Re: How to transfer X11 auth across sudo invocation

On Feb 28, 4:11 am, dsharp <sharp.d...@xxxxxxxxx> wrote:
On Feb 27, 3:47 pm, "david.karr" <davidmichaelk...@xxxxxxxxx> wrote:



I connect from my Windows box to a AIX 5.3 box using SecureCRT, which
allows the transfer of X11 packets to my local box.

When I log in as myself into the box, with my local Cygwin-provided X
server running, I can display windows perfectly fine.

However, if after logging in, I then "sudo" to an administrative
account and then try to run something that tries to display windows,
it says that it can't connect.

I tried doing "env | sort" from both my user account and the
administrative account, to compare the differences. On the admin
shell, I set the following env vars from their value on my user
account:

DISPLAY, SSH_AUTH_SOCK, SSH_CLIENT, SSH_CLIENT, SSH_CONNECTION,
SSH_TTY

However, it still fails to connect. I imagine that one of these
variables is "tied" to my user account somehow, and won't work if I
just copy the value over (probably a good idea :) ).

So, what can I do to facilitate this connection from the admin account
to my local box's X server?

When you say you sudo to an admin account, do you mean "su - root" (or
"su -") ? If so, have you tried omitting the dash in the su command
so you don't replace the DISPLAY variable established by SecureCRT
with root's DISPLAY variable? On my AIX box, if I have a working X
tunnel via SSH to my user account and do "su - " then I get the same
results you get, but if I just "su" then I can run x in the root
shell.

Doug

Well, that was promising for a moment.

Apparently my company restricts the non-"-" form more than the "-"
form. I have permission to sudo using "-", but when I do it without
it, it says:

Sorry, user <me> is not allowed to execute '/usr/bin/su <admin>' as
root on <hostname>.
.

Relevant Pages