Department of Pirates

Enabling Graphics for the BOINC daemon on Linux

When BOINC is installed on Linux as a system service (a "daemon") you need to give the 'boinc' user explicit permission to display graphics on your screen. This page describes the proceedure for doing so.


Last modified: 3 March 2010
The X Window system used by Linux has strict security settings which prevent one user from displaying a window on the screen of another user. This is good under normal circumstances, but it prevents BOINC, when running as a system service (a Unix "daemon"), from displaying the graphics created by a running BOINC application. This page tells you how you can grant permission to the 'boinc' user to display such graphics on your window display.

In what follows % represents the command prompt for a non-privledged user (like your own user account, or the 'boinc' account), while # represents the command prompt for the 'root' user. In either case, you don't type it. Just type the command which follows the prompt.

  1. Log in to your personal account (the one you want to be able to view the graphics) and open a command shell. Extract the authentication token for your primary X Windows display with the command:
    % xauth extract /tmp/XKEY $DISPLAY
  2. Make sure the file /tmp/XKEY can be read by the 'boinc' user:
    % chmod +r /tmp/XKEY
  3. Change to the 'boinc' account for the next step. If you have given the 'boinc' account a password then you can use the su command directly:
    % su - boinc Password: %
    Or you can log out and log in as 'boinc'. If you have not given the 'boinc' account a password then you have to first become 'root' and then 'su' to the 'boinc' account:
    % su Password: # su - boinc %
  4. Import the authenticication token from the XKEY file with the command:
    % xauth merge /tmp/XKEY
    This allows a program running as the 'boinc' user to create a window on the display owned by your own user account (the display associated with the token in the XKEY file).
  5. Exit the command shell which runs as the 'boinc' user (with the `exit` command -- twice if you had to become 'root' first). Then delete the intermediate file /tmp/XKEY, so that nobody else can use it to access your display.
    % rm /tmp/XKEY
    Only the user who created this file can delete this file.
  6. You will need to stop and restart the 'boinc' daemon for this change to take effect. But after that, you will always be able to use the "show graphics" button. Unfortunately, you will have to go through this whole procedure again whenever you reboot the computer.
It may be possible to write a script to do these steps for a user, but it would still need to prompt for the appropriate passwords.

The "right" way to do this someday is to have the BOINC Manager run the xauth extract command to extract the authentication token to a temporary file, then pass an RPC to the boinc_client telling it where the file is so that it can run the xauth merge command. This will hopefully be incorporated into the BOINC software in a future release. [an error occurred while processing this directive]