Running root apps seamlessly on a normal user’s desktop

I’m a network engineer, and I run Kubuntu on the desktop. Which means I often run applications as root: Wireshark, Ettercap, Zenmap, etc. I prefer a seamless desktop experience, meaning I like my GUI customisations to apply to root applications, not just those running as my own user. Secondly, I like to directly launch GUI apps from a root terminal.

  1. Allow root to display applications on the user’s desktop
  2. Normally only the logged-in user has the authority to run X applications. This is a good thing, and a useful security feature. Running commands as your user with sudo allows that application to use your X session, like so:

    sudo wireshark

    However, this doesn’t work:

    sudo -i
    (now as root) wireshark

    We can work around this by modifying root’s ~/.Xauthority file. Either copy yours or link it into /root/, and you’re done:

    cd /root/
    ln -f -s /home/username/.Xauthority

    If you have multiple users on the same machine, you can achieve the same goal by merging several files using the xauth command.

  3. Retain environment variables when you execute sudo
  4. OK, now root can make X apps display on tyler’s display, but he still has to set the DISPLAY variable or pass a -display argument. So let’s keep this variable when we login as root with “sudo -i“.

    Add the following somewhere in /etc/sudoers:

    Defaults                 env_keep+="DISPLAY XAUTHORITY"

    Or just for one user:

    Defaults:username        env_keep+="DISPLAY XAUTHORITY"

    Now DISPLAY, and if you use it, XAUTHORITY, follow you if you use sudo. You can add any others to this list if you like.

  5. Keep the same GTK preferences as root
  6. Now, your root GTK apps run and display, but they look like something from Windows 95. This is because GTK has absolutely horrific default settings which are nearly always overridden by your window manager’s theme, and root doesn’t have your GTK preferences. That’s easy to fix:

    cd /root/
    ln -f -s /home/username/.gtkrc-2.0

    And if you use KDE with the “Use my KDE style in GTK applications” (gtk-qt-engine) setting, you might also want:

    cd /root/
    ln -f -s /home/username/.gtk_qt_engine_rc

Finally, I just like a better sudo prompt. So I set this at the botton of /etc/bash.bashrc on every machine I manage:

export SUDO_PROMPT="[sudo] password for %u@%h: "

This is better than the sudo default (the totally ambiguous “Password: “) or the Ubuntu default (“[sudo] password for username: “) because it also lists the host you are currently on. If you login to as many machines as I do, confusing one sudo prompt for another is an easy way to ruin your day.

Tags: , ,

  1. kirov’s avatar

    Good post.

    The GTK-QT-engine’s configuration file was changed in KDE4. Thus, regarding step (3), kde4 users must execute the following command:
    sudo cp ~/.gtkrc-2.0-kde4 /root/.gtkrc-2.0

    Reply

Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.