Xhost

From ArchWiki
Revision as of 10:53, 3 January 2019 by Indigo (talk | contribs) (→‎Usage: style fix and word tweak)
Jump to navigation Jump to search

From Xhost man page (boldface added):

The xhost program is used to add and delete host names or user names to the list allowed to make connections to the X server. In the case of hosts, this provides a rudimentary form of privacy control and security. It is only sufficient for a workstation (single user) environment, although it does limit the worst abuses. Environments which require more sophisticated measures should implement the user-based mechanism or use the hooks in the protocol for passing other authentication data to the server.

See xhost(1) for the full info.

Installation

Install the xorg-xhost package.

Usage

Warning: This command grants any local user access to your X screen. That might be OK for a single-user machine, but usually not for a multi-user system. If you want to grant root access to your X screen, it is preferable to set the $XAUTHORITY environment variable. This variable is kept by sudo by default and also by plain su (i.e., not su -).

To provide access to an application running as sudo or su to the graphical server (aka your X session aka your computer screen), open a terminal and type as your normal user (don't su -):

$ xhost +local:

To get things back to normal, with controlled access to the X screen:

$ xhost -

The 'cannot connect to X server :0.0' output

Warning: This command disables access control, meaning that any user on the system, or on your network if X is listening on the network, has access to your $DISPLAY without any authentication. This opens a security hole on your system that allows other users to launch applications (including key loggers) on your X server.

The above command xhost + will get you rid of that output, albeit momentarily; one way of getting permanently rid of this issue, among many, is to add

xhost + >/dev/null

to your ~/.bashrc file. This way, each time you fire up the terminal, the command gets executed. If you do not yet have a .bashrc file in your home directory, it's OK to create one with just this line in it. If you do not add >/dev/null then each time you fire a terminal, you will see a non-disruptive message saying: access control disabled, clients can connect from any host, which is your confirmation that you can now sudo <your soft> without issue.