.TH xhost "" "" "X Utility"
.PC "Control access to the server"
\fBxhost [[+] \fIname ...\^\fB] [[\-] \fIname ...\^\fB]\fR
.PP
.HS
.SH Options:
.IC "[+] \fIname ...\fR"
Add each
.I name
to the list of hosts or users who can access your system's X server
.IC "\- \fIname ...\fR"
Remove each
.I name
from the list of hosts or users who can access your system's X server
.HE
The X utility
.B xhost
adds and deletes host names or user names to or from the list of those
permitted to connect to the X server on your system.
.PP
Using
.B xhost
to edit the list of hosts that can connect to your system's X server
provides a rudimentary level of privacy control and security.
It is, however, sufficient only for a workstation (single-user) environment,
although it does limit the worst abuses.
If your system is multi-user or requires more sophisticated measures,
you should either use
.B xhost
to edit the list of users who can connect to the X server,
or use the hooks in the X protocol to pass other authentication data
to the server.
.PP
If a host name is followed by two colons `::',
.B xhost
uses it to check DECnet connections;
all other host names are used for TCP/IP connections.
.PP
A user name contains an at-sign `@'.
When Secure RPC is being used, you can specify a user either by her
network-independent netname (e.g., \fBunix.\fIuid\fP@\fIdomainname\fR),
or (if she is a user on your local system)
by her login identifier on your system
and a trailing at-sign (e.g., \fBmary@\fR).
.SH Options
.B xhost
recognizes the command-line options described below.
For security, you can run the options that affect access only from the
controlling host.
For workstations, this is the same machine as the server.
For X terminals, it is the login host:
.IP "\fB[+] \fIname ...\fR"
Add each
.I name
(the plus sign is optional)
to the list of hosts and users allowed to connect to your system's X server.
.IP "\- \fIname ...\fR"
Remove each
.I name
from the list of hosts and users allowed to connect to your system's X server.
The X server
does not break any existing connections, but it will deny all future
attempts by
.I name
to connect.
.IP
Note that
.I name
can name yourself or your system;
however, by doing so you will deny yourself permission to connect
to the X server (and so, permission to undo this command).
The only way to restore local connections is to reset the server.
.IP \fB\+\fR
Grant access to everyone.
This, in effect, turns off access control.
.IP \fB\-\fR
Restrict access to those on the list;
in other words, turn on access control.
.PP
If you give
.B xhost
no command-line argument, it displays a message that indicates
whether access control is enabled,
followed by the list of those allowed to connect.
This is the only feature that can be executed from machines other than
the controlling host.
.SH Diagnostics
For each name that you add to the access control list,
.B xhost
prints a line of the form:
.DM
	\fIname\fP being added to access contro list
.DE
.PP
For each name you remove from the access control list,
it prints a line of the form:
.DM
	\fIname\fP being removed from access contro list
.DE
.SH Environment
.B xhosts
reads the environmental variable
.B DISPLAY
to find the host and display to use.
.SH Files
\fB/etc/X*.hosts\fR \(em Name hosts permitted to connect to this server
.SH "See Also"
.B
xdm,
X utilities
.R
.SH Notes
.B xhost
does not permit you to specify a display on the command line because
.B \-display
is a valid command-line argument \(em it indicates that you want
to remove the machine named
.B display
from the access list.
.PP
Note, too, that
the X server stores network addresses, not host names.
If somehow you change a host's network address
while the server is still running, you must use
.B xhost
to add the new address or remove the old address.
.PP
Copyright \(co1988, Massachusetts Institute of Technology.
.PP
.II "Scheifler, Bob"
.II "Gettys, Jim"
.B xhost
was written by
Bob Scheifler of the MIT Laboratory for Computer Science, and
Jim Gettys of MIT Project Athena.
