Running ssh tunneled X clients after su

When you ssh to a machine and then run an X client, the authentication is based on having a valid entry in your ~/.XAuthority file, which your ssh client intializes automatically if you run ssh with -X or -Y. But if you su to be another user, that authorization cannot be found, and the X client initiailization will fail.

To manage this situation, I wrote a pair of scripts and aliases. X.auth_save saves the authentication away to /tmp:

  
#!/bin/bash
. X.auth_saved.inc
auth=`xauth -f $HOME/.Xauthority list | tail -1`
echo $auth > $x_auth_saved
chmod 777    $x_auth_saved
echo "Saved X authority $auth to $x_auth_saved"

Restore as a new user with X.auth_restore:

#!/bin/bash
. X.auth_saved.inc
if [ -r $x_auth_saved ]; then
        echo "OK found \"$x_auth_saved\"" 1>&2
else
        echo "FAIL could not find \"$x_auth_saved\"" 1>&2
        exit 1
fi
auth=`cat $x_auth_saved`
echo "Restored X authority $auth from $x_auth_saved"
touch $HOME/.Xauthority
if ! xauth add $auth; then
        echo "FAIL: xauth add $auth failed, exiting..." 1>&2
        exit 1
else
        echo "OK xauth add $auth"
fi

Lastly track the shared file variable name in X.auth_saved.inc:

x_auth_saved=/tmp/X.auth_saved

Since the names are unwieldy, I aliased them to xas and xar:

alias xas=X.auth_save
alias xar=X.auth_restore