David Wright wrote on 05/26/2015 04:16 PM: > When I ssh to a remote machine as myself, DISPLAY is set to localhost:10.0 > (11, 12, etc) and AIUI X clients find my local X server through the > encrypted ssh connection. Because the authority file on the remote > host is in its standard location, namely ~/.Xauthority, the parameter > XAUTHORITY is left unset. > > If I now switch to root (I don't use sudo for this, but /bin/su -) > root needs to be given XAUTHORITY=/home/foo/.Xauthority so it can > find that file, eg, > # XAUTHORITY=/home/foo/.Xauthority xeyes > > So I think what you need to do is set XAUTHORITY (redundantly) for > youself when you ssh, and then it will get passed to root because > of -E. Or you can pass it just like HOME, but that's more typing. > If I understand you correctly, I think that you are saying that: n7dr@shack:~$ AUTHORITY=/home/n7dr/.Xauthority HOME=/root sudo -E xterm should work (although I admit that I don't understand I'm why it should work, since /home/n7dr/.Xauthority is identical to /root/.Xauthority). Anyway; unfortunately: n7dr@shack:~$ AUTHORITY=/home/n7dr/.Xauthority HOME=/root sudo -E xterm X11 connection rejected because of wrong authentication. > However, I have to point out that I never run graphical clients as > root because I don't trust them. Fair enough, but the machine in question is on a private network and I have been doing this (in particular, ssh + synaptic for package control) for more years and distributions than I care to admit, so I very much want to continue to do so. This is the first time I've found that I can't do it by default after installing a new distro. Which is fine; I understand that this protection is a configuration decision by debian; but even so, there must be some way to get non-default behaviour. Doc -- Web: http://www.sff.net/people/N7DR
Attachment:
signature.asc
Description: OpenPGP digital signature