Sux is a wrapper around the standard su command which will transfer your X
credentials to the target user. Sux is released under the terms of the X11
license.
Here's a short description of sux's features, mostly taken from an email
I sent to the debian-devel mailing list (see the thread).
I should probably transform this into a man page one day... (unless some
kind soul does it for me, hint, hint).
- 'sux user' and 'sux - user' behave just like su but transfer
$DISPLAY and the X cookies.
- You can specify a command on the command line, even if it contains
spaces. This is likely to be buggy (double-quotes...) but should be
enough to let you type things like: sux - xterm -title "Root's XTerm"
- You can generate untrusted / temporary cookies for that user using
'--untrusted' and/or '--timeout xxx' (see xauth generate)
- If you symlink suxterm to sux, then 'suxterm - foo' will create a
new xterm for user foo (more precisely a new x-terminal-emulator with a
fallback on xterm for non Debian systems). This makes '--timeout' more
usable: the cookie will remain valid as long as this xterm is open. So
you could type 'suxterm --timeout 20 - foo' and the cookie will expire 20
seconds after the xterm has been closed (if no other X application uses
it). Note that it also means you have 20 seconds to type your password.
Also it's equivalent to 'sux --timeout 20 - foo xterm', but the script
could be modified to have a timeout by default... (Inspired by Daniel
Martin).
- You can use the su '--preserve-environment' option. In that case sux
will override XAUTHORITY to the so that xauth does not try to use the
original user's .Xauthority file (which it obviously could not
do anyway due to access rights).
- sux should work even for those using csh. But I'm not using it myself
so I could not check. Let me know if there's a problem.
- you can choose how to transfer the X credentials:
- --no-cookies
Just transfer DISPLAY, not the cookies. You could do this if you have
already transfered the cookies in a previous invocation of sux.
- --copy-cookies
Copy the cookies using xauth. This is the default method (and only
method most of the time).
- --use-xauthority
Instead of transfering the cookies, set the XAUTHORITY environment
variable to access the original .Xauthority file. There's a couple
caveats with this method. First, due to the access right issues
it's only usable by root. But even then it may not work if the
.Xauthority file is accessed via NFS, e.g. if the home directories
are on NFS (note that this is quite dangerous already since your
cookies will travel unencrypted over the network). Then, if root
runs commands like xauth add/remove, the .Xauthority's ownership
will belong to him. This will leave the original user in trouble as
he will no longer be able to access X! So only use this option with
great care. Finally, this method does not work if you also want to use
'--untrusted' or '--timeout'.
I set the default to '--copy-cookies' for all cases, but you can
easily change the default for root by changing the
sux_root_cookie_transfer variable at the top of the file.
- There's also a '--display' to specify which display to transfer in
case you have access to more than one...
|