Cause:
X win cookie not carried over after sudo login as another user.
Solutions One:
1. Login as first user (user1).
2. Run ‘echo $DISPLAY’
bash-3.00$ echo $DISPLAY localhost:10.0
2. Run ‘xauth list’
xauth list box.my.com/unix:10 MIT-MAGIC-COOKIE-1 4f76c629f8cdbf26ce4ae646cc24448c box.my.com/unix:11 MIT-MAGIC-COOKIE-1 1acd10ab0fd098a86aba7aa691d7c067 box.my.com/unix:12 MIT-MAGIC-COOKIE-1 e007ee6844c417a6b866d66c7bbcbc7d
For Solaris 10, xauth is in the /usr/openwin/bin directory.
3. sudo to second user (user2) with command like
sudo su - user2
4. Set $DISPLAY env to the same as user1’s.
DISPLAY=localhost:10.0; export DISPLAY
5. Run “xauth add” and append the entry from user1’s “xauth list” that matches the display number. For example, user1 $DISPLAY is localhost:10.0, so we’ll append box.my.com/unix:10 entry.
xauth add box.my.com/unix:10 MIT-MAGIC-COOKIE-1 4f76c629f8cdbf26ce4ae646cc24448c
6. Test with xclock:
xclock
Automate Solution One
Solution one can be automated by two scripts, one on user1 side and another user2.
1. Create a shell script, named sudouser2, on user1 side.
#!/usr/bin/bash # Remember DISPLAY echo $DISPLAY > /tmp/.echoUser1DISPLAY.txt chmod a+r /tmp/.echoUser1DISPLAY.txt # Remember cookie xauth list|grep `echo $DISPLAY |cut -c10-12` > /tmp/.parseUser1Xauth.txt chmod a+r /tmp/.parseUser1Xauth.txt sudo su - user2
2. Give sudouser2 execute permission.
chmod u+x dusouser23. Run ./sudouser2 to sudo into user2
./sudouser24. Create a shell script, name setxwin , on user2 side.
xauth add `cat /tmp/.parseUser1Xauth.txt` export DISPLAY=`cat /tmp/.echoUser1DISPLAY.txt`
5. Run . ./setxwin on user2 shell. Optionally, included setxwin in shell start script such as .profile file.
. ./setxwin6. Test with xclock:
xclock
Solution Two:
Add to /etc/sudoers file
Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Pingback: Delicious Bookmarks for March 3rd from 00:52 to 12:48 « Lâmôlabs
Pingback: X11 connection rejected because of wrong authentication after sudo to another user « Ahishinko's Blog
Brilliant man! Found this link after 3 hours of searching. The step I was missing was the “xauth add” with the same items as mentioned in root.
Thanks a ton!
I did all the procedures, but still the same error… =/
Defaults env_keep += “DISPLAY XAUTHORIZATION XAUTHORITY”
Does not work on Red Hat Linux. It does copy the display variable, but it does not move the Xauthority cookie over, so a script or manual steps is still required. Does anyone know how to do this without having to write a script or using manual steps? It seems like there must be a way…
I don’t need this if I just log into another machine with ssh -X, but if I then sudo su – to work as root, I can’t find the right incantation to make xauth allow me to run X programs from the su job.
Just wanted to thank you, it helped me!
# fetch the user
while getopts :u: u
do
[ ${u} = u ] && sudo_user=$OPTARG
done
[ -z ${sudo_user} ] && exit 1
# Remember cookie
if [ “${DISPLAY}X” != “X” ]
then
DISP_ID=$(echo $DISPLAY |cut -d’:’ -f 2 |cut -d ‘.’ -f 1)
HOST=$(hostname -f)
echo “/usr/bin/xauth extract – ${HOST}/unix:${DISP_ID} | /usr/bin/sudo -u ${sudo_user} /usr/bin/xauth merge -”
fi
echo “/usr/bin/sudo $@”
Of course remove the extra echos
# fetch the user
while getopts :u: u
do
[ ${u} = u ] && sudo_user=$OPTARG
done
[ -z ${sudo_user} ] && exit 1
# Remember cookie
if [ “${DISPLAY}X” != “X” ]
then
DISP_ID=$(echo $DISPLAY |cut -d’:’ -f 2 |cut -d ‘.’ -f 1)
HOST=$(hostname -f)
/usr/bin/xauth extract – ${HOST}/unix:${DISP_ID} | /usr/bin/sudo -u ${sudo_user} /usr/bin/xauth merge –
fi
/usr/bin/sudo $@
Many many thanks. Was looking for this a long time.
Mektub
Many thanks!!!
THANK YOU!!!
You should use gksudo, it keeps the magic cookie, sudo or su reset everithing…
Simply elegant. Thank you!
wow it worked man – I was bloody so frustrated to get this fixed .. GOD BLESS Ya buddy !
Pingback: Free X windows emulator for running Oracle Installer | Andrew Fraser DBA
Three words…You da Man. Saved me. Thanks!!
THANKS FOR POSTING! It helped me!
An easier solution:
1.- ssh user@host
2.- $ sudo su
3.- # xauth merge /home//.Xauthority
That’s all
Of course $DISPLAY variable must be set
Regards
Dude.. damn, I’ve been cracking at it all day, saw similar solutions as well, but for some reasons only yours worked.
I can’t thank you enough !
Pingback: » Linux: “su” with error “X11 connection rejected because of wrong authentication.”
Pingback: X11 Auth | Andreas' Blog
Thanks a lot, it worked. I was trying to add it manually to the .Xauthority file of the affected user, but running the xauth command did the trick.
Regards.
Pingback: "su" with error "X11 connection rejected because of wrong authentication" - PhotoLens
Pingback: "su" with error "X11 connection rejected because of wrong authentication" - Boot Panic