[ Beneath the Waves ]

XSudo

article and software by Ben Lincoln

 

In late summer 2010, I moved from the Windows engineering team at work to one that supports business intelligence applications running mostly on Linux. Initially I needed to run the Java JVisualVM profiler, and later I discovered some vendor-supplied components of the application that also require a GUI. I am not a fan of VNC, and wanted to take advantage of the ability of the X Window System to run the GUI for an application on my workstation, while the actual work was being done on the Linux server.

After a lengthy ordeal getting Cygwin-X installed and configured correctly to allow this, I discovered that while I could successfully execute applications as myself in this manner, I would get a variety of errors if I tried to start them using sudo. Supposedly there are some system-level sudo configuration changes that can be made to make this function correctly, but because of the way sudo is managed where I work, those changes would be risky to make. I found some other information on executing various sequences of xauth commands on a per-session basis to cause the same effect, but they were complicated and tedious. This script performs those same functions automatically. It also cleans up after itself, which was not mentioned in the manual equivalent.

Warning: this script has not been tested extensively. It has always worked for me, and has not caused any obvious problems, but if you are not a Unix/Linux specialist, you should run it by someone who is before you use it in a production environment. I have used it successfully on many Linux systems (RHEL 5.4 and 5.5), but not on any actual Unix systems.

The way I deployed this script for my own use was to put it in my home directory, then define a function in my .bashrc file that referenced it, like this:

xsudo () { ~/xsudo.sh $1 $2; }

If your organization uses a tiered internal DNS system, you should modify the line in the script that reads:

DEFAULTDOMAIN=.domain.local

...so that it has your actual internal domain name. For example, if the system you are connecting to may identify itself as either tourian or tourian.zebes.local, you would change that line to read:

DEFAULTDOMAIN=.zebes.local

If your organization uses multiple internal domains, you're going to need to modify the script a little more extensively, to use an array instead of a single value. I leave that as an exercise for the reader.

Important: when initiating the ssh connection from Cygwin-X, you must include the -Y flag, or the ssh client won't pass your display identifier through to the remote system, and the script won't work.

 
Download
File Size Version Release Date Author
XSudo 922 B 1.0 2010-09-09 Ben Lincoln
 
 
[ Page Icon ]