SUMMARY: Inherit ssh X-tunnel with su

From: Harald Husemann <>
Date: Fri Jan 30 2004 - 08:24:06 EST

thanks to:

Scott M. Sorrentino <>
Pavic, Aleksander <>
Perrier Kent <>
Toens Bueker <>

Kevin Enslow <>

and especially to Casper Dik <>

for their fast and good answers!

The solution is basically simple, Casper explained it as follows (Very
good explanation, so I include the message herein):

Yes, you need to do one of two things:

        copy the X authentication cookie to the other user's $XAUTHORITY

        set $XAUTHORITY to the orginal user's ~/.Xauthority

note that the latter will only work if the other user can read the file;
generally that is not the case; only for root and then only if the home
directory is not on NFS

Some others suggested to use "sudo" or "su -c", which also works. 
I think I'll have to do a little scripting work to automate Casper's
solution (Unfortunately, we're using NFS for the home-dirs - so, getting
the .Xauthority file copied to the new users home-dir was a little bit
complicated, :-))

But, finally I got it working, thanks to all on the list for reading,
and for the good, fast and reliable answers!

Have a nice hackin',


On Fri, 2004-01-30 at 10:22, Harald Husemann wrote:
> Hi folks,
> I use ssh to connect our servers, 'cause it's more secure than telnet. I
> can start X-applications on the server, with the output forwarded over
> the ssh-tunnel to the X-server running on my client.
> It works perfectly well, but unfortunately, when I use "su" to become
> root or any other user, the tunnel gets broken.
> The error-message is:
> ==================/snip/====================================
>  X11 connection rejected because of wrong authentication.
> X connection to xxx:10.0 broken (explicit kill or server shutdown).
> =====================/snap/=================================
> Hm... At the moment, I allow direct root-login via ssh, but first of
> all, this is a bit insecure, and it does not solve the problem of
> starting X-applications as other users, since often I don't know their
> passwords (of course).
> So, the main question is:
> Is there a way to "inherit" the X11-tunnel to a subshell??
> Thanks,
> will summarize,
> Harald
Harald Husemann
Systems Engineer
Teammanager Unix administration and Configuration Management
Materna Gmbh - Vo_kuhle 37 -
D-44141 Dortmund, Germany
Phone:  +49-231-5599-8684
sunmanagers mailing list
Received on Fri Jan 30 08:23:57 2004

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:26 EST