Debian Administration

And similarly there is a gksu package that provides gksu and gksudo.

Another technique ... is to set the XAUTHORITY

Please elaborate when and where do you do that, and under what conditions.

because I really doubt that it will work. ~/.Xauthority is most often of "-rw-------" attribute. nobody else except root can access it. Let alone we are talking about ssh to another box here.

but I maybe wrong, and would like to listen.

thanks

I'm pretty sure you do not mean "$USER/.Xauthority", but "$HOME/.Xauthority". Where $HOME is the home of $USER. And $USER is the username you ssh'd in....

Would that be a good idea though? That would require enabling root login through ssh. At which point why not just ssh into the machine with root to begin with? Is it possible to deny foreign ssh as root but accept local ssh as root?

I didn't say anything about root. Root is easy. You usually can run 'sudo xapplication' and be happy with that. As an administrator, which is what this site is about, sometimes you have to help troubleshoot things for other users and you need to 'sudo su - username' to see the problem from their perspective. When you sudo su, or su in general you loose your DISPLAY and Xauth settings.

"My first reaction to this is "ack! why are you opening x clients as root!?" but i guess you could be su'ing to another non-root user."

Erm... Because some X clients are root only? Such as some system configuration GUI tools for example...

Or sometimes you need to use a GUI tool (for convenience sake) such as kompare on files only accessible by root?

Admittedly, MOST of the time it's unwise to run X clients as root, but that doesn't mean it's ALWAYS a bad idea. It's not utterly taboo or anything. Just not always the best plan as a first option. Better avoided if other options are available.

I believe xauth is for X11 authentication. Once you run dchroot, you may have to set you DISPLAY to :0.0 or localhost:10.0 depending on where you are. Once the variable is set, you should be ok.

I may be wrong as my experience with chroot is limited.

Yep, it works, after I bind mount /tmp as well!!!

I had the same problem. It turns out DISPLAY may be set to "localhost:10.0" but the cookie may be stored under a different name variation of display 10 (like jupiter.x.com/unix:10)

Before su:

-to get a list of cookies for each display.
linux> xauth list
jupiter.x.com/unix:14 MIT-MAGIC-COOKIE-1 ec0778f78a8b342429399eba5ff2632e
jupiter.x.com/unix:16 MIT-MAGIC-COOKIE-1 82a777aa883decc099dfb88ad5c1cf7a
jupiter.x.com/unix:15 MIT-MAGIC-COOKIE-1 f4abb7722882168eb3c145b3c926cb53
jupiter.x.com/unix:11 MIT-MAGIC-COOKIE-1 ff99c450ff208f66332a12e8bdb3a8c6
jupiter.x.com/unix:10 MIT-MAGIC-COOKIE-1 6f640f12f809c265968828c983661afc

-find out your display
linux >echo $DISPLAY
localhost:10.0

-do your su

linux> su -l user_i_want_to_be

-now set the cookie to the number matching your display (in my case 10)

linux> xauth add jupiter.x.com/unix:10 MIT-MAGIC-COOKIE-1 6f640f12f809c265968828c983661afc