Gtk Warning: cannot open display: :0 (for local user!)

Michael P asked:

I know there is a bunch of similar questions around but they are all about a X-Forewarding and SSH sessions.

I got this problem with a local user which is privileged for a specific script…

The Problem

Under ubuntu 16.04 I want a specific user guest to be able to run one specific script /usr/sbin/test.sh with root privileges (the script make some system settings and mounts for example).

Settings

I extend the /etc/sudoers file with the following line:

guest   ALL = NOPASSWD: /usr/sbin/test.sh

guest is not in the sudo group ! (<– guess this is the problem)

The Script

For sake of simplicity:

#!/bin/bash

zenity --info --text="Testing Sudo X"

The runs fine if executed with sudo /usr/sbin/test.sh from a member of the sudo-group or if there are no dialogues to show (means: making text and operations in a terminal window works without problems).

If guest logs in (via greeter) and start a new gnome-terminal in unity to execute sudo /usr/sbin/test.sh it fails with the (hope german is ok) error:

No protocol specified
Failed to connect to Mir: Failed to connect to server socket: Datei oder Verzeichnis nicht gefunden
Unable to init server: Verbindung ist gescheitert: Verbindungsaufbau abgelehnt

(zenity:19225): Gtk-WARNING **: cannot open display: :0

I tried….

• exporting the $DISPLAY variable before or in the test.sh
• cp the .Xauthority from anothers /home/user/ to my guest
• generate a xauth cookie with xauth add from a xauth list of another user
• add Defaults env_keep += "DISPLAY" in /etc/sudoers

Question / Conclusion

None of this worked. I suppose that debugging things on guest would generally not help because the command runs with sudo. So I need to find a way to give guest a permission for the $DISPLAY or .Xauthority of sudo just for this single command.

Defaults env_keep += "DISPLAY"