sudo cmd comes back with error "The installer is unable to run in graphical mode"

[webo]

Using suse SLES 2.6.16.21-0.8

Administering sudo to execute a proprietory installer written in Java Swing for our app.

Is this a sudo error or ssh error?
I am able to bring up the installer when logged in as "root "
Also I can bring up the installer when logged in as user without using sudo
Only when the user does a sudo cmd to invoke the installer it fails !!

Can someone please throw some light on what is the root cause for this behaviour??? Thanks in Advance
----------------------------------------------------------------------
The settings in /etc/ssh/sshd_config has the foll 2 enabled the rest being defaults
X11Forwarding yes
X11UseLocalhost yes

Using a Linux client (or with Win client with cygwin XServer running) to connect to the server via ssh with X11 forwarding enabled to bring up graphical display of the installer . All the users are part of a group SUPPORT.

The entries in /etc/sudoers are as follows;

# Used User Alias for all the users instead of using group
#User_Alias REMOTE= Bob, Nick, Mary

# enable access to both src dir and target dir , note the esc "\" before the ":"
Cmnd_Alias DOIT=/tmp/dload/installer.bin -is\:javahome /usr/java/j2sdk1.4.2_13, /tmp/dload/*, /usr/app[AB]*
Cmnd_Alias SU= /bin/su -, /bin/su "", /bin/su root # disable su to root
Cmnd_Alias SCP=/usr/bin/scp *root* # Disable scp as root

Defaults always_set_home
Defaults env_reset

%SUPPORT ALL=(root) DOIT, !SU, !SCP
#%wheel ALL=(root) DOIT, !SU, !SCP
#REMOTE ALL=(root) DOIT, !SU, !SCP
----------------------------------------------------------------------
I tried using the wheel group and also tried assigning aliases to the users rather than using the group. Is my sudo Cmnd_Alias DOIT correct since the argument has space and ":" in it. I escaped the colon with a backslash, for arguments with whitespace in it do I have to escape it??
I have allowed access to both the source dir /tmp/dload/*, and the destn dir /usr/app[AB]*


When the user tries to sudo the cmds they get the foll error;
suse1#> sudo -u root -b /tmp/dload/installer.bin -is:javahome /usr/java/j2sdk1.4.2_13
"
InstallShield Wizard
Initializing InstallShield Wizard...

Searching for Java™ Virtual Machine...
........The installer is unable to run in graphical mode. Try running the installer with the -console or -silent flag.
"
----------------------------------------------------------------------
When run with strace I get the foll error;( copied only the last few lines)
suse1#> strace sudo -u root -b /tmp/dload/installer.bin -is:javahome /usr/java/j2sdk1.4.2_13

geteuid() = 5001
write(2, "sudo: ", 6sudo: ) = 6
write(2, "must be setuid root", 19must be setuid root) = 19
write(2, "\n", 1
) = 1
exit_group(1) = ?
Process 13640 detached
----------------------------------------------------------------------

The default settings for sudo on my server:
suse1:/usr/java # sudo -V
Sudo version 1.6.8p12

Authentication methods: 'pam'
Syslog facility if syslog is being used for logging: auth
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert
Ignore '.' in $PATH
Send mail if the user is not in sudoers
Use a separate timestamp for each user/tty combo
Lecture user the first time they run sudo
Require users to authenticate by default
Root may run sudo
Set $HOME to the target user when starting a shell with -s
Allow some information gathering to give useful error messages
Visudo will honor the EDITOR environment variable
Set the LOGNAME and USER environment variables
Length at which to wrap log file lines (0 for no wrap): 80
Authentication timestamp timeout: 5 minutes
Password prompt timeout: 5 minutes
Number of tries to enter a password: 3
Umask to use or 0777 to use user's: 022
Path to mail program: /usr/sbin/sendmail
Flags for mail program: -t
Address to send mail to: root
Subject line for mail messages: *** SECURITY information for %h ***
Incorrect password message: Sorry, try again.
Path to authentication timestamp dir: /var/run/sudo
Default password prompt: %p's password:
Default user to run commands as: root
Path to the editor for use by visudo: /usr/bin/vi
When to require a password for 'list' pseudocommand: any
When to require a password for 'verify' pseudocommand: all
File containing dummy exec functions: /usr/lib/sudo/sudo_noexec.so
Environment variables to check for sanity:
LANGUAGE
LANG
LC_*
Environment variables to remove:
PERL5OPT
PERL5LIB
PERLLIB
JAVA_TOOL_OPTIONS
SHELLOPTS
PS4
BASH_ENV
ENV
TERMCAP
TERMPATH
TERMINFO_DIRS
TERMINFO
_RLD*
LD_*
PATH_LOCALE
NLSPATH
HOSTALIASES
RES_OPTIONS
LOCALDOMAIN
CDPATH
IFS

[webo]

#I did
ssh -X joe@hostname
# Gain root privileges,
su -
# and merge the Xauth information to the root's list
xauth merge /home/joe/.Xauthority

Now when i do a xauth list for the root and the user in their own separate shells they both show 2 identical entries;
hostname/unix:10 MIT-MAGIC-COOKIE-1 hexcode1
hostname/unix:11 MIT-MAGIC-COOKIE-1 hexcode2

but when I su to root from the user (joe) account and then do an xauth list I get only one entry (unix:10 )and not 2
#xauth list
hostname/unix:10 MIT-MAGIC-COOKIE-1 hexcode1 <<<<<<<<<<<

so from this su'ed shell when I do an echo $DISPLAY I get
# echo $DISPLAY
localhost:10.0
When I enable the wheel group (the select users are also part of wheel grp) in the sudoers file
%wheel ALL=(ALL) ALL

and try the sudo cmd it still has the same "cannot display in graphical mode" error. This tells me there is something wrong with the display when cmds are executed from sudo. it all boils down to either DISPLAY privileges not getting propagated to the sudo or some env setting in sudo that needs to be tweaked.
Does anyone have some inputs to guide me here??