13

With the coming 14.04 release sux (wrapper around su which will transfer your X credentials) is no longer included in Ubuntu. (I think it is being removed because it is being pulled from Debian, because of no maintenance of the original code.)

I'm looking for simple alternatives, not something that requires you to mess around with config-files or run sshd locally.

Seth
  • 58,122
Søren
  • 144
  • 1
  • 12
  • Reviewers: This is not off-topic, it has nothing to do with 14.04. – Seth Mar 03 '14 at 05:03
  • Do you really need this? If your sudoers options are setup just so (i.e. so that sudo preserves HOME when changing identities), it should not be necessary to do anything special with .Xauthority. That's how my laptop is configured, and I never use sux... just 'sudo {command}' – Stabledog Mar 03 '14 at 06:30
  • @Stabledog how would that work? Where would I set that up? Is there a sudo config file?

    My goal is to log in to the desktop of user A, and then get a terminal as user B, where all x is going through to the desktop. Hope that makes sence...

    Example of what I could do now with sux, that I need alternatives for:

    User A logs in and opens terminal A@desktop:~$ sux - B B@desktop:~$ firefox

    Firefox opens, but with user B's settings, bookmarks and file acces to user B's home directory.

     – Søren Mar 04 '14 at 07:12
  • Yeah, I do that sort of thing all the time. There are 2 things to understand: ~/.Xauthority for the "outer" user needs to become the .Xauthority for the inner user too, and the DISPLAY variable setup by ssh needs to match in the inner shell. So you could, for example, copy the ~/.Xauthority file from '/home/tom' to /home/jerry, fixup the permissions, set the DISPLAY value in the 'jerry' shell. When launching an X program as jerry, the DISPLAY value would tell the X libs how to find the display, and the .Xauthority file in /home/jerry would give it the auth data. – Stabledog Mar 05 '14 at 02:52
  • But that's messy to do on each login. It's cleaner to fixup your /etc/sudoers so that the HOME and DISPLAY values of tom are preserved when he does a 'sudo -u jerry bash' to open a shell as jerry. There are comments in sudoers which explain how to propagate environment variables across a sudo call. Be sure to use visudo when editing sudeors so you don't lock yourself out of the machine if you screw up! – Stabledog Mar 05 '14 at 02:54
  • Thispage might help you as well: Running X apps as root. – Totor Sep 14 '16 at 00:27

2 Answers2

10

I've been very sad too to see that there were no easy alternative to sux at first, but ended with this:

  1. In /etc/pam.d/su, to forward xauth keys between users when calling su, add:

    session  optional  pam_xauth.so

  2. In ~olivier/.bashrc: 

    export $(dbus-launch)

    (Not sure it is actually needed.)

  3. And then a simple su olivier from my logged-in user.

Eliah Kagan
  • 117,780
olivm
  • 124
-1
  • Download sux from here http://fgouget.free.fr/index-en.shtml
  • Copy sux to directory in your path (/usr/local/bin for example)
  • Change permissions to executable (chmod 755 sux), i don't know if these permissions are the ritgh ones
  • Replace /bin/sh for /bin/bash

Mi system is debian 10

Regards

user999562
  • 1
  • 2
    Hello and welcome to AskUbuntu. As the domain name suggests, this site is about Ubuntu. Does your solution solution work on Ubuntu? Why does it required the replacement of /bin/sh with /bin/bash? – Simon Sudler Sep 25 '19 at 19:18
  • @SimonSudler I never used sux, no need to change to #!/bin/bash. To see what is happening, I added set -x on the top of the file, and echo "$TERM" |tr ";" "\n" just before the last su command, to see the final command for: sux.sh -l user2 -c xterm. It is exec su -l -c eval $TERM; exec env TERM='xterm-256color' DISPLAY=':1' "user2" "-c" "xterm". It depends on var TERM that is xauth -q remove :1 2>/dev/null;echo "..." | xauth nmerge - (the "..." is a lot of hex data). As it is not updated (?) since 2001, I wonder if nothing changed to the way it should be done? – Aquarius Power Sep 19 '21 at 22:46