Context: launch a GUI application as a linux service. I considered making a headless daemon with a GUI front-end but there is too much code involved to do it now. This service must start on user login, it should be started in the user shell (file rights are important here). No interaction of root should be necessary (auto-install from a RPM). Plus the system (root) must be able to start and stop this service to perform maintenance tasks called by cron.
I manage to do it so far, but I have security question about it : does the following break some X server security once the user 'username' in logged ?
.xinitrc created in '/home/username', calling xhost before starting the windows manager
xhost + local:username exec $WINDOWMANAGER'/etc/sudoers' modified with a custom editor to add those lines
username localhost = NOPASSWD: /etc/init.d/my-daemon Defaults env_keep += "DISPLAY XAUTHORITY"service script '/etc/init.d/my-daemon'
#!/bin/bash DISPLAY=${DISPLAY:-:0.0} export DISPLAY=$DISPLAY gnomesu -u username -c 'my-gui-app-bin with-some-arguments'my-daemon service don't start on any level (DISPLAY not ready even on level 5)
chkconfig --del my-daemonautostart of the deamon via a .desktop file in '/etc/xdg/autostart/' and the following script
#!/bin/bash sudo /etc/init.d/my-daemon start
