Gentoo Logo
Gentoo Logo Side

Using su in X HOWTO

Content:

1. Introduction

Purpose 

We've all been there, logged in as a normal user, and we need to do run some X application as root. Maybe we just want to configure a kernel with make xconfig and we get errors when we want to do this.

Code Listing 1.1: An example X error

(While running an xterm)
 $ su -
Password:
 # xlogo -render
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified

Error: Can't open display: :0.0

Fortunately for us, there are several ways we can do this. Some of the suggestions here might not be the most secure and may just as well be a hack; you'll have to decide which is the most appropriate for your needs.

Running X as root 

What kind of document would this be if there were no warnings? We'll briefly cover some of the warnings and issues right here before we start.

Generally speaking, running X as the root (superuser) is a bad idea altogether. Even running X programs as root is a topic of heated debate.

The following risks are associated with running X as root:

  • Data corruption
  • Unauthorized access
  • Potential leaks

While most of these are caused by an inproperly configured X system, it is still accepted as a bad idea.

Users who are new to the Linux, are generally the culprits to running X as root.

Let's look at an example. I usually make it a habit to stop by and check out the Gentoo IRC channels a few times a week. It almost never fails, there is someone joining my channel who is using their root user to connect to IRC. Talk about potential security risks! Depending on what client that user is connecting with, I could do mean nasty things. For example, I could DCC them a file, for instance, .bashrc .

Code Listing 1.2: A malicious .bashrc

#!/bin/sh
logout

Now what if that user also had auto-start DCC transfers on? What if that user also had the default user directory as ~/ ? It appears that our little .bashrc would overwrite their existing one! So upon that users next login, they are immediately logged out.

Sound too far fetched? Think again! This is just ONE of many examples of why using root is not a good idea, now compound that with the inner workings and complexities of X, and you see our dillemma.

2. Solutions

x11-misc/sux 

Sux is described best from its homepage, which is listed below.

Note: Sux is a wrapper around the standard su command which will transfer your X credentials to the target user. Sux is released under the terms of the X11 license.

Installing sux is as easy as emerging it!

Code Listing 2.1: Emerging Sux

# emerge x11-misc/sux

The following are some examples of using Sux.

Code Listing 2.2: Running an X program as root

$ sux -c /usr/bin/X11/xlogo -render
Password: (Enter root password and press enter)

Code Listing 2.3: Running a shell as root

$ sux -
Password: (Enter root password and press enter)
# xlogo -render

Important: Invoking a shell with root using sux will enable you to just type in an X application, and will run it.

KDE Users 

KDE users have another option. kdesu is the KDE version su. It will allow you to run X applications on the current users X much like Sux, however it pop up an X window requesting the password and will not run console applications.

Important: kdesu was designed to run X applications only,

Usage of kdesu is as follows.

Code Listing 2.4: Running an X program with options as root

# kdesu -c "/usr/bin/X11/xlogo -render"
(you could also specify a different user, such as 
diffuser)
# kdesu -u diffuser -c "/usr/bin/X11/xlogo -render"

Code Listing 2.5: Running an X program without options as root

# kdesu /usr/bin/X11/xlogo
(you could also specify a different user, such as diffuser)
# kdesu -u diffuser /usr/bin/X11/xlogo

3. Conclusion

Wrapping it up 

There are numerous other ways to perform the above tasks, but I find these to be the easiest methods.

I hope you found this to be helpful and good luck with your new knowledge.


The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
Print
line
Updated July 31, 2004
line
Joshua Preston
Author

line
Summary:  This howto was designed to give some pointers when attempting to su as root while logged into X as a normal user.
line
The Gentoo Linux Store
line
Copyright 2001-2004 Gentoo Foundation, Inc. Questions, Comments, Corrections? Email [email protected].