Re: How to transfer X11 auth across sudo invocation
- From: dsharp <sharp.doug@xxxxxxxxx>
- Date: Thu, 28 Feb 2008 10:19:13 -0800 (PST)
On Feb 28, 9:31 am, "david.karr" <davidmichaelk...@xxxxxxxxx> wrote:
On Feb 28, 4:11 am, dsharp <sharp.d...@xxxxxxxxx> wrote:
On Feb 27, 3:47 pm, "david.karr" <davidmichaelk...@xxxxxxxxx> wrote:
I connect from my Windows box to a AIX 5.3 box using SecureCRT, which
allows the transfer of X11 packets to my local box.
When I log in as myself into the box, with my local Cygwin-provided X
server running, I can display windows perfectly fine.
However, if after logging in, I then "sudo" to an administrative
account and then try to run something that tries to display windows,
it says that it can't connect.
I tried doing "env | sort" from both my user account and the
administrative account, to compare the differences. On the admin
shell, I set the following env vars from their value on my user
account:
DISPLAY, SSH_AUTH_SOCK, SSH_CLIENT, SSH_CLIENT, SSH_CONNECTION,
SSH_TTY
However, it still fails to connect. I imagine that one of these
variables is "tied" to my user account somehow, and won't work if I
just copy the value over (probably a good idea :) ).
So, what can I do to facilitate this connection from the admin account
to my local box's X server?
When you say you sudo to an admin account, do you mean "su - root" (or
"su -") ? If so, have you tried omitting the dash in the su command
so you don't replace the DISPLAY variable established by SecureCRT
with root's DISPLAY variable? On my AIX box, if I have a working X
tunnel via SSH to my user account and do "su - " then I get the same
results you get, but if I just "su" then I can run x in the root
shell.
Doug
Well, that was promising for a moment.
Apparently my company restricts the non-"-" form more than the "-"
form. I have permission to sudo using "-", but when I do it without
it, it says:
Sorry, user <me> is not allowed to execute '/usr/bin/su <admin>' as
root on <hostname>.
There is a setting in the sudoers config file that controls how env
variables are passed when you run sudo. Maybe the person that manages
your sudoers file can change it for you. See the info about env_keep
and related env info here:
http://www.gratisoft.us/sudo/man/sudoers.html or the comments in the
sudoers file itself. I've used env_keep to manage unusual env
variables for non-root users using sudo on Linux. I manage sudo on
AIX but I haven't used this feature there, so it's possible the AIX
impl doesn't support it. On Linux, for example, the following is a
default:
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC
KDEDIR \
LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
LANG LC_ADDRESS LC_CTYPE LC_COLLATE
LC_IDENTIFICATION \
LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME
LC_NUMERIC \
LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE
LINGUAS \
_XKB_CHARSET XAUTHORITY"
Doug
.
- References:
- How to transfer X11 auth across sudo invocation
- From: david.karr
- Re: How to transfer X11 auth across sudo invocation
- From: dsharp
- Re: How to transfer X11 auth across sudo invocation
- From: david.karr
- How to transfer X11 auth across sudo invocation
- Prev by Date: Re: How to transfer X11 auth across sudo invocation
- Next by Date: Re: How to transfer X11 auth across sudo invocation
- Previous by thread: Re: How to transfer X11 auth across sudo invocation
- Next by thread: Re: How to transfer X11 auth across sudo invocation
- Index(es):
Relevant Pages
|
