is a very powerful tool when used wisely (i.e. not as it's done on Ubuntu).
is configured in a much more restricted way on openSUSE than on, say, Ubuntu, to avoid any open security loopholes.
If, nevertheless, you would like to use
to run X applications, here is how to do it.
First of all, you will need to configure
to let through a few environment variables that are normally not allowed to get through for security reasons.
In order to do that, run
as root and add the following lines in that file, under the already existing
Defaults env_keep += "DISPLAY XAUTHORITY XAUTHLOCALHOSTNAME"
Now, from there, the problem is that on openSUSE, the environment variable
is not always set -- it is not needed for X applications, as they have the policy of defaulting to
But in order to run X applications through
, this is precisely the trick, as those applications need to explicitly use the
file of the user that is invoking
Here is a little wrapper script that does the job. Save that as e.g.
or, if you only need it for your user, to
[ -n "$XAUTHORITY" ] || XAUTHORITY="$HOME/.Xauthority"
exec sudo "$@"
You also need to make that script executable:
chmod +x /usr/local/bin/xsudo
(of course, use the appropriate path to that file ;)
Now you simply need to use
to run X applications.
Obviously, and what has not been explained here, you also need to open the loophole for your user if, e.g., you would like your user to be able to run any application as root without having to enter the root password.
Be aware of the fact that this is a major security weakening, as any attacker just needs to be able to gain access as your regular user to be root on your host !
You basically loose the additional barrier of not only having to gain access as your regular user (who is e.g. running an application that is subject to a buffer overflow attack), but also requiring the attacker to know the root password.
If you still want to do that, add the following line using
(as root), at the end of the file, and replace "
" with the name of your user:
jamesdean ALL=(ALL) NOPASSWD: ALL
As an alternative, if you don't want to use the
wrapper, you might as well also always set and export the
In order to do that, you first have to decide whether you want that for just your user, or for all users on your system.
If it's just for your user, the file to append the following line to is
; if you want to do it for all users, you must run the following command as root, and append to
echo '[ -n "$XAUTHORITY" ] || XAUTHORITY="$HOME/.Xauthority"' >> $HOME/.profile
echo 'export XAUTHORITY' >> $HOME/.profile
Note that it's untested, and might as well hose your X startup :)
Labels: opensuse, security, sudo