Xhost

From ArchWiki


From Xhost man page (boldface added):

The xhost program is used to add and delete host names or user names to the list allowed to make connections to the X server. In the case of hosts, this provides a rudimentary form of privacy control and security. It is only sufficient for a workstation (single user) environment, although it does limit the worst abuses. Environments which require more sophisticated measures should implement the user-based mechanism or use the hooks in the protocol for passing other authentication data to the server.

See xhost(1) for the full info.

Installation

Install the xorg-xhost package.

Usage

Warning: This command grants any local user access to your X screen. That might be OK for a single-user machine, but usually not for a multi-user system. If you want to grant root access to your X screen, it is preferable to set the $XAUTHORITY environment variable. This variable is kept by sudo and su by default (but not su -).

To provide access to an application running with sudo or su to the graphical server (aka your X session aka your computer screen), open a terminal and type as your normal user:

$ xhost +SI:localuser:username 

To get things back to normal, with controlled access to the X screen:

$ xhost -

xhost + will disable X authentication entirely. Do not do that unless you really know what are you doing.

The 'cannot connect to X server :0.0' output

Warning: This command disables access control, meaning that any user on the system, or on your network if X is listening on the network, has access to your $DISPLAY without any authentication. This opens a security hole on your system that allows other users to launch applications (including key loggers) on your X server.

The above command xhost + will get you rid of that output, albeit momentarily; one way of getting permanently rid of this issue, among many, is to add

xhost + > /dev/null

to your ~/.bashrc file. This way, each time you fire up the terminal, the command gets executed. If you do not yet have a .bashrc file in your home directory, it is OK to create one with just this line in it. If you do not add > /dev/null then each time you fire a terminal, you will see a non-disruptive message saying: access control disabled, clients can connect from any host, which is your confirmation that you can now run your_software as root without issue.

See also