Description of problem:
unable to open graphical applications using sudo
Version-Release number of selected component (if applicable):
- latest BETA packages as of Feb 6th
- 100% in-house and by customer
Steps to Reproduce:
1. open gnome-terminal from applications menu
2. 'sudo gnome-terminal'
3. observe error
No protocol specified
Unable to init server: could not connect: connection refused
# Failed to parse arguments: Cannot open display
application opens under sudo context
vbenes@localhost:~$ sudo gnome-terminal
# watch_fast: "/org/gnome/terminal/legacy/" (establishing: 0, active: 0)
# unwatch_fast: "/org/gnome/terminal/legacy/" (active: 0, establishing: 1)
# watch_established: "/org/gnome/terminal/legacy/" (establishing: 0)
works for me I see root gnome-terminal opened.
Wow do you run your user session, how does your sudo perms look like?
As my test user:
[test@localhost ~]$ groups
sudo allows me to run commands requiring elevated permissions, such as subscription-manager, but will not allow me to run GUI applications at all> using firefox in the following example
[test@localhost ~]$ sudo firefox
Failed to open connection to "session" message bus: /usr/bin/dbus-launch terminated abnormally with the following error: No protocol specified
Autolaunch error: X11 initialization not found
Running without ally support!
No protocol specified
Unable to init server: Could not connect: Connection refused
Error: cannot open display :0
Attached screenshot 'sudo_fail.png' as a private attachment
See Bug 1274451 for the discussion on this, short summary from comment 33 there: "there are currently no plans to support running graphical apps with sudo under Wayland, and it seems quite unlikely that this will change anytime soon". I'm closing this bug because this is explicit and desired upstream behaviour.
fwiw, the underlying issue is that Xwayland as started by the compositor does not set an Xauthority file, so it's restricted to just the user by default. You can work around this by permitting other users to connect to that with the commands below:
$ xhost si:localuser:root
and to remove the access again
$ xhost -si:localuser:root
Where the last entry is obviously the user's name.
This will only work for X applications, not for native Wayland applications.
Please note that while "sudo gnome-calculator" does not work for the reasons explained in comment 5, exporting the environment will avoit the issue so "sudo -E gnome-calculator" works and allows to run the application as root under Wayland natively without relying on Xwayland and the Xauthority.
I have updated the doc text content. Please review it and provide your feedback.