Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




Debian GNU/Linux Reference Guide
Prev Home Next

9.4.12 Getting root in X

If a GUI program needs to be run with root privilege, use the following procedures to display program output on a user's X server. Never attempt to start an X server directly from the root account in order to avoid possible security risks.

Start the X server as a normal user and open an xterm console. Then:

     $ XAUTHORITY=$HOME/.Xauthority
     $ export XAUTHORITY
     $ su root
     # printtool &

When using this trick to su to a non-root user, make sure ~/.Xauthority is group readable by this non-root user.

To automate this command sequence, create a file ~/.xsession from the user's account, containing the following lines:

     # This makes X work when I su to the root account.
     if [ -z "$XAUTHORITY" ]; then
             export XAUTHORITY
     unset XSTARTUP
     # If a particular window/session manager is desired, uncomment
     # the following and edit it to fit your needs.
     # This starts x-window/session-manager program
     if [ -z "$XSTARTUP" ]; then
       if [ -x /usr/bin/x-session-manager ]; then
       elif [ -x /usr/bin/x-window-manager ]; then
       elif [ -x /usr/bin/x-terminal-emulator ]; then
     # execute auto selected X window/session manager
     exec $XSTARTUP

Then run su (not su -) in an xterm window of the user. Now GUI programs started from this xterm can display output on this user's X window while running with root privilege. This trick works as long as the default /etc/X11/Xsession is executed. If a user set up his customization using ~/.xinitrc or ~/.xsession, the above mentioned environment variable XAUTHORITY needs to be set similarly in those scripts.

Alternatively, sudo can be used to automate the command sequence:

     $ sudo xterm
     ... or
     $ sudo -H -s

Here /root/.bashrc should contain:

     if [ $SUDO_USER ]; then
         sudo -H -u $SUDO_USER xauth extract - $DISPLAY | xauth merge -

This works fine even with the home directory of the user on an NFS mount, because root does not read the .Xauthority file.

There are also several specialized packages for this purpose: kdesu, gksu, gksudo, gnome-sudo, and xsu. Some other methods can be used to achieve similar results: creating a symlink from /root/.Xauthority to the user's corresponding one; use of the script sux; or putting "xauth merge ~USER_RUNNING_X/.Xauthority" in the root initialization script.

See more on the debian-devel mailing list.

Debian GNU/Linux Reference Guide
Prev Home Next

  Published under the terms of the GNU General Public License Design by Interspire