Post date: 22-May-2009 19:51:09
$ ssh oracle@rc1
(host) $ echo $DISPLAY
localhost:10.0
(host) $ xclock
This works. What if I want to run an X client as the root user?
(host) $ su -
# echo $DISPLAY
# DISPLAY=localhost:10.0 xclock
X11 connection rejected because of wrong authentication.
X connection to localhost:10.0 broken (explicit kill or server shutdown).
This doesn't work because the X client is looking for the authority file in ~root/.Xauthority, while the needed credentials (i.e., the "magic cookie")
created by ssh are in ~oracle/.Xauthority.
From SSH(1):
ssh will also automatically set up Xauthority data on the server machine.
For this purpose, it will generate a random authorization cookie, store
it in Xauthority on the server, and verify that any forwarded connections
carry this cookie and replace it by the real cookie when the connection
is opened. The real authentication cookie is never sent to the server
machine (and no cookies are sent in the plain).
To make this work, set XAUTHORITY=~oracle/.Xauthority and execute the X client.
# DISPLAY=localhost:10.0 XAUTHORITY=/home/oracle/.Xauthority xclock
This won't work if the root user cannot read /home/oracle/.Xauthority, which would happen if the /home file system is on an NFS share and the root user is
"squashed," or mapped to the nobody user.
You can also make it work by copying the .Xauthority file from oracle user home directory to root user home directory and then you will see it works.