Difference between revisions of "Xhost"

From ArchWiki
Jump to navigation Jump to search
(improve install link as recommended in Help:Style#Package management instructions)
(Style)
 
(11 intermediate revisions by 6 users not shown)
Line 1: Line 1:
[[Category:Networking]]
+
[[Category:X server]]
 
[[ja:Xhost]]
 
[[ja:Xhost]]
 
[[ko:Xhost]]
 
[[ko:Xhost]]
==Summary==
+
[[pt:Xhost]]
 +
From Xhost man page (boldface added):
  
From Xhost man page:
+
: The xhost program is used to add and delete host names or user names to the list allowed to make connections to the X server. In the case of hosts, this provides a rudimentary form of privacy control and security. '''It is only sufficient for a workstation (single user) environment''', although it does limit the worst abuses. Environments which require more sophisticated measures should implement the user-based mechanism or use the hooks in the protocol for passing other authentication data to the server.
  
The xhost program is used to add and delete host names or user names to the list allowed to make connections to the X server.  In the  case  of hosts,  this  provides  a rudimentary form of privacy control and security.  It is only sufficient for a workstation (single  user) environment,  although  it  does  limit  the worst abuses.  Environments which require more sophisticated measures  should  implement  the  user-based mechanism  or use the hooks in the protocol for passing other authentication data to the server.
+
See {{man|1|xhost}} for the full info.
  
See ''man xhost'' for the full info.
+
== Installation ==
==Installation==
 
[[Install]] {{pkg|xorg-xhost}} from the [[Official repositories]].
 
  
==Usage==
+
[[Install]] the {{pkg|xorg-xhost}} package.
 +
 
 +
== Usage ==
 +
 
 +
{{Warning|This command grants any local user access to your X screen. That might be OK for a single-user machine, but usually not for a multi-user system. If you want to grant root access to your X screen, it is preferable to set the {{ic|$XAUTHORITY}} environment variable. This variable is kept by '''sudo''' by default and also by plain '''su''' (i.e., not '''su -''').}}
  
 
To provide access to an application running as sudo or su to the graphical server (aka your X session aka your computer screen), open a terminal and type as your normal user (don't ''su -''):  
 
To provide access to an application running as sudo or su to the graphical server (aka your X session aka your computer screen), open a terminal and type as your normal user (don't ''su -''):  
  
  xhost +local:
+
  $ xhost +local:
  
 
To get things back to normal, with controlled access to the X screen:
 
To get things back to normal, with controlled access to the X screen:
  
  xhost -
+
  $ xhost -
 +
 
 +
== The 'cannot connect to X server :0.0' output ==
  
==The 'cannot connect to X server :0.0' output==
+
{{Warning|This command disables access control, meaning that any user on the system, or on your network if X is listening on the network, has access to your $DISPLAY without any authentication. This opens a security hole on your system that allows other users to launch applications (including key loggers) on your X server.}}
  
 
The above command '''xhost +''' will get you rid of that output, albeit momentarily;
 
The above command '''xhost +''' will get you rid of that output, albeit momentarily;
Line 29: Line 34:
 
  xhost + >/dev/null
 
  xhost + >/dev/null
  
into your ~/.bashrc file. This way, each time you fire up the terminal, the command gets executed. If you do not yet have a .bashrc file in your home directory, it's OK to create one with just this line in it. If you do not add ''>/dev/null'' then each time you fire a terminal, you will see a non-disruptive message saying: ''access control disabled, clients can connect from any host'', which is your confirmation that you can now ''sudo <your soft>'' without issue.
+
to your {{ic|~/.bashrc}} file. This way, each time you fire up the terminal, the command gets executed. If you do not yet have a .bashrc file in your home directory, it's OK to create one with just this line in it. If you do not add ''>/dev/null'' then each time you fire a terminal, you will see a non-disruptive message saying: ''access control disabled, clients can connect from any host'', which is your confirmation that you can now ''sudo <your soft>'' without issue.
 
 
{{Warning|This command disables access control, meaning that any user on the system, or on your network if X is listening on the network, has access to your $DISPLAY without any authentication. This opens a security hole on your system that allows other users to launch applications (including key loggers) on your X server.}}
 

Latest revision as of 20:16, 18 January 2019

From Xhost man page (boldface added):

The xhost program is used to add and delete host names or user names to the list allowed to make connections to the X server. In the case of hosts, this provides a rudimentary form of privacy control and security. It is only sufficient for a workstation (single user) environment, although it does limit the worst abuses. Environments which require more sophisticated measures should implement the user-based mechanism or use the hooks in the protocol for passing other authentication data to the server.

See xhost(1) for the full info.

Installation

Install the xorg-xhost package.

Usage

Warning: This command grants any local user access to your X screen. That might be OK for a single-user machine, but usually not for a multi-user system. If you want to grant root access to your X screen, it is preferable to set the $XAUTHORITY environment variable. This variable is kept by sudo by default and also by plain su (i.e., not su -).

To provide access to an application running as sudo or su to the graphical server (aka your X session aka your computer screen), open a terminal and type as your normal user (don't su -):

$ xhost +local:

To get things back to normal, with controlled access to the X screen:

$ xhost -

The 'cannot connect to X server :0.0' output

Warning: This command disables access control, meaning that any user on the system, or on your network if X is listening on the network, has access to your $DISPLAY without any authentication. This opens a security hole on your system that allows other users to launch applications (including key loggers) on your X server.

The above command xhost + will get you rid of that output, albeit momentarily; one way of getting permanently rid of this issue, among many, is to add

xhost + >/dev/null

to your ~/.bashrc file. This way, each time you fire up the terminal, the command gets executed. If you do not yet have a .bashrc file in your home directory, it's OK to create one with just this line in it. If you do not add >/dev/null then each time you fire a terminal, you will see a non-disruptive message saying: access control disabled, clients can connect from any host, which is your confirmation that you can now sudo <your soft> without issue.