Thursday, January 08, 2009

» Using sudo

As I posted a little over two years ago, there is an option to use sudo with kdesu to avoid having to type the root password. It is worth noting that the same approach works for KDE4's kdesu too. Here is how to do it for KDE3:
/opt/kde3/bin/kwriteconfig -–file kdesurc -–group super-user-command -–key super-user-command sudo
And here for KDE4:
/usr/bin/kwriteconfig -–file kdesurc -–group super-user-command -–key super-user-command sudo
(make sure to use the fully qualified path to kwriteconfig in both cases, just to make sure it works: the former in /opt/kde3/bin is for KDE3 and the latter in /usr/bin is for KDE4.. err.. yeah, that was obvious :)). Now here is a trick to be able to use sudo for X applications directly, without going through kdesu. First of all, edit /etc/sudoers (which one should always do using the command visudo as it validates the configuration before saving it) and allow the environment variables DISPLAY and XAUTHORITY to be forwarded when using sudo, by adding the following line:
Defaults env_keep += "DISPLAY XAUTHORITY"
The second step is to set and export the environment variable XAUTHORITY. The simplest option is to add the following line to your ~/.bashrc or add it to /etc/bash.bashrc.local, the latter being for all users on your host:
[ -n "$DISPLAY" -a -e "$HOME/.Xauthority" ] && export XAUTHORITY="$HOME/.Xauthority"
There you go. Log out and log in again. Then simply do this, as an example:
sudo /sbin/yast2

8 Comments:

Blogger Jakub Rusinek said...

I wish to see it by default or at least possible with one option in YaST...

https://bugzilla.novell.com/show_bug.cgi?id=402818

22:57  
Blogger Jakub Rusinek said...

Adding "[ -n "$DISPLAY" -a -e "$HOME/.Xauthority" ] && export XAUTHORITY="$HOME/.Xauthority"" to my .bashrc makes X restart at login, before any session starts.

23:06  
Blogger Loki said...

Then we'll need another trick.

Well, in the mean time, don't add it there but do this:

XAUTHORITY="$HOME/.Xauthority" sudo /sbin/yast2

23:18  
Blogger Jakub Rusinek said...

For me adding "xhost +local:root" to my bashrc helped, since XAUTHORITY already exists in /var/gdm/... (I'm using GNOME with GDM.)

Anyway, thanks for the tip ;) .

07:23  
Blogger Unknown said...

For me, the first solution does not work. If I change the kdesu command for sudo, all my requests get rejected, as stated in the /var/log/messages, even if I provide the correct password.

10:56  
Anonymous Anonymous said...

This is really broken design and we shouldn't learn users to do that. Sudo is for systems with multiple administrators. The correct way would be if kdesu would use su and was working with kwallet. (We'll just have to wait until this functionality will be back in KDE4).

16:32  
Blogger Unknown said...

(*_*)
Extract from /etc/sudoers
in OpenSuse-11.1
#####
Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
# Comment out the preceding line and uncomment the following one if you need
# to use special input methods. This may allow users to compromise the root
# account if they are allowed to run commands without authentication.
#Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
##### end

(a) Damarinho
http://br.geocities.com/omlinux

19:53  
Blogger Jermdemo said...

good job

this recipe actually works!

i don't know why more people don't encounter this problem with

ssh -X myServer
sudo xeyes

17:47  

Post a Comment

<< Home