Ubuntu
sudo package

X applications won't run under sudo

Bug #370607 reported by whitis
58
This bug affects 11 people
Affects Status Importance Assigned to Milestone
sudo (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: sudo

Using the default configuration supplied by ubuntu 9.04 (except changed logfile), X applications do not run correctly under "sudo" or "sudu -E"

whitis@cervantes:/tmp$ sudo glxgears
No protocol specified
Error: couldn't open display :0.0
whitis@cervantes:/tmp$ sudo update-manager
No protocol specified
/var/lib/python-support/python2.6/gtk-2.0/gtk/__init__.py:72: GtkWarning: could not open display
  warnings.warn(str(e), _gtk.Warning)
No protocol specified
Traceback (most recent call last):
  File "/usr/bin/update-manager", line 44, in <module>
    gtk.init_check()
RuntimeError: could not open display
whitis@cervantes:/tmp$ sudo k3b
Error: "/tmp/kde-whitis" is owned by uid 1000 instead of uid 0.
Error: "/tmp/ksocket-whitis" is owned by uid 1000 instead of uid 0.
Error: "/tmp/ksocket-whitis" is owned by uid 1000 instead of uid 0.
No protocol specified
kdeinit: Can't connect to the X Server.
kdeinit: Might not terminate at end of session.
Error: "/tmp/kde-whitis" is owned by uid 1000 instead of uid 0.
No protocol specified
kded: cannot connect to X server :0.0
DCOP aborting call from 'anonymous-14296' to 'kded'
No protocol specified
k3b: cannot connect to X server :0.0
DCOP aborting call from 'anonymous-14279' to 'k3b'
whitis@cervantes:/tmp$ sudo printenv XAUTHORITY
/home/whitis/.Xauthority
whitis@cervantes:/tmp$ sudo printenv DISPLAY
:0.0
whitis@cervantes:/tmp$ printenv DISPLAY
:0.0
whitis@cervantes:/tmp$ sudo leafpad /etc/passwd
No protocol specified
leafpad: Cannot open display:
whitis@cervantes:/tmp$ sudo hexdump -C $XAUTHORITY
*works*
whitis@cervantes:/tmp$ sudo xhost +root #needs to run as non-root user, anyway
No protocol specified
xhost: unable to open display ":0.0"

su has the same problem.

/usr/bin/startx is identical to the version on my old debian system which did not have this problem.
changing DISPLAY to unix:0.0 doesn't help. gksudo fails in the same way. emacs falls back on its curses environment when it can't open the display.

xhost +root fails (claims root is an invalid hostname even though manpage says this is valid). xhost +root@ succeeds but doesn't fix problem. xhost +root@localhost succeeds but doesn't fix problem even if you use DISPLAY=localhost:0.0. xhost +cervantes, xhost +cervantes/unix, xhost root@cervantes don't fix the problem.

/home/whitis/.[a-zA-Z]* were copied from previous install, but the default dotfiles installed by ubuntu didn't contain xhost or xauth.

Since root has access to ~/.Xauthority, I didn't try the "xauth extract - $DISPLAY | ssh ... " method, and copying ~/.Xauthority to /root/.Xauthority didn't help, anyway.

X is sstarted with -auth /var/lib/gdm/:0.Xauth by gdm. There is no kerberos line in ~/.Xauthority.

None of the usual fixes seem to work. Except for "xhost +" which is a really bad idea.

xhost +local:root does work. Not that the man page will tell you this.

This may be an X problem, not a sudo problem, but to the average user it will appear to be a sudo problem since ubuntu encourages people to use sudo rather than run as root. And other distributions do whatever setup is required to make this work.

ProblemType: Bug
Architecture: amd64
DistroRelease: Ubuntu 9.04
NonfreeKernelModules: nvidia
Package: sudo 1.6.9p17-1ubuntu3
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: sudo
Uname: Linux 2.6.28-11-generic x86_64

Revision history for this message
whitis (whitis) wrote :
Revision history for this message
Dave Gilbert (ubuntu-treblig) wrote :

Hi,
  Hmm - X apps seem to work OK for me under sudo on Jaunty - including KDE apps like konsole and the glxgears you show.

(I'm in a Gnome session).

Dave

Revision history for this message
Kemotaha (kemotaha) wrote :

I can confirm in a gnome session. I have upgraded from the previous versions and whenever I log out and log back in, I am unable to launch any X windows with sudo.

After I run xhost + it will work.

Revision history for this message
Martin Pitt (pitti) wrote :

I can run X apps with sudo just fine (9.04 and current 9.10). Can you please do

  sudo ltrace -o /tmp/trace xdpyinfo

and attach /tmp/trace here?

Changed in sudo (Ubuntu):
status: New → Incomplete
Revision history for this message
Kemotaha (kemotaha) wrote :

Here is the output

Revision history for this message
Kemotaha (kemotaha) wrote :

Here is the output after I run xhost +

Revision history for this message
Martin Pitt (pitti) wrote :

So without xhost you get

  XOpenDisplay(NULL) = NULL

This is usually what happens if you do

  DISPLAY= ltrace xdpyinfo

However, $DISPLAY is correct here. Can you test whether "xauth list" and "sudo xauth list" show the same values, or if the ones from sudo xauth are missing?

Revision history for this message
Kemotaha (kemotaha) wrote :

They look the same to me:

user@tux:~$ xauth list
tux.local/unix:0 MIT-MAGIC-COOKIE-1 53ab03821d838c063f1530b2b4e13edc
localhost.localdomain/unix:0 MIT-MAGIC-COOKIE-1 68e39d562288e119824533917ea35f64
tux.local:0 MIT-MAGIC-COOKIE-1 68e39d562288e119824533917ea35f64
tux.local:0 MIT-MAGIC-COOKIE-1 68e39d562288e119824533917ea35f64
tux.local:0 MIT-MAGIC-COOKIE-1 68e39d562288e119824533917ea35f64
user@tux:~$ sudo xauth list
tux.local/unix:0 MIT-MAGIC-COOKIE-1 53ab03821d838c063f1530b2b4e13edc
localhost.localdomain/unix:0 MIT-MAGIC-COOKIE-1 68e39d562288e119824533917ea35f64
tux.local:0 MIT-MAGIC-COOKIE-1 68e39d562288e119824533917ea35f64
tux.local:0 MIT-MAGIC-COOKIE-1 68e39d562288e119824533917ea35f64
tux.local:0 MIT-MAGIC-COOKIE-1 68e39d562288e119824533917ea35f64

Revision history for this message
Kemotaha (kemotaha) wrote :

It is the same output after I run xhost+ as well.

Revision history for this message
Martin Pitt (pitti) wrote :

Hm, it seems sudo does its part correctly. Bryce, any idea what else could go wrong here?

Changed in sudo (Ubuntu):
status: Incomplete → New
Revision history for this message
Bryce Harrington (bryce) wrote :

It also works fine for me...

bryce@chideok:/etc/gdm$ sudo glxgears
Running synchronized to the vertical refresh. The framerate should be
approximately the same as the monitor refresh rate.
13834 frames in 5.0 seconds = 2766.745 FPS

I would first check gdm.conf against a stock config. I've attached my own, which is not stock but is known-good so should serve as a reference. There are settings in that file that can affect whether X applications are allowed to be run by other users.

Next I would check what options are being specified on the X binary. Here's mine:

  /usr/X11R6/bin/X :0 -br -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten tcp vt7

In particular -nolisten is of note if you're trying to run X apps while logged into the system non-locally. If using ssh, then the -X flag would be of use there.

Anyway, based on past experience my guess here is not that it's a bug in how X is working but rather is some stray security configuration setting.

Revision history for this message
starchild7778 (starchild7778) wrote :

I would like to add that I do not receive the error "gtk warning . . . cannot open display :0.0" if I stop networking. The error only occurs when networking is started. I also do not have this problem when using "kdesudo" whether in a Gnome session or KDE4 session.

Revision history for this message
Thomas Zehetbauer (realborg) wrote :

same problem here when using sudo -H bash and trying to start a graphical application; ~root/.Xauthority does not get updated anymore. problem seems to be that pam_xauth does no longer get the correct id for the requesting user

pam_xauth(sudo:session): requesting user 0/0, target user 0/0

Revision history for this message
somjate (mailjune) wrote :

found this bugs with kubuntu 11.04beta2! and this case no found with ubuntu 11.04beta2

use this command and any command with "sudo"

sudo xrandr
No protocol specified
Can't open display :0

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in sudo (Ubuntu):
status: New → Confirmed
Revision history for this message
Grigory Rechistov (atakua) wrote :

Reproduced on Kubuntu 13.04 alpha2.

Running kdesudo, sudo, or becoming root other way, then setting DISPLAY to :0 won't allow to start X applications as a root until xhost +local:root command is issued.

Revision history for this message
Rolf Leggewie (r0lf) wrote :

JFTR, graphical applications shouldn't be started via sudo but gksudo instead -> bug 1373495

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.