Search:  
Gentoo Wiki

HOWTO_SUDO_SU_-_in_X11

Warning: There are severe security issues with using the command 'sudo su -'. 'su -' prompts for the root password, 'sudo su -' prompts for the user's password. Allowing users to 'sudo su -' gives them full root privileges.

app-admin/sudo can be configured so that GUI programs will be executed as root in X.

su (with no options) can be configured to allow GUI programs to be executed in an otherwise non-x session.

The command 'su -' (regardless of sudo) starts with an empty environment (as if root had just logged in). Any previous environment variables are lost. The reason this is significant in X11 is because the environment variable $DISPLAY is necessary for X to function properly.

So, to use X11 programs using 'su -' (sudo has no absolutely no effect on this):

Code: shell prompt
 (Prior to executing 'su -')
 
  echo $DISPLAY
  (returns some text, probably ":0.0")
  su -
  export DISPLAY=:0.0
  

This solves the first problem, that of X not knowing where to look for its display.

Another problem lies with X authentication. To add the (presumably current) X authority information to the (now su'ed environment):

Code: shell prompt
 xauth merge ~<user>/.Xauthority
 

You should now be able to run X11 programs as root.

env_keep

If you are about to perform sudo of the X11 application on behalf of the root then you can simply add two values to the existing env_keep variable in the /etc/sudoers:

Code: /etc/sudoers
 
Defaults env_keep = "DISPLAY XAUTHORITY ..."
  

env_reset

Another way is to comment this line in /etc/sudoers:

Code: /etc/sudoers
 
#Defaults       env_reset
  

This will make sure that the environment won't get reset.

Retrieved from "http://www.gentoo-wiki.info/HOWTO_SUDO_SU_-_in_X11"

Last modified: Fri, 05 Sep 2008 10:04:00 +0000 Hits: 6,945