9.4.12 Getting root in X
If a GUI program needs to be run with root privilege, use the following
procedures to display program output on a user's X server. Never
attempt to start an X server directly from the root account in order
to avoid possible security risks.
Start the X server as a normal user and open an
$ export XAUTHORITY
$ su root
# printtool &
When using this trick to
su to a non-root user, make sure
~/.Xauthority is group readable by this non-root user.
To automate this command sequence, create a file
the user's account, containing the following lines:
# This makes X work when I su to the root account.
if [ -z "$XAUTHORITY" ]; then
# If a particular window/session manager is desired, uncomment
# the following and edit it to fit your needs.
# This starts x-window/session-manager program
if [ -z "$XSTARTUP" ]; then
if [ -x /usr/bin/x-session-manager ]; then
elif [ -x /usr/bin/x-window-manager ]; then
elif [ -x /usr/bin/x-terminal-emulator ]; then
# execute auto selected X window/session manager
su (not su -) in an
window of the user. Now GUI programs started from this
display output on this user's X window while running with root privilege. This
trick works as long as the default
/etc/X11/Xsession is executed.
If a user set up his customization using
~/.xsession, the above mentioned environment variable
XAUTHORITY needs to be set similarly in those scripts.
sudo can be used to automate the command sequence:
$ sudo xterm
$ sudo -H -s
/root/.bashrc should contain:
if [ $SUDO_USER ]; then
sudo -H -u $SUDO_USER xauth extract - $DISPLAY | xauth merge -
This works fine even with the home directory of the user on an NFS mount,
because root does not read the
There are also several specialized packages for this purpose:
xsu. Some other methods can be used
to achieve similar results: creating a symlink from
/root/.Xauthority to the user's corresponding one; use of the
sux; or putting
"xauth merge ~USER_RUNNING_X/.Xauthority" in
the root initialization script.
See more on the