这个脚本在做什么?
#!/bin/bash
xhost +local:
xhost +si:localuser:root
的默认列表是什么xhost?
答案1
xhost +SI:localuser:root允许root用户访问正在运行的 X 服务器。当前 X 服务器由环境变量指示DISPLAY。xhost +local:对每个用户都执行相同的操作,因此此root行用处不大。
这手册页有相当好的解释:
[+]name The given name (the plus sign is optional) is added to the list
allowed to connect to the X server. The name can be a host
name or a complete name (See NAMES for more details).
...
NAMES
A complete name has the syntax ``family:name'' where the families are
as follows:
...
local contains only one name, the empty string
si Server Interpreted
...
The local family specifies all the local connections at once. However,
the server interpreted address "si:localuser:username" can be used to
specify a single local user. (See the Xsecurity(7) manual page for more
details.)
还有Xsecurity手册页说:
SERVER INTERPRETED ACCESS TYPES
The sample implementation includes several Server Interpreted
mechanisms:
IPv6 IPv6 literal addresses
hostname Network host name
localuser Local connection user id
localgroup Local connection group id
简单介绍一下:有两种常用方法允许访问 X 服务器。一种是通过文件Xauthority,该文件由客户端共享,不需要进一步的服务器端配置。另一种是通过列表xhost,在服务器上进行配置运行(所以这不是永久性的改变)。
因此,localuser关键字应按原样保留(root此处为用户名)。这有点像添加到组中,因为组在服务器对授权的理解中。但是,不会影响任何系统组或用户。只有 X 服务器的运行时配置会更改。
当不带参数运行时,默认行为xhost是打印列表,如手册页所述:
nothing If no command line arguments are given, a message indicating
whether or not access control is currently enabled is printed,
followed by the list of those allowed to connect.
例如:
$ xhost
access control enabled, only authorized clients can connect
SI:localuser:muru
(muru是我的用户名。)