{"id":724,"date":"2009-04-09T16:06:39","date_gmt":"2009-04-09T21:06:39","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=724"},"modified":"2011-04-27T10:16:07","modified_gmt":"2011-04-27T15:16:07","slug":"x11-connection-rejected-because-of-wrong-authentication-after-sudo-to-another-user","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=724","title":{"rendered":"X11 connection rejected because of wrong authentication after sudo to another user"},"content":{"rendered":"

Cause:<\/h3><\/span>\n

X win cookie not carried over after sudo login as another user.<\/p>\n

Solutions One:<\/h3><\/span>\n

1. Login as first user (user1).
\n2. Run ‘echo $DISPLAY’<\/p>\n

\r\nbash-3.00$ echo $DISPLAY\r\nlocalhost:10.0\r\n<\/pre>\n
2. Run ‘xauth list’<\/p>\n
xauth list\r\nbox.my.com\/unix:10  MIT-MAGIC-COOKIE-1  4f76c629f8cdbf26ce4ae646cc24448c\r\nbox.my.com\/unix:11  MIT-MAGIC-COOKIE-1  1acd10ab0fd098a86aba7aa691d7c067\r\nbox.my.com\/unix:12  MIT-MAGIC-COOKIE-1  e007ee6844c417a6b866d66c7bbcbc7d\r\n<\/pre>\n
For Solaris 10, xauth is in the \/usr\/openwin\/bin directory.
\n3. sudo to second user (user2) with command like <\/p>\n
sudo su - user2<\/pre>\n
4. Set $DISPLAY env to the same as user1’s.<\/p>\n
\r\nDISPLAY=localhost:10.0; export DISPLAY\r\n<\/pre>\n
5. Run “xauth add” and append the entry from user1’s “xauth list” that matches the display number. For example, user1 $DISPLAY is localhost:10<\/strong>.0, so we’ll append box.my.com\/unix:10<\/strong> entry.<\/p>\n
xauth add box.my.com\/unix:10  MIT-MAGIC-COOKIE-1  4f76c629f8cdbf26ce4ae646cc24448c<\/pre>\n
6. Test with xclock:<\/p>\n
\r\nxclock\r\n<\/pre>\n
Automate Solution One<\/h3><\/span>\n
Solution one can be automated by two scripts, one on user1 side and another user2.
\n1. Create a shell script, named sudouser2, on user1 side.<\/p>\n
\r\n#!\/usr\/bin\/bash\r\n\r\n# Remember DISPLAY\r\necho $DISPLAY > \/tmp\/.echoUser1DISPLAY.txt\r\nchmod a+r \/tmp\/.echoUser1DISPLAY.txt\r\n\r\n# Remember cookie\r\nxauth list|grep `echo $DISPLAY |cut -c10-12` > \/tmp\/.parseUser1Xauth.txt\r\nchmod a+r \/tmp\/.parseUser1Xauth.txt\r\n\r\nsudo su - user2\r\n<\/pre>\n
2. Give sudouser2 execute permission.<\/p>\n
\r\nchmod u+x dusouser2\r\n<\/pre>\n
3. Run .\/sudouser2 to sudo into user2<\/p>\n
\r\n.\/sudouser2\r\n<\/pre>\n
4. Create a shell script, name setxwin , on user2 side.<\/p>\n
\r\nxauth add `cat \/tmp\/.parseUser1Xauth.txt`\r\nexport DISPLAY=`cat \/tmp\/.echoUser1DISPLAY.txt`\r\n<\/pre>\n
5. Run . .\/setxwin on user2 shell. Optionally, included setxwin in shell start script such as .profile file.<\/p>\n
\r\n. .\/setxwin\r\n<\/pre>\n
6. Test with xclock:<\/p>\n
\r\nxclock\r\n<\/pre>\n
Solution Two:<\/h3><\/span>\n
Add to \/etc\/sudoers file<\/p>\n
Defaults env_keep += \"DISPLAY XAUTHORIZATION XAUTHORITY\"<\/pre>\n","protected":false},"excerpt":{"rendered":"
Cause: X win cookie not carried over after sudo login as another user. Solutions One: 1. Login as first user (user1). 2. Run ‘echo $DISPLAY’ bash-3.00$ echo $DISPLAY localhost:10.0 2. Run ‘xauth list’ xauth list box.my.com\/unix:10 MIT-MAGIC-COOKIE-1 4f76c629f8cdbf26ce4ae646cc24448c box.my.com\/unix:11 MIT-MAGIC-COOKIE-1 … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[33],"tags":[],"class_list":["post-724","post","type-post","status-publish","format-standard","hentry","category-unix"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-bG","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/724","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=724"}],"version-history":[{"count":15,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/724\/revisions"}],"predecessor-version":[{"id":1973,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/724\/revisions\/1973"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=724"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=724"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=724"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}