xhost

Tartalom

 

Adatok

Fejlesztő/tulajdonos: MIT Laboratory for Computer Science

Rövid leírás:

Az xhost parancs manual oldala és súgója. Az xhost program segítségével lehet hozzáadni, vagy eltávolítani kiszolgálóneveket vagy felhasználóneveket abból a listából, amely engedélyezi az X szerverhez való kapcsolódást. A kiszolgálók esetében ez a személyes adatvédelem ellenőrzésének és biztonságának az egyszerű formáját biztosítja. Bár ez csak a munkaállomás (egyetlen felhasználó) környezetére korlátozódik, megakadályozza a visszaéléseket. A kifinomultabb biztonságot igénylő környezetekben végre kell hajtani a felhasználói alapú mechanizmust, vagy a protokollban lévő horgokat kell felhasználni a szerverre történő más hitelesítési adatok továbbítására.

 

 

Man oldal kimenet

man xhost
XHOST(1)                      General Commands Manual                     XHOST(1)

NAME
       xhost - server access control program for X

SYNOPSIS
       xhost [[+-]name ...]

DESCRIPTION
       The xhost program is used to add and delete host names or user names to the
       list allowed to make connections to the X server.  In the  case  of  hosts,
       this  provides  a  rudimentary form of privacy control and security.  It is
       only sufficient for a workstation (single user)  environment,  although  it
       does limit the worst abuses.  Environments which require more sophisticated
       measures should implement the user-based mechanism or use the hooks in  the
       protocol for passing other authentication data to the server.

OPTIONS
       Xhost  accepts  the  following  command  line options described below.  For
       security, the options that affect access control may only be run  from  the
       "controlling  host".   For  workstations,  this  is the same machine as the
       server.  For X terminals, it is the login host.

       -help   Prints a usage message.

       [+]name The given name (the plus sign is optional) is  added  to  the  list
               allowed to connect to the X server.  The name can be a host name or
               a complete name (See NAMES for more details).

       -name   The given name is removed from the list of allowed  to  connect  to
               the  server.   The  name can be a host name or a complete name (See
               NAMES for more details).  Existing connections are not broken,  but
               new  connection  attempts  will  be  denied.  Note that the current
               machine is allowed to  be  removed;  however,  further  connections
               (including  attempts to add it back) will not be permitted.  Reset‐
               ting the server (thereby breaking all connections) is the only  way
               to allow local connections again.

       +       Access  is  granted  to  everyone,  even if they aren't on the list
               (i.e., access control is turned off).

       -       Access is restricted to only those on the list (i.e.,  access  con‐
               trol is turned on).

       nothing If  no  command  line  arguments  are  given,  a message indicating
               whether or not access control is currently enabled is printed, fol‐
               lowed  by  the  list of those allowed to connect.  This is the only
               option that may be used from machines other  than  the  controlling
               host.

NAMES
       A  complete  name  has the syntax ``family:name'' where the families are as
       follows:

       inet      Internet host (IPv4)
       inet6     Internet host (IPv6)
       dnet      DECnet host
       nis       Secure RPC network name
       krb       Kerberos V5 principal
       local     contains only one name, the empty string
       si        Server Interpreted

       The family is case insensitive.  The format of the  name  varies  with  the
       family.

       When  Secure  RPC  is  being  used,  the network independent netname (e.g.,
       "nis:unix.uid@domainname") can be specified, or a local user can be  speci‐
       fied with just the username and a trailing at-sign (e.g., "nis:pat@").

       For backward compatibility with pre-R6 xhost, names that contain an at-sign
       (@) are assumed to be in the nis family.  Otherwise they are assumed to  be
       Internet  addresses.  If  compiled  to support IPv6, then all IPv4 and IPv6
       addresses returned by getaddrinfo(3) are added to the access  list  in  the
       appropriate inet or inet6 family.

       The  local family specifies all the local connections at once. However, the
       server interpreted address "si:localuser:username" can be used to specify a
       single local user. (See the Xsecurity(7) manual page for more details.)

       Server  interpreted  addresses  consist  of a case-sensitive type tag and a
       string representing a given value, separated  by  a  colon.   For  example,
       "si:hostname:almas"  is a server interpreted address of type hostname, with
       a value of almas.   For more information on the available forms  of  server
       interpreted addresses, see the Xsecurity(7) manual page.

       The initial access control list for display number n may be set by the file
       /etc/Xn.hosts, where n is the display number of the server.  See Xserver(1)
       for details.

DIAGNOSTICS
       For  each  name  added to the access control list, a line of the form "name
       being added to access control list" is printed.  For each name removed from
       the access control list, a line of the form "name being removed from access
       control list" is printed.

SEE ALSO
       X(7), Xsecurity(7), Xserver(1), xdm(1), xauth(1), getaddrinfo(3)

ENVIRONMENT
       DISPLAY to get the default host and display to use.

BUGS
       You can't specify a display on the command line because -display is a valid
       command line argument (indicating that you want to remove the machine named
       ``display'' from the access list).

       The X server stores network addresses, not host names, unless you  use  the
       server-interpreted  hostname  type address.  If somehow you change a host's
       network address while the server is still running, and you are using a net‐
       work-address  based  form  of authentication, xhost must be used to add the
       new address and/or remove the old address.

AUTHORS
       Bob Scheifler, MIT Laboratory for Computer Science,
       Jim Gettys, MIT Project Athena (DEC).

X Version 11                        xhost 1.0.7                           XHOST(1)

 

 

Súgó kimenet

xhost -help
usage: xhost [[+-]hostname ...]

 

Kapcsolódó tartalom

  •  

 

Címkék