SUSE Conversations


How to get Graphical Applications working with sudo in SLE 10

mrlinux

By: mrlinux

December 21, 2007 6:49 pm

Reads:1088

Comments:3

Rating:0

In SLE 10, the sudo defaults have been modified to enhance security. Unfortunately this means that some things no longer work the same as we have been used to in SLES 9 for instance. One of the main differences is that graphical applications no longer work by default! In most cases, you also want to prompt the user for their password rather than root’s. Both of these are covered below.

So, run visudo and add the following line at the end of the file:

%users ALL=/usr/X11R6/bin/xeyes

and change the authentication method to prompt for the user’s password by commenting out these lines:

#Defaults targetpw    # ask for the password of the target user i.e. root
#ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!

and you then try an run xeyes as a normal user, you will see the following:

mark@t43p:~> sudo xeyes
Password or swipe finger:
Error: Can't open display:

This is because SLE 10 clears almost all of the user’s environment variables before starting the new shell as root to ensure that nothing malicious can be passed through.

To fix this is quite simple. Edit the configuration again and find the following line:

Defaults env_reset

Below this line add the following two lines:

Defaults env_keep=DISPLAY
Defaults env_keep+=XAUTHORITY

This instructs sudo to preserve the DISPLAY setting and the security token setting required to write to the display. Save and quit, and try running xeyes again.

mark@t43p:~> sudo xeyes
Password or swipe finger:

xeyes will now watch your every move!

If you want to confirm that xeyes is indeed running as root, try the following:

mark@t43p:~> ps auxx | grep xeyes
root     16116  0.0  0.0   3368  1568 pts/2    S    11:40   0:00 xeyes

Here I have just used xeyes as an example, but the principle should work for any graphical application.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags:
Categories: SUSE Linux Enterprise Desktop, SUSE Linux Enterprise Server, Technical Solutions

Disclaimer: As with everything else at SUSE Conversations, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

3 Comments

  1. By:jmarton

    You can always use gnomesu (or kdesu) to launch graphical apps as the root user. For example:

    gnomesu /sbin/yast2

  2. By:MarkCRobinson

    Yes, but then you need to know the root password. With sudo configured like this, you have to enter your password not root’s…

  3. By:odie_lif

    don’t want my users to know the root password, and still the need to run x-apps sometime…

Comment

RSS