Running X apps as root
By default, and for security reasons, root will be unable to connect to a non-root user's X server. There are multiple ways of allowing root to do so however, if necessary.
The proper, recommended way to run GUI apps under X with elevated privileges is to create a Polkit policy, as shown in this forum post. This should however "only be used for legacy programs", as man pkexec
reminds. Applications should rather "defer the privileged operations to an auditable, self-contained, minimal piece of code that gets executed after doing a privilege escalation, and gets dropped when not needed"[2]. This may be the object of a bug report to the upstream project.
Contents
Ponctual methods
Those methods wrap the application in an elevation framework and drop the acquired privileges once it exits:
$ kdesu name-of-app
See also Sudo#kdesu.
$ gksu name-of-app
See also Sudo#gksu.
- bashrun (in community)
$ bashrun --su name-of-app
- sudo (must be installed and properly configured with
visudo
)
$ sudo name-of-app
- suxAUR (wrapper around su which will transfer your X credentials)
$ sux root name-of-app
Alternate methods
These methods will allow root to connect to a non-root user's X server, but present varying levels of security risks, especially if you run ssh. If you are behind a firewall, you may consider them to be safe enough for your requirements.
Temporarily allow root access
See Xhost.
Permanently allow root access
- Method 1: Add the line
session optional pam_xauth.so
to /etc/pam.d/su
and /etc/pam.d/su-l
. Then switch to your root user
using 'su' or 'su -'.
-
Method 2: Globally in
/etc/profile
Add the following to /etc/profile
export XAUTHORITY=/home/non-root-usersname/.Xauthority
This will permanently allow root to connect to a non-root user's X server.
Or, merely specify a particular app:
export XAUTHORITY=/home/usersname/.Xauthority kwrite
(to allow root to access kwrite, for instance.)