• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Can’t start X11 applications after “su” or “su -” to another user

By admin

To get access to the X client applications such as system-config-date, xclock, vncviewer we need to export the DISPLAY settings of a remote host to the local server. This is commonly done using below commands.

# ssh root@remotehost

remotehost# export DISPLAY=x.x.x.x:y.y

Where x.x.x.x:y.y – is the display settings of the system from which you connected to the remote host.

You can also use the -X option with ssh to directly export the DISPLAY on the remote host.

# ssh -X root@remotehost

But now if you try to switch to another user on the remote system and export the display again, you would get and error – “Error: Can’t open display:”.

# ssh -X root@remotehost
# su - [username]
# export DISPLAY=x.x.x.x:y.y 
# xclock
Error: Can't open display: x.x.x.x:y.y

X11 forwarding for sudo users

Just setting the DISPLAY is not enough. X authentication is based on cookies, so it’s necessary to set the cookie used by the user that initiated the connection. The following procedure allows a sudo user to use the ssh based X11 tunnel:

1. Connect the remote host using the -X option with ssh.

# ssh -X root@remote-host

2. Now list the coockie set for the current user.

# xauth list $DISPLAY
node01.thegeekdiary.com/unix:10  MIT-MAGIC-COOKIE-1  dacbc5765ec54a1d7115a172147866aa
# echo $DSIPLAY
localhost:10.0

3. Switch to another user account using sudo. Add the cookie from the command output above to the sudo user.

# sudo su - [user]
# xauth add node01.thegeekdiary.com/unix:10  MIT-MAGIC-COOKIE-1  dacbc5765ec54a1d7115a172147866aa

4. Export the display from step 2 again for the sudo user. Try the command xclock to verify if the x client applications are working as expected.

# export DISPLAY=localhost:10.0
# xclock

Filed Under: Linux

Some more articles you might also be interested in …

  1. How to recover from deleted root entry in /etc/shadow and/or /etc/passwd files in CentOS / RHEL 6
  2. Beginners Guide to Tuning Profiles in CentOS/RHEL
  3. “Metadata File Does Not Match Checksum” Issue When Yum Installs or Updates Package
  4. “lsb_release: command not found” – Fix in CentOS/RHEL
  5. CentOS / RHEL : How To Shrink LVM Root File System
  6. LVM Commands Fail With “Failed to load config file /etc/lvm/lvm.conf”
  7. Beginners Guide to NFS in CentOS / RHEL
  8. How to Configure iSCSI Initiator and iSCSI Timeouts in CentOS/RHEL 7
  9. Troubleshooting slow network communication or Connection Timeouts in Linux
  10. Beginners guide to Apache HTTP Server – Installation and Configuration

You May Also Like

Primary Sidebar

Recent Posts

  • Oracle Database – Configuring Secure Application Roles
  • Extend rule sets by using factors in Oracle Database Vault
  • What are Command Rules in oracle Database
  • Using Rule Sets in Oracle Database Vault
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary