problem starting gui app as different user from gnome launcher

NeverOddOrEven · 04-20-2012, 04:52 AM

Hi,
This is my first post ever. I hope I am in the right forum. If not,
my sincere apologies.

I'm trying to start a gui application (pgadmin3) from a gnome
launcher. Because the app needs to modify files that belong to user
postgres, I would like to run it as user postgres. So far I've had no
luck with any incantations I placed in the command field of the
launcher.

Code:

su -c 'pgadmin3' postgres

doesn't work because a) there is no terminal to input a password; and
b) user postgres does not have a set password (it is not a user that
would normally login).

Code:

sudo -u postgres pgadmin3

didn't work either. First I added an entry in the /etc/sudoers file to
bypass the need for a password; but then I ran into the problem that X
won't allow user postgres to start a gui app. In any case, I've read
that sudo is not safe to use with gui apps.

Code:

gksu -u postgres pgadmin3

didn't work because user postgres does not have a password.

Code:

gksudo -u postgres pgadmin3

didn't work because X won't allow user postgres to start a gui app.

Code:

gksudo pgadmin3

did successfully start the application; however any files subsequently
created by pgadmin3 were owned by root which causes permission problems
for all the other applications that need these files.

A script like so:

Code:

#!/bin/bash
xhost +local:local
gksudo -u postgres pgadmin3
xhost -local:local

does work but has the drawback that so long as its running any local,
possibly unauthorized, user can run X.

Finally I went off the deep end and wrote this:

Code:

#!/bin/bash 
# This grabs the X token from the current user's token file and puts it 
# in a target user's token file. Then it runs the target application.

# Set the target user and target application.
export TRG_USER=postgres
export TRG_PROG=pgadmin3

# Produce and store the path and name of the new token file for the
# target user. 
export FILE=`sudo su -c 'echo $HOME/temp_xauth' $TRG_USER`

# Get and store the X token for the current user. 
export TOKEN=`xauth -f $XAUTHORITY nextract - $DISPLAY`

# Create a command that does three things 
# a) It creates the token file for the target user. 
# b) It points the target user's XAUTHORITY environment variable to the
#    token file. 
# c) It runs the target application. 
export COMMAND=\ 
"sudo su -c '\ 
echo \""$TOKEN"\" | xauth -f "$FILE" nmerge -; \ 
export XAUTHORITY="$FILE"; "\ 
$TRG_PROG"' "\
$TRG_USER

# Run the command.
eval $COMMAND

Of course this doesn't work either because it contains all those "sudo"s
and "su"s.

Does anybody know whether there is an accepted way to do this? Any help
would be greatly appreciated.

Edward

pingu · 04-21-2012, 05:50 AM

You forgot one important thing: info about the distro & desktop you're running.
My first suggestion is to install 'sux', it's a wrapper around su that makes it possible to run GUI-apps as other user. (This is not necessary in all distros, in some just 'su' works fine.)
I have never used it just to launch a single app so I can't promise it'll work, easy to try though!

NeverOddOrEven · 04-23-2012, 11:13 PM

Thank you for your reply. I am using gnome 2.30.2 on debian squeeze. I will try sux and report on what I find.

Edward

NeverOddOrEven · 04-24-2012, 05:17 PM

Thanks so much -

Code:

gksudo sux - postgres pgadmin3

works like a charm.

NeverOddOrEven · 04-24-2012, 05:41 PM

Maybe I should be more complete in my report. On gnome 2.30.2 on debian squeeze:

Code:

sux - postgres pgadmin3

works from a terminal, but not from a gnome launcher.

Code:

gsudo sux - postgres pgadmin3

works from a terminal and a gnome launcher.

Code:

gksu sux - postgres pgadmin3

works from a terminal and a gnome launcher.