Difference between revisions of "Running X apps as root"

From ArchWiki
Jump to: navigation, search
(created page due to Frequently asked question on forum)
 
m (The most secure methods: rm red link)
(8 intermediate revisions by 7 users not shown)
Line 1: Line 1:
 +
[[Category:X Server]]
 +
[[ko:Running X apps as root]]
 +
 
By default, and for security reasons, root will be unable to connect to a non-root user's X server. There are multiple ways of allowing root to do so, if it is necessary.
 
By default, and for security reasons, root will be unable to connect to a non-root user's X server. There are multiple ways of allowing root to do so, if it is necessary.
 
==The most secure methods==
 
==The most secure methods==
Line 6: Line 9:
 
* kdesu (included with KDE)
 
* kdesu (included with KDE)
 
  $ kdesu ''name-of-app''
 
  $ kdesu ''name-of-app''
* gtksu (included with GNOME)
+
* gksu (included with GNOME)
  $ gtksu ''name-of-app''
+
  $ gksu ''name-of-app''
 +
* bashrun (in community)
 +
$ bashrun --su ''name-of-app''
 
* [[sudo]] (must be installed and properly configured with <code>visudo</code>)
 
* [[sudo]] (must be installed and properly configured with <code>visudo</code>)
 
  $ sudo ''name-of-app''
 
  $ sudo ''name-of-app''
 +
* {{pkg|sux}} (wrapper around su which will transfer your X credentials)
 +
$ sux root ''name-of-app''
  
 
These are the preferred methods, because they automatically exit when the application exits, negating any security risks quite completely.
 
These are the preferred methods, because they automatically exit when the application exits, negating any security risks quite completely.
Line 19: Line 26:
 
* '''Temporarily allow root access'''
 
* '''Temporarily allow root access'''
  
*xhost  
+
:*xhost  
 
  $ xhost +
 
  $ xhost +
 
will temporarily allow root, or ''anyone'' to connect your X server. Likewise,
 
will temporarily allow root, or ''anyone'' to connect your X server. Likewise,
Line 31: Line 38:
 
* '''Permanently allow root access'''
 
* '''Permanently allow root access'''
  
*Globally in <code>/etc/profile</code>
+
:*Globally in <code>/etc/profile</code>
 
Add the following to <code>/etc/profile</code>
 
Add the following to <code>/etc/profile</code>
 
  export XAUTHORITY=/home/non-root-usersname/.Xauthority
 
  export XAUTHORITY=/home/non-root-usersname/.Xauthority

Revision as of 16:04, 11 June 2013


By default, and for security reasons, root will be unable to connect to a non-root user's X server. There are multiple ways of allowing root to do so, if it is necessary.

The most secure methods

The most secure methods are simple. They include:

  • kdesu (included with KDE)
$ kdesu name-of-app
  • gksu (included with GNOME)
$ gksu name-of-app
  • bashrun (in community)
$ bashrun --su name-of-app
  • sudo (must be installed and properly configured with visudo)
$ sudo name-of-app
  • sux (wrapper around su which will transfer your X credentials)
$ sux root name-of-app

These are the preferred methods, because they automatically exit when the application exits, negating any security risks quite completely.

Alternate methods

These methods will allow root to connect to a non-root user's X server, but present varying levels of security risks, especially if you run ssh. If you are behind a firewall, you may consider them to be safe enough for your requirements.

  • Temporarily allow root access
  • xhost
$ xhost +

will temporarily allow root, or anyone to connect your X server. Likewise,

$ xhost -

will disallow this function afterward.

Some users also use:

$ xhost + localhost

(Your X server must be configured to listen to TCP connections for xhost + localhost to work).

  • Permanently allow root access
  • Globally in /etc/profile

Add the following to /etc/profile

export XAUTHORITY=/home/non-root-usersname/.Xauthority

This will permanently allow root to connect to a non-root user's X server.

Or, merely specify a particular app:

export XAUTHORITY=/home/usersname/.Xauthority kwrite

(to allow root to access kwrite, for instance.)