How can I switch user in a shell and use the existing gnome display session?
If you want to allow user bob
to access your existing X session from
the command line, you can enter these commands at the terminal prompt:
xauth nextract - $DISPLAY | sudo -u bob xauth nmerge -
Thius uses the xauth command to
extract the authentication information for the current user (first
part of the command, before the |
) and then merge it into user
bob
's $HOME/.Xauthority
file. Note that it requires
/etc/sudoers
to be configured so that you are allowed to run
commands as user bob
(this is the default if you're the admin user
on a Ubuntu box).
You can then switch to user bob
with su -l
.
Alternatively, you can issue these separate commands:
xauth nextract - $DISPLAY > /tmp/xauth.temporary.file
su -l bob -c 'xauth nmerge - < /tmp/xauth.temporary.file'
rm /tmp/xauth.temporary.file
Note that:
1) the temporary file must have permissions such that user bob
can
read it (which often means that any user on the system can read
it);
2) there is a time window during which any user that can read the temporary file can get access to your X display.
Therefore, it is better to use the sudo
approach as it does not have
these downsides.
Related videos on Youtube
jefe goode
Updated on September 18, 2022Comments
-
jefe goode over 1 year
If I switch user in a terminal.
su bob
I can't open
gedit
becausebob
doesn't own the display.If I execute
xhost +
before switching to
bob
I can open the display for some applications but not all. I get the following output when trying to executegedit
:(crashreporter:4415): GnomeUI-WARNING *: While connecting to session manager: None of the authentication protocols specified are supported.
* GLib-GIO:ERROR:/build/buildd/glib2.0-2.28.6/./gio/gdbusconnection.c:2279:initable_init: assertion failed: (connection->initialization_error == NULL)-
Oxwivi almost 13 yearsTry command line editors like
nano
. -
jefe goode almost 13 years@Oxwivi Sure, and I do use
nano
a lot but in this casegedit
is just one of the GUI applications I wasn't able to open. -
Oxwivi almost 13 yearsThe only program you can't open as another user? You should include it in the question.
-
Riccardo Murri almost 13 yearsTry to avoid
xhost +
if you're on a networked computer, as that disables X security and gives anyone on the network permission to connect to your X display and do things like reading your keyboard from remote... -
jefe goode almost 13 years@Oxwivi It could also be
firefox
, that doesn't work either, it's just in general, I want to be able to do this.gedit
was a poor example, you are right about that.
-
-
jefe goode almost 13 yearsI got this to work, but: su: must be run from a terminal
-
Riccardo Murri almost 13 years@z7sg: Yes, of course it must be run in a terminal. Isn't that what your question is about? How to switch to another user in a terminal and still be able to launch X applications from that same terminal?
-
jefe goode almost 13 years@Ricardo Yes, but
su
doesn't like being run from a pipe. It's a security issue. -
Riccardo Murri almost 13 years@z7sg Oh, I see. You're right, but you can use
sudo
instead ofsu
and not run into this problem. I'll edit my answer with details. -
djb over 10 yearsFrom my desktop running xubuntu, I run ssh -X otherhost. From that host, DISPLAY is "localhost:10.0". When I try xauth extract - $DISPLAY I get an error, No matches found, authority file "-" not written
-
Riccardo Murri over 10 years@djb You should not need to do any
xauth
magic:ssh
already handles the details for you. -
djb over 10 yearsThanks, @RiccardoMurri - I left out something. From my desktop, I ssh -X somehost to login as myself and X works. From there, I want to sudo and have that command use my desktop display. But after doing ssh -X, the remote shell has DISPLAY set to a local proxy (localhost:10.0 for example) and this can't be passed to sudu (or other su userid commands). The pipeline above fails because localhost is not known to xauth. But this works: [[ xauth nextract - ${DISPLAY/localhost/$(hostname)/unix} | sudo xauth nmerge - ]] followed by sudo xcommand . I must change localhost to $(hostname)/unix for xauth