Xforwarding doesn't allow for switching users
Solution 1
- Enable X-11 Forwarding in your client
- Log in as your normal user
echo $DISPLAY
to get the associated displayxauth list
, find the display number which corresponds with what you found in #3 and copy it- Sudo to root
xauth add <paste in what you copied from #4>
- Now you can execute commands as root and will be able to se the X11 Forwarding connection
Solution 2
Before you sudo
, do this:
$ xauth extract /tmp/xauthstuff $DISPLAY
After you sudo
, do this:
# xauth merge /tmp/xauthstuff
Does this work for you?
PS remember to rm /tmp/xauthstuff
afterwards
Solution 3
I don't have access to root account to do any of the above, so here is a work around that I used.
First, ssh to your account like you normally do and test everything is working.
ssh -Y <you>@<your_server>
I usually just fire up an XTerm to ensure I have connectivity. If all good, copy .XAuthority file that is in <you>
home directory and put it in a public directory.
cp ~/.Xauthority /tmp/tempXAuth
Make sure you chmod 777 on that file in the public directory so that the sudo account can use it in the later step.
chmod 777 /tmp/tempXAuth
now sudo to the user you need to do work as
sudo su - <other_user>
once you are <other_user>
, back up the existing .Xauthority and then copy the "good" one over.
cp ~/.Xauthority ~/.Xauthority.bak
cp /tmp/tempXAuth ~/.Xauthority
you should be able to run any X programs and have them authenticate with your current XServer session.
Solution 4
Before you sudo su user2
check the permissions on your $XAUTHORITY:
echo $XAUTHORITY
ls -l $XAUTHORITY
If after switching user you still reference the same $XAUTHORITY but have lost permissions to the file, then this will break X11 forwarding.
In my case a quick solution was to adjust the file permissions on the $XAUTHORITY file before switching user.
Keep in mind that if users you don't trust gain access to your $XAUTHORITY file this could be a security issue.
Related videos on Youtube
Jarvin
Updated on September 17, 2022Comments
-
Jarvin over 1 year
I'm ssh'd into a remote computer and xforwarding is working fine... but as soon as I "sudo su -" or "sudo su user2" it no longer Xforwards anything giving me the error:
X11 connection rejected because of wrong authentication. xterm Xt error: Can't open display: localhost:10.0
Any Ideas?
Thanks
-
quack quixote about 14 yearsthis is more due to X permissions than X forwarding -- the user you've logged into with SSH has permission to connect to the X display, but when you switch users with 'sudo' the user you're switching to doesn't have those permissions.
-
Jarvin about 14 yearsThere should be a work around though... I have root access, I should be able to run an X11-forwarded app as a different user. How do I get it to work?
-
-
djb about 13 yearsI tried that command and it failed: $ xauth extract /tmp/xauthstuff $DISPLAY No matches found, authority file "/tmp/xauthstuff" not written Ideas?
-
tzot over 11 yearsWhat does
echo $DISPLAY
produce? -
djb over 10 yearsDISPLAY has the value localhost:10.0