Split getting ans setting the cookie, and unset XAUTHORITY

[xudo.git] / xudo.sh

diff --git a/xudo.sh b/xudo.sh
index 5a2735a..2e34bae 100755 (executable)
--- a/xudo.sh
+++ b/xudo.sh
@@ -18,15 +18,13 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 

-# This is the equivalent of sux[1] but simpler and using sudo,
-# since I don't have su installed on some of my systems.
-#
+# This is the equivalent of sux[1] but simpler and using sudo.

 # [1] http://fgouget.free.fr/sux/
 
 set -e
 
 usage() {
 # [1] http://fgouget.free.fr/sux/
 
 set -e
 
 usage() {

-  echo "usage: $(basename $0) [OPTION]... <sudo_options>";
+  echo "usage: $(basename $0) [OPTION]... <sudo_options>"

   echo "Execute a command as another user, with access to the X display"
   echo
   echo "List of OPTIONs:"
   echo "Execute a command as another user, with access to the X display"
   echo
   echo "List of OPTIONs:"


@@ -72,9 +70,19 @@ id $USERNAME > /dev/null || { echo "Invalid user." 1>&2; exit 1; }
 
 [ "x$@" != "x" ] || { usage 1>&2; exit 1; }
 
 
 [ "x$@" != "x" ] || { usage 1>&2; exit 1; }
 

-# Authorize the user
-xauth extract - $DISPLAY | sudo -u "$USERNAME" xauth merge -
+
+# Get the authorization cookie from the current user.
+COOKIE="$(xauth nextract - $DISPLAY)"
+
+# XAUTHORITY needs to be unset now, so that the default $HOME/.Xauthority will
+# be used for the target user and not some locked auth file from the current
+# user.
+unset XAUTHORITY
+
+# Authorize the user.
+# Use "sudo -H" to cover the case when env_keep+="HOME" is set in /etc/sudoers
+echo "$COOKIE" | sudo -H -u "$USERNAME" xauth nmerge -

 
 # Execute the command.
 
 # Execute the command.

-# NOTE: -i or -s have to be passed in order to open a shell
+# NOTE: -i or -s can be passed in order to open a shell

 sudo DISPLAY="$DISPLAY" -u "$USERNAME" "$@"
 sudo DISPLAY="$DISPLAY" -u "$USERNAME" "$@"