Re: How to transfer X11 auth across sudo invocation
- From: "F. Michael Orr" <michael_orr25@xxxxxxxxx>
- Date: Thu, 28 Feb 2008 16:15:38 -0000
On Thu, 28 Feb 2008 06:31:04 -0800, david.karr wrote:
On Feb 28, 4:11 am, dsharp <sharp.d...@xxxxxxxxx> wrote:
On Feb 27, 3:47 pm, "david.karr" <davidmichaelk...@xxxxxxxxx> wrote:
I connect from my Windows box to a AIX 5.3 box using SecureCRT, which
allows the transfer of X11 packets to my local box.
When I log in as myself into the box, with my local Cygwin-provided X
server running, I can display windows perfectly fine.
However, if after logging in, I then "sudo" to an administrative
account and then try to run something that tries to display windows,
it says that it can't connect.
I tried doing "env | sort" from both my user account and the
administrative account, to compare the differences. On the admin
shell, I set the following env vars from their value on my user
account:
DISPLAY, SSH_AUTH_SOCK, SSH_CLIENT, SSH_CLIENT, SSH_CONNECTION,
SSH_TTY
However, it still fails to connect. I imagine that one of these
variables is "tied" to my user account somehow, and won't work if I
just copy the value over (probably a good idea :) ).
So, what can I do to facilitate this connection from the admin
account to my local box's X server?
When you say you sudo to an admin account, do you mean "su - root" (or
"su -") ? If so, have you tried omitting the dash in the su command
so you don't replace the DISPLAY variable established by SecureCRT with
root's DISPLAY variable? On my AIX box, if I have a working X tunnel
via SSH to my user account and do "su - " then I get the same results
you get, but if I just "su" then I can run x in the root shell.
Doug
Well, that was promising for a moment.
Apparently my company restricts the non-"-" form more than the "-" form.
I have permission to sudo using "-", but when I do it without it, it
says:
Sorry, user <me> is not allowed to execute '/usr/bin/su <admin>' as
root on <hostname>.
What I have done it to resolve this problem is to write my own wrapper
'su' script in my $HOME/bin directory. The important guts of it are:
SUCMD='/usr/bin/su'
NEWSH=`grep "^root" /etc/passwd | awk -F: '{print $7}'`
case $# in
0)
if [ -n "$DISPLAY" ]; then
$SUCMD root -c \
"env DISPLAY=$DISPLAY XAUTHORITY=${HOME}/.Xauthority $NEWSH"
exit $?
else
$SUCMD root
exit $?
fi # END IF [ -N "$DISPLAY" ] ... ELSE
;;
1)
if [ "$1" = "-" ]; then
if [ -n "$DISPLAY" ]; then
$SUCMD - root -c \
"env DISPLAY=$DISPLAY XAUTHORITY=${HOME}/.Xauthority $NEWSH"
exit $?
else
$SUCMD - root
exit $?
fi # END IF [ -N "$DISPLAY" ] ... ELSE
else
$SUCMD $*
exit $?
fi # END IF [ "$1" = "-" ] ... ELSE
;;
2)
if [ "$1" = "-" -a "$2" = "root" ]; then
if [ -n "$DISPLAY" ]; then
$SUCMD - root -c \
"env DISPLAY=$DISPLAY XAUTHORITY=${HOME}/.Xauthority $NEWSH"
exit $?
else
$SUCMD - root
exit $?
fi # END IF [ -N "DISPLAY" ] ... ELSE
else
$SUCMD $*
exit $?
fi # END IF [ "$1" = "-" -A ... ELSE
;;
*)
$SUCMD $*
exit $?
;;
esac
.
- Follow-Ups:
- Re: How to transfer X11 auth across sudo invocation
- From: david.karr
- Re: How to transfer X11 auth across sudo invocation
- References:
- How to transfer X11 auth across sudo invocation
- From: david.karr
- Re: How to transfer X11 auth across sudo invocation
- From: dsharp
- Re: How to transfer X11 auth across sudo invocation
- From: david.karr
- How to transfer X11 auth across sudo invocation
- Prev by Date: Re: How to transfer X11 auth across sudo invocation
- Next by Date: Re: RS/6000 & AIX 5.1 Installation
- Previous by thread: Re: How to transfer X11 auth across sudo invocation
- Next by thread: Re: How to transfer X11 auth across sudo invocation
- Index(es):
Relevant Pages
|
