Difference between revisions of "Xhost"

From ArchWiki
Jump to navigation Jump to search
(Installation: style)
(Style)
 
(8 intermediate revisions by 4 users not shown)
Line 1: Line 1:
[[Category:Networking]]
+
[[Category:X server]]
 
[[ja:Xhost]]
 
[[ja:Xhost]]
 
[[ko:Xhost]]
 
[[ko:Xhost]]
From Xhost man page:
+
[[pt:Xhost]]
 +
From Xhost man page (boldface added):
  
The xhost program is used to add and delete host names or user names to the list allowed to make connections to the X server. In the case of hosts, this provides a rudimentary form of privacy control and security. It is only sufficient for a workstation (single user) environment, although it does limit the worst abuses. Environments which require more sophisticated measures should implement the user-based mechanism or use the hooks in the protocol for passing other authentication data to the server.
+
: The xhost program is used to add and delete host names or user names to the list allowed to make connections to the X server. In the case of hosts, this provides a rudimentary form of privacy control and security. '''It is only sufficient for a workstation (single user) environment''', although it does limit the worst abuses. Environments which require more sophisticated measures should implement the user-based mechanism or use the hooks in the protocol for passing other authentication data to the server.
  
See ''man xhost'' for the full info.
+
See {{man|1|xhost}} for the full info.
 +
 
 +
== Installation ==
  
==Installation==
 
 
[[Install]] the {{pkg|xorg-xhost}} package.
 
[[Install]] the {{pkg|xorg-xhost}} package.
  
==Usage==
+
== Usage ==
 +
 
 +
{{Warning|This command grants any local user access to your X screen. That might be OK for a single-user machine, but usually not for a multi-user system. If you want to grant root access to your X screen, it is preferable to set the {{ic|$XAUTHORITY}} environment variable. This variable is kept by '''sudo''' by default and also by plain '''su''' (i.e., not '''su -''').}}
  
 
To provide access to an application running as sudo or su to the graphical server (aka your X session aka your computer screen), open a terminal and type as your normal user (don't ''su -''):  
 
To provide access to an application running as sudo or su to the graphical server (aka your X session aka your computer screen), open a terminal and type as your normal user (don't ''su -''):  
Line 21: Line 25:
 
  $ xhost -
 
  $ xhost -
  
==The 'cannot connect to X server :0.0' output==
+
== The 'cannot connect to X server :0.0' output ==
 +
 
 +
{{Warning|This command disables access control, meaning that any user on the system, or on your network if X is listening on the network, has access to your $DISPLAY without any authentication. This opens a security hole on your system that allows other users to launch applications (including key loggers) on your X server.}}
  
 
The above command '''xhost +''' will get you rid of that output, albeit momentarily;
 
The above command '''xhost +''' will get you rid of that output, albeit momentarily;
Line 28: Line 34:
 
  xhost + >/dev/null
 
  xhost + >/dev/null
  
into your ~/.bashrc file. This way, each time you fire up the terminal, the command gets executed. If you do not yet have a .bashrc file in your home directory, it's OK to create one with just this line in it. If you do not add ''>/dev/null'' then each time you fire a terminal, you will see a non-disruptive message saying: ''access control disabled, clients can connect from any host'', which is your confirmation that you can now ''sudo <your soft>'' without issue.
+
to your {{ic|~/.bashrc}} file. This way, each time you fire up the terminal, the command gets executed. If you do not yet have a .bashrc file in your home directory, it's OK to create one with just this line in it. If you do not add ''>/dev/null'' then each time you fire a terminal, you will see a non-disruptive message saying: ''access control disabled, clients can connect from any host'', which is your confirmation that you can now ''sudo <your soft>'' without issue.
 
 
{{Warning|This command disables access control, meaning that any user on the system, or on your network if X is listening on the network, has access to your $DISPLAY without any authentication. This opens a security hole on your system that allows other users to launch applications (including key loggers) on your X server.}}
 

Latest revision as of 20:16, 18 January 2019

From Xhost man page (boldface added):

The xhost program is used to add and delete host names or user names to the list allowed to make connections to the X server. In the case of hosts, this provides a rudimentary form of privacy control and security. It is only sufficient for a workstation (single user) environment, although it does limit the worst abuses. Environments which require more sophisticated measures should implement the user-based mechanism or use the hooks in the protocol for passing other authentication data to the server.

See xhost(1) for the full info.

Installation

Install the xorg-xhost package.

Usage

Warning: This command grants any local user access to your X screen. That might be OK for a single-user machine, but usually not for a multi-user system. If you want to grant root access to your X screen, it is preferable to set the $XAUTHORITY environment variable. This variable is kept by sudo by default and also by plain su (i.e., not su -).

To provide access to an application running as sudo or su to the graphical server (aka your X session aka your computer screen), open a terminal and type as your normal user (don't su -):

$ xhost +local:

To get things back to normal, with controlled access to the X screen:

$ xhost -

The 'cannot connect to X server :0.0' output

Warning: This command disables access control, meaning that any user on the system, or on your network if X is listening on the network, has access to your $DISPLAY without any authentication. This opens a security hole on your system that allows other users to launch applications (including key loggers) on your X server.

The above command xhost + will get you rid of that output, albeit momentarily; one way of getting permanently rid of this issue, among many, is to add

xhost + >/dev/null

to your ~/.bashrc file. This way, each time you fire up the terminal, the command gets executed. If you do not yet have a .bashrc file in your home directory, it's OK to create one with just this line in it. If you do not add >/dev/null then each time you fire a terminal, you will see a non-disruptive message saying: access control disabled, clients can connect from any host, which is your confirmation that you can now sudo <your soft> without issue.