Run X applications as another user under Linux

0

Visiting the old topic of running X applications as another user under Linux, as the solution had always been "to use gksu" to me, but today, when I need it and tried it, it doesn't work.

Following What Is gksu And Why Would You Use It, I tried, 

gksu -u otherusername xterm

After passing the dialog that asks for the password, I got:

$ gksu -u otherusername xterm
xterm: Xt error: Can't open display: :2

I.e., it doesn't work for me. So,

How to run X applications as another user under Linux? Thx.

PS, this is Ubuntu 17.04:

$ lsb_release -a 
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 17.04
Release:        17.04
Codename:       zesty

xpt

Posted 2018-01-01T17:43:32.310

Reputation: 5 548

What kind of X authorization does your distribution use (read up on xauth)? You must authorize the "other use" to use the display of the "first user". – dirkt – 2018-01-02T08:49:51.657

Yes I use xauth, and no, I don't know how to authorize the "other use" to use the display of the "first user", please help @dirkt, that must be the missing piece to the answer. Thx! – xpt – 2018-01-02T13:52:50.533

Answers

1

Ubuntu 17, right? Are you sure you are actually running Xorg, and not Wayland? (i.e. does ps auxfww actually shows a program called X running?)

If you are running Wayland-- which you would be by default: accessing the display from root user is not allowed due to a security feature (cough)(cough). They said you could work around by running this command before attempting to run gksu:

xhost si:localuser:root

Another way is to just start your Ubuntu system with conventional Xorg display system; you can set this at login, I think.

I never used Ubuntu 17 though, and definitely not a Wayland user. This is probably one of the reasons that Ubuntu 18/LTS will go back to use classic Xorg by default.

Important note: If otherusername of yours is not root, no matter that you're using Wayland or classic Xorg, you need to run following command before running your program via gksu:

xhost si:localuser:otherusername

UPDATE:

The above solution is not working for Ubuntu 17.04 Xorg out of the box:

$ xhost si:localuser:root
localuser:root being added to access control list
X Error of failed request:  BadValue (integer parameter out of range for operation)
  Major opcode of failed request:  109 (X_ChangeHosts)
  Value in failed request:  0xe
  Serial number of failed request:  7
  Current serial number in output stream:  9

It looks like that Ubuntu Xorg "server is not built with SECURE_RPC support, so attempting to add a FamilyNetname (0xfe) host fails."

So no out of the box solution for Ubuntu yet (but this remains as the answer until a working one exist).

xwindows -on strike-

Posted 2018-01-01T17:43:32.310

Reputation: 214

Ubuntu 17.04, not Ubuntu 17.10, and yes it is definitely Xorg. Never knew xhost can be used that way -- only know the xhost +, which is deemed to be unsafe. Thanks for the answer xwindows! Welcome aboard, with my +25, :-) – xpt – 2018-03-02T01:10:52.990

I finally get a chance to test it, but it is not working for me. I took the liberty to update your answer to explain it. – xpt – 2018-03-19T21:28:32.487

0

Check your DISPLAY environment variable; it looks like the new user is trying to use display :2, which probably doesn't have an X server attached.

You can try something like: export DISPLAY=localhost:0.0, which should tell otherusername's X application to use the current user's X server. (I'm pretty sure this is a hack, because this variable should be configured correctly without having to set it, some more details here.)

trapezoid

Posted 2018-01-01T17:43:32.310

Reputation: 177

My DISPLAY *is* DISPLAY=':2', believe it or not but I'm not going to explain my complicated setup, so in short, export DISPLAY=localhost:0.0 won't cut it, as DISPLAY=':2' is working fine for all my own X apps. But thanks for helping though. – xpt – 2018-01-03T01:10:51.617

-1

  1. assign the password to this otheruser. on behalf of the superuser:

    passwd otheruser

  2. If the sudo program is installed, add the following line to /etc/sudoers, for example:

    user ALL = (otheruser) ALL

this will allow the user to execute any programs / commands on behalf of the user otheruser:

`$ sudo -u otheruser xterm`

The user's user password will be requested.

can be done without a password request by adding the NOPASSWD directive: to the above line:

user ALL = (otheruser) NOPASSWD: ALL

original - https://ru.stackoverflow.com/questions/473607/%D0%92%D1%8B%D0%BF%D0%BE%D0%BB%D0%BD%D0%B5%D0%BD%D0%B8%D0%B5-%D0%BA%D0%BE%D0%BC%D0%B0%D0%BD%D0%B4%D1%8B-%D0%BE%D1%82-%D0%B4%D1%80%D1%83%D0%B3%D0%BE%D0%B3%D0%BE-%D0%BF%D0%BE%D0%BB%D1%8C%D0%B7%D0%BE%D0%B2%D0%B0%D1%82%D0%B5%D0%BB%D1%8F

Many help additional flags -c or -p

Alex_Krug

Posted 2018-01-01T17:43:32.310

Reputation: 175

2The problem is X authorization ("can't open display"), which your answer doesn't address at all ... – dirkt – 2018-01-02T08:48:54.713

Asked: 2018-01-01T17:43:32.310

Viewed: 1 362 times

Active: 2018-03-19T21:32:07.727