Linux X11 Forwarding with SU Switch User

Over the years access is often granted to one of the administrative users and then once we are on the server we have to switch user to another account to do the technical services work. This creates a problem with X11 Forwarding and so this is one work around to the problem. X authentication is based on cookies. So the secondary account needs to have access to the same cookies as the original login user.

Here is a nice easy way to do this.  This was done on an AIX 7.1 server:

Before you issue the su or sudo, request the xauth cookies and look for the current DISPLAY that’s connecting to your X server:

$ xauth list
You’ll get something like

somehost.somedomain:10 mit-magic-cookie-1 4d22408a71a55b41ccd1657d377923ae

Then, execute a switch user (su) and add the cookie to that user:

$ xauth add somehost.somedomain:10 MIT-MAGIC-COOKIE-1 4d22408a71a55b41ccd1657d377923ae

(just copy’n-paste the output of the above ‘xauth list’ onto ‘xauth add’) That’s it. Now, you _should_ be able to start any X application.