Skip to content

Instantly share code, notes, and snippets.

@shundhammer

shundhammer/x-prog-root.md

Last active June 5, 2025 12:11
Show Gist options
  • Save shundhammer/201ce912e10f0758122979961168a093 to your computer and use it in GitHub Desktop.
Save shundhammer/201ce912e10f0758122979961168a093 to your computer and use it in GitHub Desktop.
Download ZIP
Running an X Program with Root Privileges
Raw
x-prog-root.md

Running an X Program with Root Privileges

xdg-su

This will ask for the root password:

[Desktop Entry]
Type=Application
Name=Myrlyn
Exec=xdg-su -c /usr/bin/myrlyn

sudo (dirty)

This opens the X11 connection (your display) to everybody in the local network, so use this only in a home network behind a DSL router with nobody else in that network.

Works only with the NOPASSWD parameter in /etc/sudoers

This uses the sudo configuration in /etc/sudoers. For SLES 16.0 / Leap 16.0, this will ask the password of the current user (like in Debian / Ubuntu since forever); in SLE-15 / Leap 15.x, it will ask for the root password (because we have Defaults: !targetpw in /etc/sudoers there).

There are rules in /etc/sudoers that grant the wheel group (see /etc/group) root privileges.

To be confirmed: In 16.0, the first user account created during installaton is automatically added to the wheel group, so that user account gets those privileges; no root password needed.

[Desktop Entry]
Type=Application
Name=Myrlyn
Exec=sh -c "xhost +; sudo /usr/bin/myrlyn"

sudo (clean)

Works only with the NOPASSWD parameter in /etc/sudoers

Same as in section sudo (dirty): No root password needed, first user gets root privileges via the membership in the wheel group.

[Desktop Entry]
Type=Application
Name=Myrlyn
Exec=sh -c "sudo -E DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY /usr/bin/myrlyn"

This works only if $XAUTHORITY is set, i.e. in a local shell on your local desktop, not for ssh -X, but that should be good enough. This is also why the whole command needs to be embedded into a separate shell (sh -c); otherwise the .desktop file would only fork and exec the command without a shell around it, and assigning the environment variables wouldn't work.

Alternatively to keep the Qt configuration set with qt6ct:

Exec=sh -c "sudo -E DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY QT_QPA_PLATFORMTHEME=$QT_QPA_PLATFORMTHEME /usr/bin/myrlyn"

pkexec

This also asks for the root password:

[Desktop Entry]
Type=Application
Name=Myrlyn
Exec=pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY /usr/bin/myrlyn

Alternatively to keep the Qt configuration set with qt6ct:

Exec=pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY QT_QPA_PLATFORMTHEME=$QT_QPA_PLATFORMTHEME  /usr/bin/myrlyn

Research needed: Can this also somehow use the wheel group if the user is a member?

Reference

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment