This manual page is for Mac OS X version 10.6.3

If you are running a different version of Mac OS X, view the documentation locally:

  • In Terminal, using the man(1) command

Reading manual pages

Manual pages are intended as a quick reference for people who already understand a technology.

  • For more information about the manual page format, see the manual page for manpages(5).

  • For more information about this technology, look for other documentation in the Apple Reference Library.

  • For general information about writing shell scripts, read Shell Scripting Primer.



XHOST(1)                                                                                            XHOST(1)



NAME
       xhost - server access control program for X

SYNOPSIS
       xhost [[+-]name ...]

DESCRIPTION
       The xhost program is used to add and delete host names or user names to the list allowed to make con-nections connections
       nections to the X server.  In the case of hosts, this provides a rudimentary form of privacy  control
       and  security.   It  is only sufficient for a workstation (single user) environment, although it does
       limit the worst abuses.  Environments which require more sophisticated measures should implement  the
       user-based  mechanism  or  use the hooks in the protocol for passing other authentication data to the
       server.

OPTIONS
       Xhost accepts the following command line options described below.  For  security,  the  options  that
       affect  access  control  may  only be run from the "controlling host".  For workstations, this is the
       same machine as the server.  For X terminals, it is the login host.

       -help   Prints a usage message.

       [+]name The given name (the plus sign is optional) is added to the list allowed to connect to  the  X
               server.  The name can be a host name or a user name.

       -name   The given name is removed from the list of allowed to connect to the server.  The name can be
               a host name or a user name.  Existing connections are not broken, but new connection attempts
               will  be  denied.   Note  that the current machine is allowed to be removed; however, further
               connections (including attempts to add it back) will not be permitted.  Resetting the  server
               (thereby breaking all connections) is the only way to allow local connections again.

       +       Access  is  granted  to  everyone,  even  if they aren't on the list (i.e., access control is
               turned off).

       -       Access is restricted to only those on the list (i.e., access control is turned on).

       nothing If no command line arguments are given, a message indicating whether or not access control is
               currently  enabled is printed, followed by the list of those allowed to connect.  This is the
               only option that may be used from machines other than the controlling host.

NAMES
       A complete name has the syntax ``family:name'' where the families are as follows:

       inet      Internet host (IPv4)
       inet6     Internet host (IPv6)
       dnet      DECnet host
       nis       Secure RPC network name
       krb       Kerberos V5 principal
       local     contains only one name, the empty string
       si        Server Interpreted

       The family is case insensitive.  The format of the name varies with the family.

       When Secure RPC is being used, the network independent netname (e.g., "nis:unix.uid@domainname")  can
       be  specified,  or a local user can be specified with just the username and a trailing at-sign (e.g.,
       "nis:pat@").

       For backward compatibility with pre-R6 xhost, names that contain an at-sign (@) are assumed to be  in
       the  nis  family.   Otherwise they are assumed to be Internet addresses. If compiled to support IPv6,
       then all IPv4 and IPv6 addresses returned by getaddrinfo(3) are added  to  the  access  list  in  the
       appropriate inet or inet6 family.

       Server  interpreted  addresses consist of a case-sensitive type tag and a string representing a given
       value, separated by a colon.  For example, "si:hostname:almas" is a  server  interpreted  address  of
       type  hostname, with a value of almas.   For more information on the available forms of server inter-preted interpreted
       preted addresses, see the Xsecurity(7) manual page.

DIAGNOSTICS
       For each name added to the access control list, a line of the form "name being added to  access  con-trol control
       trol  list" is printed.  For each name removed from the access control list, a line of the form "name
       being removed from access control list" is printed.

FILES
       /etc/X*.hosts

SEE ALSO
       X(7), Xsecurity(7), Xserver(1), xdm(1), xauth(1), getaddrinfo(3)

ENVIRONMENT
       DISPLAY to get the default host and display to use.

BUGS
       You can't specify a display on the command line because -display is a  valid  command  line  argument
       (indicating that you want to remove the machine named ``display'' from the access list).

       The X server stores network addresses, not host names, unless you use the server-interpreted hostname
       type address.  If somehow you change a host's network address while the server is still running,  and
       you  are  using  a  network-address  based  form of authentication, xhost must be used to add the new
       address and/or remove the old address.

AUTHORS
       Bob Scheifler, MIT Laboratory for Computer Science,
       Jim Gettys, MIT Project Athena (DEC).



X Version 11                                     xhost 1.0.2                                        XHOST(1)

Reporting Problems

The way to report a problem with this manual page depends on the type of problem:

Content errors
Report errors in the content of this documentation with the feedback links below.
Bug reports
Report bugs in the functionality of the described tool or API through Bug Reporter.
Formatting problems
Report formatting mistakes in the online version of these pages with the feedback links below.

Did this document help you? Yes It's good, but... Not helpful...