Every X server internally manages an ACL (Access Control List) of those hosts, that are allowed to connect. The server only authorizes connections from X clients, whose host is on that list and rejects access to all others. The xhost program is used to add or revert access to the X server for specified hosts. It’s also possible to specify a user and a hostname pair.
Host-based Control (xhost)
To see if access control is enabled, type
xhost. It displays the current ACL:
$ xhost access control enabled, only authorized clients can connect SI:localuser:user SI:localuser:gdm SI:localuser:root
If the access control is disabled, it prints:
$ xhost access control disabled, clients can connect from any host
To disable the access control type
xhost + which allows any host to access your X server. You probaly don’t want to do this because it allows the world to open windows on your screen and grab the keystrokes you type.
To enable the access control again type
xhost - and only authorized clients/hosts are allowed to do the things mentioned above.
A simple example
Now let’s do something useful, e.g. grant another user on the local machine access to our X server. It’s pretty easy:
$ xhost +SI:localuser:anotheruser localuser:anotheruser being added to access control list
And after that, anotheruser should show up in the ACL:
$ xhost access control disabled, clients can connect from any host SI:localuser:anotheruser SI:localuser:user SI:localuser:gdm SI:localuser:root
To revoke the access right for anotheruser, use
$ xhost -SI:localuser:anotheruser localuser:anotheruser being removed from access control list
For granting access to users on different hosts, have a look at the xhost manpage or the examples provided on http://linux.about.com/library/cmd/blcmdl_xhost.htm.
Thanks for this. The man page is particularly worthless.
A very useful page. Thanks a lot.
Thank you! The right manual!
Pingback: Unix/Linux:what does Xserver access control mean – Unix Questions