Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
X11 sudo wrapper written in Bourne shell. Uses xauth trust cookies for lesser insecurity.
branch: master

wording

latest commit ccd2a22f64
Jesper Räftegård authored
Failed to load latest commit information.
LICENSE
README
xsudo.sh -x perms

README

xsudo.sh is an X11 sudo wrapper. It is intended to do what gksudo and
kdesudo does without the excessive dependencies on GTK or Qt.

The script is written to be fully Bourne shell compatible. Instead
of GTK or Qt, the one big dependency is OpenSSH.


INSTALLATION

Check the first section of the script for any configuration values you
need to adapt to your system. Also check that ssh-askpass in available
on your machine.

You are recommended to install the script with such permissions and in
such a location that only root is allowed to modify it.

This should do the trick:

    $ sudo install xsudo.sh /usr/opt/bin


USAGE

    $ xsudo.sh [-t] [-u user] <command>'

Grants access for <user> to DISPLAY and uses sudo to run <command>
as that user.

    -t
        Use a trusted MIT cookie instead of an untrusted. This enables
        X11 extensions, which on the one hand enables accelerated
        graphics and unbreaks the ISO_Level3_Shift (Alt Gr) modifier,
        but on the other hand allows the invoked command to access every
        X11 event, essentially obliterating inter-program security.

    -u <user>
        Use sudo to impersonate <user> instead of the super-user.
        If the specified user does not exist, xsudo.sh exits with 1.


TIPS

* To semi-sandbox your web browser, try this:

    1. Create a local user for your browser, for exampe "_web".

    2. Move your current browser config into ~/_web, like this
       for Chromium:

           $ umask 077
           $ sudo -u _web mkdir -p ~_web/.config
           $ sudo cp -r ~/.config/chromium ~_web/.config/
           $ sudo chown -R _web._web ~_web/.config/chromium

    3. From now on, start Chromium with this:

           /bin/sh /usr/opt/bin/xsudo.sh -tu _web /usr/local/bin/chrome

       Put it in a shell script chmodded +x. Dropping the -t increases
       inter-application security but decreases graphics speed.


* Swedish readers might be interested in reading about writing xsudo.sh:

    http://huggpunkt.org/xsudo-sh-en-skriptad-x11-wrapper-for-sudo
Something went wrong with that request. Please try again.