X Forwarding and sudo

When working with remote systems via the command line through SSH, it's handy to forward X (Linux GUI Windows) as well so you can also start graphical programs.

However, you have problems when combining this with the sudo command when launching graphical apps as another person. When that other person isn't root, you can't access your Xauthority credentials and can't launch graphical apps

One answer is to:
  • ssh -X you@your.server.com
  • xauth list
  • ( copy the bottom line, that is usually the correct one.)
  • sudo -i -u someone
  • xauth add (and insert the copied line here)
If you don't like all that typing, another way is to add this to the bottom of your .bash_profile file. Note: this is specific to a user ID'd as 'tdiuser'. You could make it more general if you were sudo'ing to multiple accounts.
  • ssh -X you@your.server.com
  • vim ~/.bash_profile
  • Add the following:
[ -n "$XAUTHORITY" ] || XAUTHORITY="$HOME/.Xauthority"
export XAUTHORITY

setfacl -m user:tdiuser:x $HOME
setfacl -m user:tdiuser:r $XAUTHORITY

Note: If you're just logging into a remote system and issuing the commands as root i.e. sudo command then you can leave off the setfacl altogether.

Comments