X11Forwarding and sudo -u

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Anyone using ssh with sudo -u?

I'm tasked with trying to make X11Forwarding work when

      originaluser$  sudo -u someotheruser ssh -X -v somewherelse

is at play.  (Actually, I'm not doing -u but have a runas_default set
to someotheruser that essentially does the same thing.)

The difficulty is that--by default--the environment for someotheruser
on the originating workstation will lack DISPLAY, and the .Xauthority
file you'd want clients to use is at ~originaluser/.Xauthority and not
at ~someotheruser/.Xauthority.

Curious how anyone else has solved this.

My best plan thus far from RTFM, would involve sudo -i to let the
DISPLAY variable be preserved/set for someotheruser, and then perhaps
copying the originaluser/.Xauthority file somewhere readable by
someotheruser and setting XAUTHORITY to point to that file on the sudo
command line... or by somehow opening group read for it (a dynamic
group that just had original user and someotheruser in it I guess
would be ideal, but I've never implemented it):

        sudo env XAUTHORITY=$SUDO_USER/.Xauthority -u someotheruser  -X

with this addition to sudoers?

     Defaults env_keep+="XAUTHORITY DISPLAY"

Hopefully someone who's tackled this is lurking with a tested
solution.  :-)   Thanks for any help you might muster.

Site Timeline