aboutsummaryrefslogtreecommitdiff
path: root/apps/xhost/xhost.man
diff options
context:
space:
mode:
Diffstat (limited to 'apps/xhost/xhost.man')
-rw-r--r--apps/xhost/xhost.man175
1 files changed, 175 insertions, 0 deletions
diff --git a/apps/xhost/xhost.man b/apps/xhost/xhost.man
new file mode 100644
index 000000000..d71d101ab
--- /dev/null
+++ b/apps/xhost/xhost.man
@@ -0,0 +1,175 @@
+.\" Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
+.\"
+.\" Permission is hereby granted, free of charge, to any person obtaining a
+.\" copy of this software and associated documentation files (the "Software"),
+.\" to deal in the Software without restriction, including without limitation
+.\" the rights to use, copy, modify, merge, publish, distribute, sublicense,
+.\" and/or sell copies of the Software, and to permit persons to whom the
+.\" Software is furnished to do so, subject to the following conditions:
+.\"
+.\" The above copyright notice and this permission notice (including the next
+.\" paragraph) shall be included in all copies or substantial portions of the
+.\" Software.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+.\" IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+.\" FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+.\" THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+.\" LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+.\" FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+.\" DEALINGS IN THE SOFTWARE.
+.\"
+.\" Copyright 1988, 1998 The Open Group
+.\"
+.\" Permission is hereby granted, free of charge, to any person obtaining a
+.\" copy of this software and associated documentation files (the
+.\" "Software"), to deal in the Software without restriction, including
+.\" without limitation the rights to use, copy, modify, merge, publish,
+.\" distribute, and/or sell copies of the Software, and to permit persons
+.\" to whom the Software is furnished to do so, provided that the above
+.\" copyright notice(s) and this permission notice appear in all copies of
+.\" the Software and that both the above copyright notice(s) and this
+.\" permission notice appear in supporting documentation.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+.\" OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+.\" MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+.\" OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+.\" HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
+.\" INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
+.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" Except as contained in this notice, the name of a copyright holder
+.\" shall not be used in advertising or otherwise to promote the sale, use
+.\" or other dealings in this Software without prior written authorization
+.\" of the copyright holder.
+.\"
+.\" X Window System is a trademark of The Open Group.
+.\"
+.TH XHOST 1 __xorgversion__
+.SH NAME
+xhost \- server access control program for X
+.SH SYNOPSIS
+.B xhost
+[[+\-]name ...]
+.SH DESCRIPTION
+The \fIxhost\fP program
+is used to add and delete host names or user names to the list allowed
+to make connections to the X server. In the case of hosts, this provides
+a rudimentary form of privacy control and security. It is only sufficient
+for a workstation (single user) environment, although it does limit the
+worst abuses. Environments which require more sophisticated measures should
+implement the user-based mechanism or use the hooks in the
+protocol for passing other authentication data to the server.
+.SH OPTIONS
+\fIXhost\fP accepts the following command line options described below. For
+security, the options that affect access control may only be run from the
+"controlling host". For workstations, this is the same machine as the
+server. For X terminals, it is the login host.
+.TP 8
+.B \-help
+Prints a usage message.
+.TP 8
+.BI "[+]" "name"
+The given \fIname\fP (the plus sign is optional)
+is added to the list allowed to connect to the X server.
+The name can be a host name or a user name.
+.TP 8
+.BI \- "name"
+The given \fIname\fP is removed from the list of allowed
+to connect to the server. The name can be a host name or a user name.
+Existing connections are not broken, but new
+connection attempts will be denied.
+Note that the current machine is allowed to be removed; however, further
+connections (including attempts to add it back) will not be permitted.
+Resetting the server (thereby breaking all connections)
+is the only way to allow local connections again.
+.TP 8
+.B \+
+Access is granted to everyone, even if they aren't on the list
+(i.e., access control is turned off).
+.TP 8
+.B \-
+Access is restricted to only those on the list
+(i.e., access control is turned on).
+.TP 8
+.I nothing
+If no command line arguments are given,
+a message indicating whether or not access control is currently enabled
+is printed, followed by the list of those allowed to connect.
+This is the only option that may be used from machines other than
+the controlling host.
+.SH NAMES
+A complete name has the syntax
+``family:name'' where the families are
+as follows:
+.PP
+.nf
+.ta 1i
+inet Internet host (IPv4)
+inet6 Internet host (IPv6)
+dnet DECnet host
+nis Secure RPC network name
+krb Kerberos V5 principal
+local contains only one name, the empty string
+si Server Interpreted
+.fi
+.PP
+The family is case insensitive.
+The format of the name varies with the family.
+.PP
+When Secure RPC is being used, the
+network independent netname (e.g., "nis:unix.\fIuid\fP@\fIdomainname\fP") can
+be specified, or a local user can be specified with just the username
+and a trailing at-sign (e.g., "nis:pat@").
+.PP
+For backward compatibility with pre-R6 \fIxhost\fP,
+names that contain an at-sign (@) are assumed to be in the nis family.
+Otherwise they are assumed to be Internet addresses. If compiled to support
+IPv6, then all IPv4 and IPv6 addresses returned by getaddrinfo(3) are added to
+the access list in the appropriate inet or inet6 family.
+.PP
+Server interpreted addresses consist of a case-sensitive type tag and a
+string representing a given value, separated by a colon. For example,
+"si:hostname:almas" is a server interpreted address of type \fIhostname\fP,
+with a value of \fIalmas\fP. For more information on the available forms
+of server interpreted addresses, see the \fIXsecurity\fP(__miscmansuffix__)
+manual page.
+.PP
+The initial access control list for display number \fBn\fP
+may be set by the file \fI/etc/X\fBn\fI.hosts\fR, where
+\fBn\fP is the display number of the server. See \fIXserver\fP(1)
+for details.
+.SH DIAGNOSTICS
+For each name added to the access control list,
+a line of the form "\fIname\fP being added to access control list"
+is printed.
+For each name removed from the access control list,
+a line of the form "\fIname\fP being removed from access control list"
+is printed.
+.SH "SEE ALSO"
+X(__miscmansuffix__), Xsecurity(__miscmansuffix__), Xserver(1), xdm(1), xauth(1), getaddrinfo(3)
+.SH ENVIRONMENT
+.TP 8
+.B DISPLAY
+to get the default host and display to use.
+.SH BUGS
+.PP
+You can't specify a display on the command line because
+.B \-display
+is a valid command line argument (indicating that you want
+to remove the machine named
+.I ``display''
+from the access list).
+.PP
+The X server stores network addresses, not host names, unless you use
+the server-interpreted hostname type address. If somehow you change a
+host's network address while the server is still running, and you are
+using a network-address based form of authentication, \fIxhost\fP must
+be used to add the new address and/or remove the old address.
+.SH AUTHORS
+Bob Scheifler, MIT Laboratory for Computer Science,
+.br
+Jim Gettys, MIT Project Athena (DEC).