Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
X11 sudo wrapper written in Bourne shell. Uses xauth trust cookies for lesser insecurity.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Failed to load latest commit information.|
xsudo.sh is an X11 sudo wrapper. It is intended to do what gksudo and kdesudo does without the excessive dependencies on GTK or Qt. The script is written to be fully Bourne shell compatible. Instead of GTK or Qt, the one big dependency is OpenSSH. INSTALLATION Check the first section of the script for any configuration values you need to adapt to your system. Also check that ssh-askpass in available on your machine. You are recommended to install the script with such permissions and in such a location that only root is allowed to modify it. This should do the trick: $ sudo install xsudo.sh /usr/opt/bin USAGE $ xsudo.sh [-t] [-u user] <command>' Grants access for <user> to DISPLAY and uses sudo to run <command> as that user. -t Use a trusted MIT cookie instead of an untrusted. This enables X11 extensions, which on the one hand enables accelerated graphics and unbreaks the ISO_Level3_Shift (Alt Gr) modifier, but on the other hand allows the invoked command to access every X11 event, essentially obliterating inter-program security. -u <user> Use sudo to impersonate <user> instead of the super-user. If the specified user does not exist, xsudo.sh exits with 1. TIPS * To semi-sandbox your web browser, try this: 1. Create a local user for your browser, for exampe "_web". 2. Move your current browser config into ~/_web, like this for Chromium: $ umask 077 $ sudo -u _web mkdir -p ~_web/.config $ sudo cp -r ~/.config/chromium ~_web/.config/ $ sudo chown -R _web._web ~_web/.config/chromium 3. From now on, start Chromium with this: /bin/sh /usr/opt/bin/xsudo.sh -tu _web /usr/local/bin/chrome Put it in a shell script chmodded +x. Dropping the -t increases inter-application security but decreases graphics speed. * Swedish readers might be interested in reading about writing xsudo.sh: http://huggpunkt.org/xsudo-sh-en-skriptad-x11-wrapper-for-sudo