Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Restrict XWindows Server Access by IP Address
Operating Systems Solaris Restrict XWindows Server Access by IP Address Post 302545651 by zaxxon on Tuesday 9th of August 2011 04:40:34 AM
Old 08-09-2011
From the man page of xhost.
Quote:
The xhost program is used to add and delete host names or user names to the list allowed to make connections to the X server.
 

9 More Discussions You Might Find Interesting

1. UNIX and Linux Applications

Exim Restrict outgoing relay by ip address

I am moving our email server from MS Exchange to Exim on Ubuntu 8.04.1. Version of Exim is 4.68. As one of our security layers, we restrict authorization to send/relay email via our mail server from approved IP networks only. Whether this is a perfect method or not is irrelevant as it is but one... (0 Replies)
Discussion started by: bsgcic
0 Replies

2. UNIX for Advanced & Expert Users

Restrict Access to the folder

Hi I have requirement to create 3 new users on my server but to restrict their access to a set of particular folders. /export/home/kapil/shared, /export/home/kapil/shared/Folder1 /export/home/kapil/shared/Folder2 These folders should be accessible to all the 3 users and to me too.... (1 Reply)
Discussion started by: kapilk
1 Replies

3. Linux

Restrict NFS access to root

Hi Everybody, If there is a general NFS share in the LAN and for example this share has three files - a, b, c is there any way to restrict file access to the root user of one particular host(falcon) in the same LAN environment while the normal users from the same host(falcon) should be able... (4 Replies)
Discussion started by: sudhirav
4 Replies

4. UNIX for Dummies Questions & Answers

Restrict user access.

Hi All, How can we restrict a particular user access to a particular shell in solaris 10. Thanks in Advance. (5 Replies)
Discussion started by: rama krishna
5 Replies

5. Red Hat

Restrict user access

Hi there I have an application user on my system that wants accesses to these file systems as such: rwx: /SAPO /SAPS12 /R3_888 /R3_888B /R3_888F /R3_888R r: /usr/sap these are the existing FS permissions:ownerships: # ls -ld /SAPO (9 Replies)
Discussion started by: hedkandi
9 Replies

6. Ubuntu

Restrict SUDO Access

Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux Hi Folks, Please help me. I am bit struck here. Here is the OS info. Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux I have a... (17 Replies)
Discussion started by: explorer007
17 Replies

7. UNIX for Advanced & Expert Users

IBM directory server - how to restrict AIX client access to read-only

Hello all, I am using IBM Directory Server (as a part of AIX7 extension pack) in an AIX environment. To set up the server I use command: mksecldap -s -a cn=admin -p PWD -S RFC2307AIX -d o=COMPANY -u NONE Then, to set up IDS clients I use the following (I have 2 mutually replicating servers... (0 Replies)
Discussion started by: Myaso
0 Replies

8. UNIX for Dummies Questions & Answers

Restrict access

I'm trying to use squid to restrict elinks' access to certain websites(only http traffic). I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :) ---------- Post updated at 05:40 PM ---------- Previous update was at... (1 Reply)
Discussion started by: Birnbacher
1 Replies

9. What is on Your Mind?

Plan to Restrict RSS Access by IP Address

Hello Everyone, We plan to restrict all RSS news feed access soon based on IP address. This means that if you have a website or application that using our site RSS feeds, you can still do it; but your must register you site in this thread. So please reply with your IP address of your server... (7 Replies)
Discussion started by: Neo
7 Replies

LEARN ABOUT LINUX

xhost

XHOST(1)                                                      General Commands Manual                                                     XHOST(1)

NAME

       xhost - server access control program for X

SYNOPSIS

       xhost [[+-]name ...]

DESCRIPTION

       The  xhost program is used to add and delete host names or user names to the list allowed to make connections to the X server.  In the case
       of hosts, this provides a rudimentary form of privacy control and security.  It is only sufficient for a workstation (single user) environ-
       ment,  although  it  does  limit  the worst abuses.  Environments which require more sophisticated measures should implement the user-based
       mechanism or use the hooks in the protocol for passing other authentication data to the server.

OPTIONS

       Xhost accepts the following command line options described below.  For security, the options that affect access control  may  only  be  run
       from the "controlling host".  For workstations, this is the same machine as the server.  For X terminals, it is the login host.

       -help   Prints a usage message.

       [+]name The given name (the plus sign is optional) is added to the list allowed to connect to the X server.  The name can be a host name or
               a complete name (See NAMES for more details).

       -name   The given name is removed from the list of allowed to connect to the server.  The name can be a host name or a complete  name  (See
               NAMES  for  more details).  Existing connections are not broken, but new connection attempts will be denied.  Note that the current
               machine is allowed to be removed; however, further connections (including attempts to add it back) will not be  permitted.   Reset-
               ting the server (thereby breaking all connections) is the only way to allow local connections again.

       +       Access is granted to everyone, even if they aren't on the list (i.e., access control is turned off).

       -       Access is restricted to only those on the list (i.e., access control is turned on).

       nothing If  no  command  line arguments are given, a message indicating whether or not access control is currently enabled is printed, fol-
               lowed by the list of those allowed to connect.  This is the only option that may be used from machines other than  the  controlling
               host.

NAMES

       A complete name has the syntax ``family:name'' where the families are as follows:

       inet      Internet host (IPv4)
       inet6     Internet host (IPv6)
       dnet      DECnet host
       nis       Secure RPC network name
       krb       Kerberos V5 principal
       local     contains only one name, the empty string
       si        Server Interpreted

       The family is case insensitive.  The format of the name varies with the family.

       When  Secure  RPC is being used, the network independent netname (e.g., "nis:unix.uid@domainname") can be specified, or a local user can be
       specified with just the username and a trailing at-sign (e.g., "nis:pat@").

       For backward compatibility with pre-R6 xhost, names that contain an at-sign (@) are assumed to be in the nis family.   Otherwise  they  are
       assumed to be Internet addresses. If compiled to support IPv6, then all IPv4 and IPv6 addresses returned by getaddrinfo(3) are added to the
       access list in the appropriate inet or inet6 family.

       The local family specifies all the local connections at once. However, the server interpreted address "si:localuser:username" can  be  used
       to specify a single local user. (See the Xsecurity(7) manual page for more details.)

       Server interpreted addresses consist of a case-sensitive type tag and a string representing a given value, separated by a colon.  For exam-
       ple, "si:hostname:almas" is a server interpreted address of type hostname, with a value of almas.   For more information on  the  available
       forms of server interpreted addresses, see the Xsecurity(7) manual page.

       The  initial  access  control  list for display number n may be set by the file /etc/Xn.hosts, where n is the display number of the server.
       See Xserver(1) for details.

DIAGNOSTICS

       For each name added to the access control list, a line of the form "name being added to access control list" is  printed.   For  each  name
       removed from the access control list, a line of the form "name being removed from access control list" is printed.

SEE ALSO

       X(7), Xsecurity(7), Xserver(1), xdm(1), xauth(1), getaddrinfo(3)

ENVIRONMENT

       DISPLAY to get the default host and display to use.

BUGS

       You  can't  specify a display on the command line because -display is a valid command line argument (indicating that you want to remove the
       machine named ``display'' from the access list).

       The X server stores network addresses, not host names, unless you use the server-interpreted hostname type address.  If somehow you  change
       a host's network address while the server is still running, and you are using a network-address based form of authentication, xhost must be
       used to add the new address and/or remove the old address.

AUTHORS

       Bob Scheifler, MIT Laboratory for Computer Science,
       Jim Gettys, MIT Project Athena (DEC).

X Version 11                                                        xhost 1.0.5                                                           XHOST(1)
All times are GMT -4. The time now is 09:14 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy