xhost [[+-]name ...]
选项
xhost接受下面描述的以下命令行选项。为了安全,影响访问控制的选项只能从"控制主机"运行。对于工作站,这与服务器是同一台计算机。对于 X 终端,它是登录主机。
- help
|
显示帮助消息,然后退出。
|
[+]name
|
给定名称(加号是可选的)添加到允许连接到 X 服务器的列表中。名称可以是主机名或完整名称(有关详细信息,请参阅下面的名称部分)。
|
-name
|
给定名称将从允许连接到服务器的列表中删除。名称可以是主机名或完整名称(有关详细信息,请参阅下面的名称部分)。现有连接不会断开,但将拒绝新的连接尝试。请注意,允许移除当前计算机;允许移除当前计算机。但是,不允许进一步连接(包括尝试将其添加回来)。重置服务器(从而中断所有连接)是再次允许本地连接的唯一方法。
|
+
|
即使每个人不在列表中(即,访问控制已关闭),也授予他们访问权限。
|
-
|
访问仅限于列表中的访问(即,访问控制已打开)。
|
[nothing]
|
如果未给出命令行参数,则将打印一条消息,指示当前是否启用访问控制,然后是允许连接的消息列表。此选项是唯一可能从控制主机以外的计算机使用的选项。
|
名字
完整名称具有语法"系列:名称",其中这些家族如下所示:
inet
|
互联网主机 (IPv4).
|
inet6
|
互联网主机 (IPv6).
|
dnet
|
DECnet 主机。
|
Nis
|
安全 RPC 网络名称。
|
krb
|
克尔贝罗斯V5 主体。
|
local
|
只包含一个名称,空字符串。
|
si
|
服务器已解释。
|
这个家庭对案件不敏感。名称的格式因系列而异。
当使用安全 RPC时,网络独立网名(例如,"nis:unix")。可以指定uid[域名]), 或者只需使用用户名和尾随符号 (例如,[nis:pat])就指定本地用户。对于与前 R6 xhost 的向后兼容性,假定包含 at 符号 (#) 的名称在 nis 系列中。否则,它们被假定为 Internet 地址。如果编译以支持 IPv6,则getaddrinfo返回的所有 IPv4 和 IPv6 地址将添加到相应的 inet 或 inet6 系列的访问列表中。
本地系列一次指定所有本地连接。但是,服务器解释地址"si:localuser:用户名"可用于指定单个本地用户。
服务器解释的地址由大小写敏感的类型标记和表示给定值的字符串组成,由冒号分隔。例如,"si:主机名:almas"是一个服务器解释的主机名类型的地址,值为almas。
显示编号 n 的初始访问控制列表可以由文件/etc/Xn.hosts设置,其中n是服务器的显示编号。
xhost [[+-]name ...]
Options
xhost accepts the following command line options described below. For security, the options that affect access control may only be run from the "controlling host". For workstations, this is the same machine as the server. For X terminals, it is the login host.
-help
|
Display a help message, and exit.
|
[+]name
|
The given name (the plus sign is optional) is added to the list allowed to connect to the X server. The name can be a hostname or a complete name (See the Names section below for more details).
|
-name
|
The given name is removed from the list of allowed to connect to the server. The name can be a hostname or a complete name (See the Names section below for more details). Existing connections are not broken, but new connection attempts will be denied. Note that the current machine is allowed to be removed; however, further connections (including attempts to add it back) will not be permitted. Resetting the server (thereby breaking all connections) is the only way to allow local connections again.
|
+
|
Access is granted to everyone, even if they aren't on the list (i.e., access control is turned off).
|
-
|
Access is restricted to only those on the list (i.e., access control is turned on).
|
[nothing]
|
If no command line arguments are given, a message indicating whether or not access control is currently enabled is printed, followed by the list of those allowed to connect. This option is the only option that may be used from machines other than the controlling host.
|
Names
A complete name has the syntax "family:name" where the families are as follows:
inet
|
Internet host (IPv4).
|
inet6
|
Internet host (IPv6).
|
dnet
|
DECnet host.
|
nis
|
Secure RPC network name.
|
krb
|
Kerberos V5 principal.
|
local
|
Contains only one name, the empty string.
|
si
|
Server Interpreted.
|
The family is case-insensitive. The format of the name varies with the family.
When Secure RPC is being used, the network independent netname (e.g., "nis:unix.uid@domainname") can be specified, or a local user can be specified with just the username and a trailing at-sign (e.g., "nis:pat@"). For backward compatibility with pre-R6 xhost, names that contain an at-sign (@) are assumed to be in the nis family. Otherwise, they are assumed to be Internet addresses. If compiled to support IPv6, then all IPv4 and IPv6 addresses returned by getaddrinfo are added to the access list in the appropriate inet or inet6 family.
The local family specifies all the local connections at once. However, the server interpreted address "si:localuser:username" can be used to specify a single local user.
Server interpreted addresses consist of a case-sensitive type tag and a string representing a given value, separated by a colon. For example, "si:hostname:almas" is a server interpreted address of type hostname, with a value of almas.
The initial access control list for display number n may be set by the file /etc/Xn.hosts, where n is the display number of the server.
未知的网友