I know there is a bunch of similar questions around but they are all about a X-Forewarding and SSH sessions.
I got this problem with a local user which is privileged for a specific script…
The Problem
Under ubuntu 16.04 I want a specific user guest to be able to run one specific script /usr/sbin/test.sh with root privileges (the script make some system settings and mounts for example).
Settings
I extend the /etc/sudoers file with the following line:
guest ALL = NOPASSWD: /usr/sbin/test.sh
guest
is not in thesudo
group ! (<– guess this is the problem)The Script
For sake of simplicity:
#!/bin/bash zenity --info --text="Testing Sudo X"
The runs fine if executed with
sudo /usr/sbin/test.sh
from a member of the sudo-group or if there are no dialogues to show (means: making text and operations in a terminal window works without problems).If
guest
logs in (via greeter) and start a new gnome-terminal in unity to executesudo /usr/sbin/test.sh
it fails with the (hope german is ok) error:No protocol specified Failed to connect to Mir: Failed to connect to server socket: Datei oder Verzeichnis nicht gefunden Unable to init server: Verbindung ist gescheitert: Verbindungsaufbau abgelehnt (zenity:19225): Gtk-WARNING **: cannot open display: :0
I tried….
- exporting the
$DISPLAY
variable before or in thetest.sh
cp
the.Xauthority
from anothers/home/user/
to myguest
- generate a xauth cookie with
xauth add
from axauth list
of another user- add
Defaults env_keep += "DISPLAY"
in/etc/sudoers
(did a mistake here!!!)Question / Conclusion
None of this worked. I suppose that debugging things on
guest
would generally not help because the command runs with sudo. So I need to find a way to giveguest
a permission for the$DISPLAY
or.Xauthority
of sudo just for this single command.
Answer
From Ubuntu 16.04 onward, the DISPLAY
is no longer on :0
. It is on a number which can vary depending on how many users are simultaneously logged in to the console.
To resolve the problem, you need to configure sudo
to preserve the DISPLAY
environment variable.
Add a configuration file to the /etc/sudoers.d
directory, containing the following:
Defaults env_keep += "DISPLAY"
This will allow sudo
to pass the DISPLAY
environment variable to the program it runs, and those programs will then be able to connect to the correct DISPLAY
.
Attribution
Source : Link , Question Author : Michael P , Answer Author : Michael Hampton