Table of contents
xhost - server access control program for X
xhost [ [+-]name ... ]
The xhost program is used to add and delete host names to the list
allowed to make connections to the X server. This
provides a rudimentary form of privacy control and security. It is only
sufficient for a single user environment, although it does
limit the worst abuses. Environments which require more sophisticated measures
should implement the user-based mechanism or use X-Forwarding with SSH.
Xhost accepts the following command line options described below. For security, the options
that affect access control may only be run from the same machine as the server (the "controlling host").
A complete name has the syntax family:name where the families for Project Xming are as follows:
- Prints a usage message.
- The given name (the plus sign is optional) is added to the list allowed to connect to
the X server. The name is typically just a host name or literal (dotted) IP address.
- The given name is removed from the list of allowed to connect to the server.
Existing connections are not broken, but new connection attempts will be denied. Note that the current machine
is allowed to be removed; however, further connections (including attempts
to add it back) will not be permitted. Resetting the server (thereby breaking
all connections) is the only way to allow local connections again.
- Access is granted to everyone, even if they aren’t on the list (i.e., access control is turned off).
- Access is restricted to only those on the list (i.e., access control is turned on).
- If no command line arguments are given, a message indicating whether or not access control is currently enabled is
printed, followed by the list of those allowed to connect.
When Xming lists resolved IPv6 names: addresses are show first as default names can ambiguously repeat.
This is the only option that may be used from machines other than the controlling host.
inet Internet host (IPv4) (and the default when no family: is entered)
inet6 Internet host (IPv6)
local contains only one name, the empty string
si Server Interpreted
The family: is case insensitive and optional. The format of the name varies with the family.
Project Xming's xhost is compiled to support IPv6, so all IPv4 and IPv6 addresses returned by getaddrinfo()
are added to the access list in the appropriate inet or inet6 family.
Server-interpreted addresses consist of a case-sensitive type tag and a string
representing a given value, separated by a colon. For example, "si:hostname:almas"
is a server-interpreted address of type hostname, with a value of almas.
Server-interpreted access types are as follows:
Note: si access types localuser and localgroup are not supported in the Xming xserver.
- A literal (dotted) IPv6 address.
- A host name or literal IPv4 address. Host name is not stored as a numeric address, unlike with the inet and inet6 families, and the name service consulted every connection time.
The initial access control list for display number n may be set by the file Xn.hosts, where n is the display number of the server.
For each name added to the access control list, a line of the form "name being added to access control
list" is printed. For each name removed from the access control list, a
line of the form "name being removed from access control list" is printed.
You can’t specify a display on the command line because -display
is a valid command line argument (indicating that you want to remove the
machine named ‘‘display’’ from the access list).
- to get the default host and display to use.
The X server stores network addresses, not host names, unless you use the server-interpreted hostname
type address. If somehow you change a host’s network address while the server
is still running, and you are using a network-address based form of authentication,
xhost must be used to add the new address and/or remove the old address.
Bob Scheifler, MIT Laboratory for Computer Science,
Jim Gettys, MIT Project Athena (DEC).
Table of contents
The Xming website, documentation and images are licensed under a
Creative Commons Attribution-NonCommercial-ShareAlike 2.0 UK: England & Wales License.
Copyright © 2005-2017 Colin Harrison All Rights Reserved