has been deprecated for years": bugs.debian.org/cgi-bin/bugreport.cgi?bug=867236

                                        – Stefan
                                        Mar 10 '18 at 20:45













                                        @Stefan note that this Debian bug is about premise that elevating privileges for whole program is bad idea, and that the program should instead be modified to just execute minimal helpers with elevated privileges instead (using PolicyKit). This question (and my answer) is about reducing privileges, which is another thing altogether and in fact good idea (for example, for random browsing I have shortcut that execute firefox under some less privileged account that my default one, so any exploit there can't touch my data - and gksu(8) is quite fine for that)

                                        – Matija Nalis
                                        Mar 12 '18 at 14:40





                                        @Stefan note that this Debian bug is about premise that elevating privileges for whole program is bad idea, and that the program should instead be modified to just execute minimal helpers with elevated privileges instead (using PolicyKit). This question (and my answer) is about reducing privileges, which is another thing altogether and in fact good idea (for example, for random browsing I have shortcut that execute firefox under some less privileged account that my default one, so any exploit there can't touch my data - and gksu(8) is quite fine for that)

                                        – Matija Nalis
                                        Mar 12 '18 at 14:40













                                        All that is fine, but using a deprecated and unmaintained SUID binary is just wrong. This answer might have been useful in the past, but isn't anymore.

                                        – Stefan
                                        Mar 12 '18 at 21:42





                                        All that is fine, but using a deprecated and unmaintained SUID binary is just wrong. This answer might have been useful in the past, but isn't anymore.

                                        – Stefan
                                        Mar 12 '18 at 21:42


















                                        draft saved

                                        draft discarded




















































                                        Thanks for contributing an answer to Server Fault!


                                        • Please be sure to answer the question. Provide details and share your research!

                                        But avoid



                                        • Asking for help, clarification, or responding to other answers.

                                        • Making statements based on opinion; back them up with references or personal experience.


                                        To learn more, see our tips on writing great answers.




                                        draft saved


                                        draft discarded














                                        StackExchange.ready(
                                        function () {
                                        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f51005%2fhow-to-use-xauth-to-run-graphical-application-via-other-user-on-linux%23new-answer', 'question_page');
                                        }
                                        );

                                        Post as a guest















                                        Required, but never shown





















































                                        Required, but never shown














                                        Required, but never shown












                                        Required, but never shown







                                        Required, but never shown

































                                        Required, but never shown














                                        Required, but never shown












                                        Required, but never shown







                                        Required, but never shown







                                        Popular posts from this blog

                                        117736 Шеррод Примітки | Див. також | Посилання | Навігаційне...

                                        As a Security Precaution, the user account has been locked The Next CEO of Stack OverflowMS...

                                        Маріан Котлеба Зміст Життєпис | Політичні погляди |...