Home / ubuntu / Questions / 877820
In Process
srinuab4u
Asked: 2017-01-31 00:04:47 +0800 CST

What are xhost and xhost +si?

  • 772

What is this script doing?

#!/bin/bash
xhost +local:
xhost +si:localuser:root

What is the default list of xhost?

xserver

1 Answers

  1. xhost +SI:localuser:root allows the root user to access the running X server. The current X server is indicated by the DISPLAY environment variable. xhost +local: does the same for every user, so the root line is not of much use.

    The manpage has reasonably good explanations:

       [+]name The given name (the plus sign is optional) is added to the list
           allowed to connect to the X server.  The name  can  be  a  host
           name or a complete name (See NAMES for more details).
...
NAMES
   A complete name has the syntax ``family:name'' where the  families  are
   as follows:
...
   local     contains only one name, the empty string
   si        Server Interpreted
...
   The  local family specifies all the local connections at once. However,
   the server interpreted address "si:localuser:username" can be  used  to
   specify a single local user. (See the Xsecurity(7) manual page for more
   details.)

    And the Xsecurity manpage says:

    SERVER INTERPRETED ACCESS TYPES
   The  sample  implementation   includes   several   Server   Interpreted
   mechanisms:
       IPv6                          IPv6 literal addresses
       hostname                      Network host name
       localuser                     Local connection user id
       localgroup                    Local connection group id

    With a bit of context: There are two commonly used ways to allow access to an X server. One is via an Xauthority file, which is shared by the clients, and needs no further server-side configuration. The other is via the xhost list, where configuration is done on the server at runtime (so this is not a permanent change).

    So, localuser is a keyword to be retained as is (root is the username here). This is somewhat like adding to a group, in that the groups are in the server's understanding of authorization. However, no system groups or users are affected. Only the X server's runtime configuration is changed.

    The default behaviour of xhost when run without arguments is to print the list, as the manpage says:

    nothing If no command line arguments are given,  a  message  indicating
        whether  or not access control is currently enabled is printed,
        followed by the list of those allowed to connect.

    For example:

    $ xhost
access control enabled, only authorized clients can connect
SI:localuser:muru

    (muru is my username.)

    (From my post on Unix & Linux)

    • 23