Xming
Table of contents

Name

xhost - server access control program for X

Synopsis

xhost [ [+-]name ... ]

Description

The xhost program is used to add and delete host names to the list allowed to make connections to the X server. This provides a rudimentary form of privacy control and security. It is only sufficient for a single user environment, although it does limit the worst abuses. Environments which require more sophisticated measures should implement the user-based mechanism or use X-Forwarding with SSH.

Options

Xhost accepts the following command line options described below. For security, the options that affect access control may only be run from the same machine as the server (the "controlling host").
-help
Prints a usage message.
[+]name
The given name (the plus sign is optional) is added to the list allowed to connect to the X server. The name is typically just a host name or literal (dotted) IP address.
-name
The given name is removed from the list of allowed to connect to the server. Existing connections are not broken, but new connection attempts will be denied. Note that the current machine is allowed to be removed; however, further connections (including attempts to add it back) will not be permitted. Resetting the server (thereby breaking all connections) is the only way to allow local connections again.
+
Access is granted to everyone, even if they aren’t on the list (i.e., access control is turned off).
-
Access is restricted to only those on the list (i.e., access control is turned on).
nothing
If no command line arguments are given, a message indicating whether or not access control is currently enabled is printed, followed by the list of those allowed to connect. When Xming lists resolved IPv6 names: addresses are show first as default names can ambiguously repeat. This is the only option that may be used from machines other than the controlling host.

Names

A complete name has the syntax family:name where the families for Project Xming are as follows:
inet    Internet host (IPv4) (and the default when no family: is entered)
inet6   Internet host (IPv6)
local   contains only one name, the empty string
si      Server Interpreted

The family: is case insensitive and optional. The format of the name varies with the family.

Project Xming's xhost is compiled to support IPv6, so all IPv4 and IPv6 addresses returned by getaddrinfo() are added to the access list in the appropriate inet or inet6 family.

Server-interpreted addresses consist of a case-sensitive type tag and a string representing a given value, separated by a colon. For example, "si:hostname:almas" is a server-interpreted address of type hostname, with a value of almas. Server-interpreted access types are as follows:

ipv6
A literal (dotted) IPv6 address.
hostname
A host name or literal IPv4 address. Host name is not stored as a numeric address, unlike with the inet and inet6 families, and the name service consulted every connection time.
Note: si access types localuser and localgroup are not supported in the Xming xserver.

The initial access control list for display number n may be set by the file Xn.hosts, where n is the display number of the server.

Diagnostics

For each name added to the access control list, a line of the form "name being added to access control list" is printed. For each name removed from the access control list, a line of the form "name being removed from access control list" is printed.

See also

Access Control, Xserver, xauth

Environment

DISPLAY
to get the default host and display to use.

Bugs

You can’t specify a display on the command line because -display is a valid command line argument (indicating that you want to remove the machine named ‘‘display’’ from the access list).

The X server stores network addresses, not host names, unless you use the server-interpreted hostname type address. If somehow you change a host’s network address while the server is still running, and you are using a network-address based form of authentication, xhost must be used to add the new address and/or remove the old address.

Authors

Bob Scheifler, MIT Laboratory for Computer Science,
Jim Gettys, MIT Project Athena (DEC).


Table of contents

Creative Commons License
The [WWW]Xming website, documentation and images are licensed under a
[WWW]Creative Commons Attribution-NonCommercial-ShareAlike 2.0 UK: England & Wales License.
Copyright © 2005-2014 Colin Harrison All Rights Reserved