Difference between revisions of "Running GUI apps as root"
m (→The most secure methods) |
m (→The most secure methods: rm red link) |
||
| (4 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
| − | [[Category:X Server | + | [[Category:X Server]] |
| − | [[ | + | [[ko:Running X apps as root]] |
By default, and for security reasons, root will be unable to connect to a non-root user's X server. There are multiple ways of allowing root to do so, if it is necessary. | By default, and for security reasons, root will be unable to connect to a non-root user's X server. There are multiple ways of allowing root to do so, if it is necessary. | ||
| Line 15: | Line 15: | ||
* [[sudo]] (must be installed and properly configured with <code>visudo</code>) | * [[sudo]] (must be installed and properly configured with <code>visudo</code>) | ||
$ sudo ''name-of-app'' | $ sudo ''name-of-app'' | ||
| + | * {{pkg|sux}} (wrapper around su which will transfer your X credentials) | ||
| + | $ sux root ''name-of-app'' | ||
These are the preferred methods, because they automatically exit when the application exits, negating any security risks quite completely. | These are the preferred methods, because they automatically exit when the application exits, negating any security risks quite completely. | ||
| Line 24: | Line 26: | ||
* '''Temporarily allow root access''' | * '''Temporarily allow root access''' | ||
| − | *xhost | + | :*xhost |
$ xhost + | $ xhost + | ||
will temporarily allow root, or ''anyone'' to connect your X server. Likewise, | will temporarily allow root, or ''anyone'' to connect your X server. Likewise, | ||
| Line 36: | Line 38: | ||
* '''Permanently allow root access''' | * '''Permanently allow root access''' | ||
| − | *Globally in <code>/etc/profile</code> | + | :*Globally in <code>/etc/profile</code> |
Add the following to <code>/etc/profile</code> | Add the following to <code>/etc/profile</code> | ||
export XAUTHORITY=/home/non-root-usersname/.Xauthority | export XAUTHORITY=/home/non-root-usersname/.Xauthority | ||
Revision as of 16:04, 11 June 2013
By default, and for security reasons, root will be unable to connect to a non-root user's X server. There are multiple ways of allowing root to do so, if it is necessary.
The most secure methods
The most secure methods are simple. They include:
- kdesu (included with KDE)
$ kdesu name-of-app
- gksu (included with GNOME)
$ gksu name-of-app
- bashrun (in community)
$ bashrun --su name-of-app
- sudo (must be installed and properly configured with
visudo)
$ sudo name-of-app
- sux (wrapper around su which will transfer your X credentials)
$ sux root name-of-app
These are the preferred methods, because they automatically exit when the application exits, negating any security risks quite completely.
Alternate methods
These methods will allow root to connect to a non-root user's X server, but present varying levels of security risks, especially if you run ssh. If you are behind a firewall, you may consider them to be safe enough for your requirements.
- Temporarily allow root access
- xhost
$ xhost +
will temporarily allow root, or anyone to connect your X server. Likewise,
$ xhost -
will disallow this function afterward.
Some users also use:
$ xhost + localhost
(Your X server must be configured to listen to TCP connections for xhost + localhost to work).
- Permanently allow root access
- Globally in
/etc/profile
- Globally in
Add the following to /etc/profile
export XAUTHORITY=/home/non-root-usersname/.Xauthority
This will permanently allow root to connect to a non-root user's X server.
Or, merely specify a particular app:
export XAUTHORITY=/home/usersname/.Xauthority kwrite
(to allow root to access kwrite, for instance.)