using sudo on GUI applications
18,631
Solution 1
This looks like an intentional configuration in Arch Linux. See this for discussion with links to solutions.
The best tip there seems to be adding "DISPLAY XAUTHORITY" to to the "env_keep" defaults in /etc/sudoers.
Fedora has in /etc/sudoers the following and this allows sudo somexapp to succeed.
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Solution 2
Graphical programs should not be run with sudo. The correct way is to use kdesudo in KDE for running GUI programs as root, or gksu in GNOME.
Running graphical programs as root has the potential to cause serious issues, that is why the wrappers are provided. Read this Arch mailing list thread for a serious issue that you could encounter trying to trick sudo into launching a GUI app.
Related videos on Youtube
19 : 14
How To Launch a GUI App on Linux as root via sudo
23 : 40
Why Use The Terminal Instead of GUI Apps?
01 : 43
Start GUI-Application in Docker Container with sudo
02 : 45
Unix & Linux: Using sudo on GUI applications (2 Solutions!!)
02 : 06
Why can't I run GUI apps with sudo from crontab when I can with sudo: "No protocol specified"?
Author by
Falmarri
Updated on September 17, 2022Comments
-
Falmarri over 1 year
When I was using kubuntu, I could always open X applications with sudo,
sudo katefor example. Now that I've switched to arch that doesn't work. I know I've always been told to use kdesu, but what setting is there in kubuntu that lets me use sudo on X apps that prevents me from doing it on arch?Edit:
Sorry, I did myself what I hate so much >_<This is what I'm trying to do:
[falmarri@falmarri-z-arch Downloads]$ sudo kate Password: No protocol specified kate: cannot connect to X server :0.0
Note this is just a regular terminal session using konsole, I'm not using SSH
/etc/sudoers:
## sudoers file. ## ## This file MUST be edited with the 'visudo' command as root. ## Failure to use 'visudo' may result in syntax or file permission errors ## that prevent sudo from running. ## ## See the sudoers man page for the details on how to write a sudoers file. ## ## ## Host alias specification ## ## Groups of machines. These may include host names (optionally with wildcards), ## IP addresses, network numbers or netgroups. # Host_Alias WEBSERVERS = www1, www2, www3 ## ## User alias specification ## ## Groups of users. These may consist of user names, uids, Unix groups, ## or netgroups. # User_Alias ADMINS = millert, dowdy, mikef ## ## Cmnd alias specification ## ## Groups of commands. Often used to group related commands together. # Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ # /usr/bin/pkill, /usr/bin/top ## ## Defaults specification ## ## You may wish to keep some of the following environment variables ## when running commands via sudo. ## ## Locale settings # Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" ## ## Run X applications through sudo; HOME is used to find the ## .Xauthority file. Note that other programs use HOME to find ## configuration files and this may lead to privilege escalation! Defaults env_keep += "HOME" ## ## X11 resource path settings Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" ## ## Desktop path settings Defaults env_keep += "QTDIR KDEDIR" ## ## Allow sudo-run commands to inherit the callers' ConsoleKit session # Defaults env_keep += "XDG_SESSION_COOKIE" ## ## Uncomment to enable special input methods. Care should be taken as ## this may allow users to subvert the command being run via sudo. Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" ## ## Uncomment to enable logging of a command's output, except for ## sudoreplay and reboot. Use sudoreplay to play back logged sessions. # Defaults log_output # Defaults!/usr/bin/sudoreplay !log_output # Defaults!/usr/local/bin/sudoreplay !log_output # Defaults!/sbin/reboot !log_output ## ## Runas alias specification ## Defaults:falmarri timestamp_timeout=10 ## ## User privilege specification ## root ALL=(ALL) ALL ## Uncomment to allow members of group wheel to execute any command %wheel ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL ## Uncomment to allow members of group sudo to execute any command # %sudo ALL=(ALL) ALL ## Uncomment to allow any user to run sudo if they know the password ## of the user they are running the command as (root by default). # Defaults targetpw # Ask for the password of the target user # ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' ## Read drop-in files from /etc/sudoers.d ## (the '#' here does not indicate a comment) #includedir /etc/sudoers.d
-
sepp2k over 13 yearsDefine "doesn't work". What error do you get? Have you setup
sudoproperly? Can you start non-GUI apps usingsudo? -
xenoterracide over 13 yearsps. you could also try an app called
suxwhich is basically "su with X"
-
-
Falmarri over 13 yearsI read the /etc/sudoers file and it did mention the fact that this was a feature. I uncommented the lines it told me to but it's still not working. I posted my /etc/sudoers file in my question.
-
Uri Cohen over 13 yearsI added the Fedora settings to my answer. I think you still miss DISPLAY and XAUTHORITY in your posted file. -
Falmarri over 13 yearsActually it seems to work now. I'm not sure if I just forgot to save or something. Thanks =]
-
Falmarri over 13 yearsI'm confused what that thread was saying. Is it only an issue when running X as root? I've never had a problem running sudo from an X session
-
Martin over 13 yearsRunning GUI apps as root with sudo can potentially change files to be owned by root. One particularly nasty file this can happen to is
~/.ICEauthority. This can prevent you from login in. Google "ICEauthority" and you'll see that the results are full of people who can't log in to their systems because the file became owned by root. I just picked that one as it is on Arch, the user's OS.
