What are xhost and xhost +si?
What is this script doing?
#!/bin/bash
xhost +local:
xhost +si:localuser:root
What is the default list of xhost
?
xhost +SI:localuser:root
allows the root
user to access the running X server. The current X server is indicated by the DISPLAY
environment variable. xhost +local:
does the same for every user, so the root
line is not of much use.
The manpage has reasonably good explanations:
[+]name The given name (the plus sign is optional) is added to the list
allowed to connect to the X server. The name can be a host
name or a complete name (See NAMES for more details).
...
NAMES
A complete name has the syntax ``family:name'' where the families are
as follows:
...
local contains only one name, the empty string
si Server Interpreted
...
The local family specifies all the local connections at once. However,
the server interpreted address "si:localuser:username" can be used to
specify a single local user. (See the Xsecurity(7) manual page for more
details.)
And the Xsecurity
manpage says:
SERVER INTERPRETED ACCESS TYPES
The sample implementation includes several Server Interpreted
mechanisms:
IPv6 IPv6 literal addresses
hostname Network host name
localuser Local connection user id
localgroup Local connection group id
With a bit of context: There are two commonly used ways to allow access to an X server. One is via an Xauthority
file, which is shared by the clients, and needs no further server-side configuration. The other is via the xhost
list, where configuration is done on the server at runtime (so this is not a permanent change).
So, localuser
is a keyword to be retained as is (root
is the username here). This is somewhat like adding to a group, in that the groups are in the server's understanding of authorization. However, no system groups or users are affected. Only the X server's runtime configuration is changed.
The default behaviour of xhost
when run without arguments is to print the list, as the manpage says:
nothing If no command line arguments are given, a message indicating
whether or not access control is currently enabled is printed,
followed by the list of those allowed to connect.
For example:
$ xhost
access control enabled, only authorized clients can connect
SI:localuser:muru
(muru
is my username.)
(From my post on Unix & Linux)