I know there is a bunch of similar questions around but they are all about a X-Forewarding and SSH sessions.
I got this problem with a local user which is privileged for a specific script…
The Problem
Under ubuntu 16.04 I want a specific user guest to be able to run one specific script /usr/sbin/test.sh with root privileges (the script make some system settings and mounts for example).
Settings
I extend the /etc/sudoers file with the following line:
guest ALL = NOPASSWD: /usr/sbin/test.sh
guest
is not in the sudo
group ! (<– guess this is the problem)
The Script
For sake of simplicity:
#!/bin/bash
zenity --info --text="Testing Sudo X"
The runs fine if executed with sudo /usr/sbin/test.sh
from a member of the sudo-group or if there are no dialogues to show (means: making text and operations in a terminal window works without problems).
If guest
logs in (via greeter) and start a new gnome-terminal in unity to execute sudo /usr/sbin/test.sh
it fails with the (hope german is ok) error:
No protocol specified
Failed to connect to Mir: Failed to connect to server socket: Datei oder Verzeichnis nicht gefunden
Unable to init server: Verbindung ist gescheitert: Verbindungsaufbau abgelehnt
(zenity:19225): Gtk-WARNING **: cannot open display: :0
I tried….
- exporting the
$DISPLAY
variable before or in thetest.sh
cp
the.Xauthority
from anothers/home/user/
to myguest
- generate a xauth cookie with
xauth add
from axauth list
of another user - add
Defaults env_keep += "DISPLAY"
in/etc/sudoers
(did a mistake here!!!)
Question / Conclusion
None of this worked. I suppose that debugging things on guest
would generally not help because the command runs with sudo. So I need to find a way to give guest
a permission for the $DISPLAY
or .Xauthority
of sudo just for this single command.
Best Answer
From Ubuntu 16.04 onward, the
DISPLAY
is no longer on:0
. It is on a number which can vary depending on how many users are simultaneously logged in to the console.To resolve the problem, you need to configure
sudo
to preserve theDISPLAY
environment variable.Add a configuration file to the
/etc/sudoers.d
directory, containing the following:This will allow
sudo
to pass theDISPLAY
environment variable to the program it runs, and those programs will then be able to connect to the correctDISPLAY
.