#!/bin/bash
#Run a program as a safe user with X privileges

#Requires sudoers to have
#Defaults:%users  env_keep=DISPLAY
#where %users is the group that is allowed to have the DISPLAY environment variable
#otherwise can't keep DISPLAY environment variable

#You can also add:
#you  ALL=(safe) NOPASSWD: ALL
#where you is your user (or group) and safe is the graphics account
#so it can be used without a password

#-H is required so the other user will find their copy of the .Xauthority file
#Place your user in the next line (make sure the name is simple)
USR="safe"
CMD=( "sudo" "-H" "-u" "${USR}" "--" )

#Securely copy .Xauthority file over
< ~/.Xauthority "${CMD[@]}" bash -c "umask 0077 ; cat > ~${USR}/.Xauthority" #USR not properly escaped

#Run normally
"${CMD[@]}" "$@"