[sudo-users] Automatic XAUTH forward for sudo

Larry Becke guyverdh at gmail.com
Sat Jan 31 19:41:51 MST 2015

I spent a little time and developed a fairly secure method for 
forwarding xauth from your normal user to the user you are becoming via 
sudo -i...

First, modify the sudoers file to retain the XAUTH environment 
variable... (all instructions assume use of ksh, bash works with this as 
well,  modify as needed for additional shells)

set Defaults env_keep += "XAUTH"*
Add the following to the system /etc/profile file

[ "${XAUTH}" ] && {
/usr/bin/xauth add ${XAUTH}
unset XAUTH
} || {
XDISP=$( echo ${DISPLAY} | cut -d: -f2 | cut -d. -f1 )
[ "${XDISP}" != "" ] && {
XAUTH=$( /usr/bin/xauth list | grep ":${XDISP}" )
} || {
unset XDISP
[ "${XAUTH}" ] && export XAUTH

What this does is if you are logging in directly (ssh login) it stores 
your xauth keys in the XAUTH environment variable.

If you are sudo'ing to another userid with the -i parameter, it sees 
that XAUTH is already set and pushes the contents into the sudo'd users 
xauth stack.

More information about the sudo-users mailing list