In SLE 10, the sudo defaults have been modified to enhance security. Unfortunately this means that some things no longer work the same as we have been used to in SLES 9 for instance. One of the main differences is that graphical applications no longer work by default! In most cases, you also want to prompt the user for their password rather than root’s. Both of these are covered below.
So, run visudo and add the following line at the end of the file:
and change the authentication method to prompt for the user’s password by commenting out these lines:
#Defaults targetpw # ask for the password of the target user i.e. root #ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
and you then try an run xeyes as a normal user, you will see the following:
mark@t43p:~> sudo xeyes Password or swipe finger: Error: Can't open display:
This is because SLE 10 clears almost all of the user’s environment variables before starting the new shell as root to ensure that nothing malicious can be passed through.
To fix this is quite simple. Edit the configuration again and find the following line:
Below this line add the following two lines:
Defaults env_keep=DISPLAY Defaults env_keep+=XAUTHORITY
This instructs sudo to preserve the DISPLAY setting and the security token setting required to write to the display. Save and quit, and try running xeyes again.
mark@t43p:~> sudo xeyes Password or swipe finger:
xeyes will now watch your every move!
If you want to confirm that xeyes is indeed running as root, try the following:
mark@t43p:~> ps auxx | grep xeyes root 16116 0.0 0.0 3368 1568 pts/2 S 11:40 0:00 xeyes
Here I have just used xeyes as an example, but the principle should work for any graphical application.