X11 sudo wrapper written in Bourne shell. Uses xauth trust cookies for lesser insecurity.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


xsudo.sh is an X11 sudo wrapper. It is intended to do what gksudo and
kdesudo does without the excessive dependencies on GTK or Qt.

The script is written to be fully Bourne shell compatible. Instead
of GTK or Qt, the one big dependency is OpenSSH.


Check the first section of the script for any configuration values you
need to adapt to your system. Also check that ssh-askpass in available
on your machine.

You are recommended to install the script with such permissions and in
such a location that only root is allowed to modify it.

This should do the trick:

    $ sudo install xsudo.sh /usr/opt/bin


    $ xsudo.sh [-t] [-u user] <command>'

Grants access for <user> to DISPLAY and uses sudo to run <command>
as that user.

        Use a trusted MIT cookie instead of an untrusted. This enables
        X11 extensions, which on the one hand enables accelerated
        graphics and unbreaks the ISO_Level3_Shift (Alt Gr) modifier,
        but on the other hand allows the invoked command to access every
        X11 event, essentially obliterating inter-program security.

    -u <user>
        Use sudo to impersonate <user> instead of the super-user.
        If the specified user does not exist, xsudo.sh exits with 1.


* To semi-sandbox your web browser, try this:

    1. Create a local user for your browser, for exampe "_web".

    2. Move your current browser config into ~/_web, like this
       for Chromium:

           $ umask 077
           $ sudo -u _web mkdir -p ~_web/.config
           $ sudo cp -r ~/.config/chromium ~_web/.config/
           $ sudo chown -R _web._web ~_web/.config/chromium

    3. From now on, start Chromium with this:

           /bin/sh /usr/opt/bin/xsudo.sh -tu _web /usr/local/bin/chrome

       Put it in a shell script chmodded +x. Dropping the -t increases
       inter-application security but decreases graphics speed.

* Swedish readers might be interested in reading about writing xsudo.sh: