[sudo-users] Automatic XAUTH forward for sudo
Larry Becke
guyverdh at gmail.com
Sat Jan 31 19:41:51 MST 2015
I spent a little time and developed a fairly secure method for
forwarding xauth from your normal user to the user you are becoming via
sudo -i...
First, modify the sudoers file to retain the XAUTH environment
variable... (all instructions assume use of ksh, bash works with this as
well, modify as needed for additional shells)
set Defaults env_keep += "XAUTH"*
*
Add the following to the system /etc/profile file
[ "${XAUTH}" ] && {
/usr/bin/xauth add ${XAUTH}
unset XAUTH
} || {
XDISP=$( echo ${DISPLAY} | cut -d: -f2 | cut -d. -f1 )
[ "${XDISP}" != "" ] && {
XAUTH=$( /usr/bin/xauth list | grep ":${XDISP}" )
} || {
unset XDISP
}
}
[ "${XAUTH}" ] && export XAUTH
What this does is if you are logging in directly (ssh login) it stores
your xauth keys in the XAUTH environment variable.
If you are sudo'ing to another userid with the -i parameter, it sees
that XAUTH is already set and pushes the contents into the sudo'd users
xauth stack.
More information about the sudo-users
mailing list