[SWLUG] How can I run X apps as root?

Telsa Gwynne hobbit at aloss.ukuu.org.uk
Thu Mar 25 15:00:08 UTC 2004 

On Thu, Mar 25, 2004 at 11:22:34AM +0000 or thereabouts, Mark Summerfield wrote:
> Hi,
> 
> Whenever I try to run gvim as root I get this:
> 
> $ vi
> Xlib: connection to ":0.0" refused by server
> Xlib: Client is not authorized to connect to Server
> E233: cannot open displayXlib: connection to ":0.0" refused by server
> Xlib: Client is not authorized to connect to Server
> Xlib: connection to ":0.0" refused by server
> Xlib: Client is not authorized to connect to Server
> Xlib: connection to ":0.0" refused by server
> Xlib: Client is not authorized to connect to Server
> 
> Is there some simple thing I can do to change this? (I'm using
> Debian/stable with KDE.) If the answer is RTFM then which man page?

I bet you were running X as your normal user and su'd to root
in a terminal window? 

X knows that your normal user "owns" the server, and doesn't
see a good reason why any other user should be trying to open
anything which connects to that server.

The far-too-commonly suggested answer is to muck about with
the command "xhost" and allow anyone to open windows on your
display (and trust then that no-one tries to for naughty
purposes). 

I either use sudo or ssh (!) 

sudo requires a bit of setting up but that setting up is
well worth doing anyway. apt-get sudo (I think it's on
Debian anyway). visudoers is the correct way to edit the
/etc/sudoers file. This lists which users are allowed to
do what. You can simply put something like this at the
end

your-username-here  ALL=(ALL) ALL

Then to run root-only commands, you do as your normal user:

sudo vim /etc/whatever
sudo apt-get install whatever
sudo root-command-goes here

And you give _your_ password, not root's, when asked.

man sudoers gives horrible horrible convoluted examples,
but if you want to say "this user can eject the CD" or
"these users are in the admin group" and subsequently
"the admin group can all mount stuff", then you start
needing the convoluted examples. But for a desktop box
with one or two users, the example above should be 
alright.

ssh sounds a demented choice, but ssh can handle X 
forwarding (or something: whatever it is, it lets you do 
stuff as other users on the display you're on.)

RH enables X forwarding by default. I don't think Debian
does. So you need the -X flag. 

I do ssh "root at localhost command-to-run-as root" and give
the root password. You'll probably need "ssh -X root at localhost"

Oh. Just thought. Doesn't KDE have a kdesu command? 
That's probably worth a look, too?

Telsa

More information about the Swlug mailing list