Bug 1673073
| Summary: | unable to open graphical applications using sudo | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Joe Wright <jwright> |
| Component: | wayland | Assignee: | Adam Jackson <ajax> |
| Status: | CLOSED WONTFIX | QA Contact: | Desktop QE <desktop-qa-list> |
| Severity: | unspecified | Docs Contact: | Levi <lvaleeva> |
| Priority: | unspecified | ||
| Version: | 8.0 | CC: | ajax, alanm, amayahaley23, amike, botsch, jkoten, jwright, lvaleeva, mkolbas, ofourdan, pasik, peter.hutterer, tpelka, vanhoof, vbenes, yuokada |
| Target Milestone: | rc | ||
| Target Release: | 8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Known Issue | |
| Doc Text: |
.Unable to run graphical applications using `sudo` command
When trying to run graphical applications as a user with elevated privileges, the application fails to open with an error message. The failure happens because `Xwayland` is restricted by the `Xauthority` file to use regular user credentials for authentication.
To work around this problem, use the `sudo -E` command to run graphical applications as a `root` user.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-03-12 02:28:21 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1678350 | ||
|
Description
Joe Wright
2019-02-06 15:38:29 UTC
vbenes@localhost:~$ sudo gnome-terminal # watch_fast: "/org/gnome/terminal/legacy/" (establishing: 0, active: 0) # unwatch_fast: "/org/gnome/terminal/legacy/" (active: 0, establishing: 1) # watch_established: "/org/gnome/terminal/legacy/" (establishing: 0) works for me I see root gnome-terminal opened. Wow do you run your user session, how does your sudo perms look like? As my test user: [test@localhost ~]$ groups test wheel [test@localhost ~]$ sudo allows me to run commands requiring elevated permissions, such as subscription-manager, but will not allow me to run GUI applications at all> using firefox in the following example [test@localhost ~]$ sudo firefox Failed to open connection to "session" message bus: /usr/bin/dbus-launch terminated abnormally with the following error: No protocol specified Autolaunch error: X11 initialization not found Running without ally support! No protocol specified Unable to init server: Could not connect: Connection refused Error: cannot open display :0 [test@localhost ~]$ Attached screenshot 'sudo_fail.png' as a private attachment See Bug 1274451 for the discussion on this, short summary from comment 33 there: "there are currently no plans to support running graphical apps with sudo under Wayland, and it seems quite unlikely that this will change anytime soon". I'm closing this bug because this is explicit and desired upstream behaviour. fwiw, the underlying issue is that Xwayland as started by the compositor does not set an Xauthority file, so it's restricted to just the user by default. You can work around this by permitting other users to connect to that with the commands below: $ xhost si:localuser:root and to remove the access again $ xhost -si:localuser:root Where the last entry is obviously the user's name. This will only work for X applications, not for native Wayland applications. Please note that while "sudo gnome-calculator" does not work for the reasons explained in comment 5, exporting the environment will avoit the issue so "sudo -E gnome-calculator" works and allows to run the application as root under Wayland natively without relying on Xwayland and the Xauthority. Hi Adam, I have updated the doc text content. Please review it and provide your feedback. Regards, Abhimanyu Jamaiyar My above cmt is confusing, I don't understand what it is. By the way, I would like to introduce https://badicecream.io/ |