Xhost

From ArchWiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

From Xhost man page (boldface added):

The xhost program is used to add and delete host names or user names to the list allowed to make connections to the X server. In the case of hosts, this provides a rudimentary form of privacy control and security. It is only sufficient for a workstation (single user) environment, although it does limit the worst abuses. Environments which require more sophisticated measures should implement the user-based mechanism or use the hooks in the protocol for passing other authentication data to the server.

See xhost(1) for the full info.

Installation

Install the xorg-xhost package.

Usage

Warning: This command grants any local user access to your X screen. That might be OK for a single-user machine, but usually not for a multi-user system. If you want to grant root access to your X screen, it is preferable to set the $XAUTHORITY environment variable. This variable is kept by sudo by default and also by plain su (i.e., not su -).

To provide access to an application running as sudo or su to the graphical server (aka your X session aka your computer screen), open a terminal and type as your normal user (do not su -. Replace username with desired user name):

$ xhost +SI:localuser:username 

To get things back to normal, with controlled access to the X screen:

$ xhost -

xhost + will disable X authentication entirely. Do not do that unless you really know what are you doing.

The 'cannot connect to X server :0.0' output

Warning: This command disables access control, meaning that any user on the system, or on your network if X is listening on the network, has access to your $DISPLAY without any authentication. This opens a security hole on your system that allows other users to launch applications (including key loggers) on your X server.

The above command xhost + will get you rid of that output, albeit momentarily; one way of getting permanently rid of this issue, among many, is to add

xhost + > /dev/null

to your ~/.bashrc file. This way, each time you fire up the terminal, the command gets executed. If you do not yet have a .bashrc file in your home directory, it is OK to create one with just this line in it. If you do not add > /dev/null then each time you fire a terminal, you will see a non-disruptive message saying: access control disabled, clients can connect from any host, which is your confirmation that you can now run <your software> as root without issue.

See also