X11 connection rejected because of wrong authentication after sudo to another user

X win cookie not carried over after sudo login as another user.

1. Login as first user (user1).
2. Run ‘echo $DISPLAY’

bash-3.00$ echo $DISPLAY
localhost:10.0

2. Run ‘xauth list’

xauth list
box.my.com/unix:10  MIT-MAGIC-COOKIE-1  4f76c629f8cdbf26ce4ae646cc24448c
box.my.com/unix:11  MIT-MAGIC-COOKIE-1  1acd10ab0fd098a86aba7aa691d7c067
box.my.com/unix:12  MIT-MAGIC-COOKIE-1  e007ee6844c417a6b866d66c7bbcbc7d

For Solaris 10, xauth is in the /usr/openwin/bin directory.
3. sudo to second user (user2) with command like

sudo su - user2

4. Set $DISPLAY env to the same as user1’s.

DISPLAY=localhost:10.0; export DISPLAY

5. Run “xauth add” and append the entry from user1’s “xauth list” that matches the display number. For example, user1 $DISPLAY is localhost:10.0, so we’ll append box.my.com/unix:10 entry.

xauth add box.my.com/unix:10  MIT-MAGIC-COOKIE-1  4f76c629f8cdbf26ce4ae646cc24448c

6. Test with xclock:

xclock

Solution one can be automated by two scripts, one on user1 side and another user2.
1. Create a shell script, named sudouser2, on user1 side.

#!/usr/bin/bash
 
# Remember DISPLAY
echo $DISPLAY > /tmp/.echoUser1DISPLAY.txt
chmod a+r /tmp/.echoUser1DISPLAY.txt
 
# Remember cookie
xauth list|grep `echo $DISPLAY |cut -c10-12` > /tmp/.parseUser1Xauth.txt
chmod a+r /tmp/.parseUser1Xauth.txt
 
sudo su - user2

2. Give sudouser2 execute permission.

chmod u+x dusouser2

3. Run ./sudouser2 to sudo into user2

./sudouser2

4. Create a shell script, name setxwin , on user2 side.

xauth add `cat /tmp/.parseUser1Xauth.txt`
export DISPLAY=`cat /tmp/.echoUser1DISPLAY.txt`

5. Run . ./setxwin on user2 shell. Optionally, included setxwin in shell start script such as .profile file.

. ./setxwin

6. Test with xclock:

xclock

Add to /etc/sudoers file

Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"