Executing script to affect non-root x session as root

Question

From anther tty I can run

DISPLAY=:0 notify-send hullo

and see the message in my toothrot session. But if I log in as root, this doesn't work. Nor does

USER=toothrot DISPLAY=:0 notify-send hullo

How do I make it work from root?

I need this because I want to create a udev rule that affects my x session. Using Arch.

Usually an authorization issue, see man xauth. But I promise you a world of pain if you try to write a udev rule that affects your X session. Don't do that, try to find a proper solution, if necessary in layers, using a dbus interface, or whatever. (What should happen if there's no X session? What if there are two or more X sessions?). — dirkt, Mar 01 '17 at 17:29
@dirkt, I don't know why that wouldn't be 'proper'? All I want to do is update my keyboard layout when my external keyboard is attached to and removed from my laptop. — Toothrot, Mar 01 '17 at 17:39

mviereck · Answer 1 · 2017-03-01T22:58:10.160

0

X can have two ways of authorizing clients. One way is using cookies; then you have to set DISPLAY=:0 and XAUTHORITY=/home/yourusername/.Xauthority.

In your case I assume it is done with xhost, otherwise setting DISPLAY would not be enough. Type xhost to see who is authorized.

Maybe you have an ~/.Xauthority cookie along with xhost +SI:localuser:toothrot authorization.

You can allow root to access display :0 with DISPLAY=:0 xhost +SI:localuser:root, but you have to do it as normal user. Using the cookie is the better way:

DISPLAY=:0 XAUTHORITY=/home/toothrot/.Xauthority notify-send hullo

To execute notify-send as user:

su toothrot -c 'DISPLAY=:0 XAUTHORITY=/home/toothrot/.Xauthority notify-send hullo'

edited Mar 01 '17 at 22:58

answered Mar 01 '17 at 17:59

mviereck

2,467

I have the cookie, but this still doesn't work for me. – Toothrot Mar 01 '17 at 18:39
In my case, a test with xterm works. notify-send seems not work at all on my system, so I can't check if there is a difference. Does it work with xterm for you? – mviereck Mar 01 '17 at 20:01
I don't think it depends on the emulator? Anyway, I need it to work for a script called by a udev rule. – Toothrot Mar 01 '17 at 20:26
What I mean: Does DISPLAY=:0 XAUTHORITY=/home/toothrot/.Xauthority xterm work? – mviereck Mar 01 '17 at 20:58
Now it works with xclock (I don't have xterm). Thanks! – Toothrot Mar 01 '17 at 21:25
That's fine! You can make a try with su for notify-send: su toothrot -c 'DISPLAY=:0 XAUTHORITY=/home/toothrot/.Xauthority notify-send hullo' – mviereck Mar 01 '17 at 22:56
This works if DBUS_SESSION_BUS_ADDRESS is supplied. XAUTHORITY is unnecessary. – Toothrot Mar 02 '17 at 13:44

score 0 · Answer 2 · answered May 02 '20 at 18:07

Presumably you solved your issue long ago, but for the sake of completion a general solution is (adapted from here):

$ my_user="toothrot"
$ my_user_id=$(more /etc/passwd | awk -F: '/^'${my_user}':/ {print $3}')
$ sudo -u $my_user DISPLAY=':0' DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/${my_user_id}/bus /usr/bin/notify-send "hullo"

If you have several displays of screen sessions, your mileage may vary as far as DISPLAY=":0" is concerned in the above. That'd be for a different post though.

score 0 · Answer 3 · answered Jun 22 '20 at 06:08

The above answers are kind of crufty, and don't work cleanly for multiple users or multiple displays. There could be a privilege escalation attack if a user symlinks ~/.Xauthority to a protected file. An alternative might be to forget udev entirely and instead use uudev, which runs as non-root in your own X session. You just set up a ~/.config/uudev.conf file that contains:

* ACTION="bind", DRIVER="whatever", ...
notify-send hullo

If you run systemctl --user restart uudev from within your ~/.xsession or ~/.xinitrc file, then notify-send will just get run with the appropriate DISPLAY and XAUTHORITY variables already set.

Executing script to affect non-root x session as root

3 Answers3