1. xhost [[+-]name ...] (server access control program for X)
options:
-help Prints a usage message.
[+]name The given name(the plus sign is optional) is added to the list allowed to connect to the X server. The name can be a host name or a user name.
-name The given name is removed from the list of allowed to connect to the server. The name can be a host name or a user name. Existing connections are not broken, but new connection attempts will be denied. Note that the current machine is allowed to be removed; however, further connections (including attempts to add it back) will not be permitted. Resetting the server (thereby breaking all connections) is the only way to allow local connections again.
+ Access is granted to everyone, even if they aren’t on the list (i.e., access control is turned off).
- Access is restricted to only those on the list (i.e., access control is turned on).
nothing If no command line arguments are given, a message indicating whether or not access control is currently enabled is printed, followed by the list of those allowed to connect. This is the only option that may be used from machines other than the controlling host.
2. DISPLAY 环境变量
在Linux/Unix类操作系统上, DISPLAY用来设置将图形显示到何处. 直接登陆图形界面或者登陆命令行界面后使用startx启动图形, DISPLAY环境变量将自动设置为:0:0, 使用xdpyinfo可以查看当前显示的详细信息
DISPLAY 环境变量格式如下host:NumA.NumB, host指Xserver所在的主机主机名或者ip地址, 图形将显示在这一机器上, 可以是启动了图形界面的Linux/Unix机器, 也可以是安装了Exceed, X-Deep/32等Windows平台运行的Xserver的Windows机器. 如果Host为空, 则表示Xserver运行于本机, 并且图形程序(Xclient)使用unix socket方式连接到Xserver, 而不是TCP方式. 使用TCP方式连接时, NumA为连接的端口减去6000的值, 如果NumA为0, 则表示连接到6000端口; 使用unix socket方式连接时则表示连接的unix socket的路径, 如果为0, 则表示连接到/tmp/.X11-unix/X0. NumB则几乎总是0.
如果使用su username或者su - username切换到别的用户, 并且使用命令
export DISPLAY=:0.0
设置DISPLAY环境变量, 运行图形程序(如xclock)时会收到如下错误:
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified
Error: Can't open display: :0.0
这是因为Xserver默认情况下不允许别的用户的图形程序的图形显示在当前屏幕上. 如果需要别的用户的图形显示在当前屏幕上, 则应以当前登陆的用户, 也就是切换身份前的用户执行如下命令
xhost +
这个命令将允许别的用户启动的图形程序将图形显示在当前屏幕上.
3. 配置运行远程服务器的图形程序
a.服务器端配置文件/etc/ssh/sshd_config中修改
X11Forwarding no #禁止用户运行远程主机上的X程序
b.客户端配置文件/etc/ssh/ssh_config
ForwardX11 yes 设置X11连接是否被自动重定向到安全的通道和显示集(DISPLAY set)
c.设置本地机器的Xserver监听相应的TCP端口. 而现在的Linux系统出于安全的考虑, 默认情况下不再监听TCP端口. 可通过修改/etc/X11/xinit/xserverrc文件, 将
exec /usr/bin/X11/X -dpi 100 -nolisten tcp #dpi(dots per inch)-像素
修改为
exec /usr/bin/X11/X -dpi 100
允许在直接使用startx启动图形时启动对TCP端口的监听.
或者登陆窗口选择"Options" -> "Configure Login Manager..."的Security页面, 取消"Deny TCP connections to Xserver"
options:
-help Prints a usage message.
[+]name The given name(the plus sign is optional) is added to the list allowed to connect to the X server. The name can be a host name or a user name.
-name The given name is removed from the list of allowed to connect to the server. The name can be a host name or a user name. Existing connections are not broken, but new connection attempts will be denied. Note that the current machine is allowed to be removed; however, further connections (including attempts to add it back) will not be permitted. Resetting the server (thereby breaking all connections) is the only way to allow local connections again.
+ Access is granted to everyone, even if they aren’t on the list (i.e., access control is turned off).
- Access is restricted to only those on the list (i.e., access control is turned on).
nothing If no command line arguments are given, a message indicating whether or not access control is currently enabled is printed, followed by the list of those allowed to connect. This is the only option that may be used from machines other than the controlling host.
2. DISPLAY 环境变量
在Linux/Unix类操作系统上, DISPLAY用来设置将图形显示到何处. 直接登陆图形界面或者登陆命令行界面后使用startx启动图形, DISPLAY环境变量将自动设置为:0:0, 使用xdpyinfo可以查看当前显示的详细信息
DISPLAY 环境变量格式如下host:NumA.NumB, host指Xserver所在的主机主机名或者ip地址, 图形将显示在这一机器上, 可以是启动了图形界面的Linux/Unix机器, 也可以是安装了Exceed, X-Deep/32等Windows平台运行的Xserver的Windows机器. 如果Host为空, 则表示Xserver运行于本机, 并且图形程序(Xclient)使用unix socket方式连接到Xserver, 而不是TCP方式. 使用TCP方式连接时, NumA为连接的端口减去6000的值, 如果NumA为0, 则表示连接到6000端口; 使用unix socket方式连接时则表示连接的unix socket的路径, 如果为0, 则表示连接到/tmp/.X11-unix/X0. NumB则几乎总是0.
如果使用su username或者su - username切换到别的用户, 并且使用命令
export DISPLAY=:0.0
设置DISPLAY环境变量, 运行图形程序(如xclock)时会收到如下错误:
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified
Error: Can't open display: :0.0
这是因为Xserver默认情况下不允许别的用户的图形程序的图形显示在当前屏幕上. 如果需要别的用户的图形显示在当前屏幕上, 则应以当前登陆的用户, 也就是切换身份前的用户执行如下命令
xhost +
这个命令将允许别的用户启动的图形程序将图形显示在当前屏幕上.
3. 配置运行远程服务器的图形程序
a.服务器端配置文件/etc/ssh/sshd_config中修改
X11Forwarding no #禁止用户运行远程主机上的X程序
b.客户端配置文件/etc/ssh/ssh_config
ForwardX11 yes 设置X11连接是否被自动重定向到安全的通道和显示集(DISPLAY set)
c.设置本地机器的Xserver监听相应的TCP端口. 而现在的Linux系统出于安全的考虑, 默认情况下不再监听TCP端口. 可通过修改/etc/X11/xinit/xserverrc文件, 将
exec /usr/bin/X11/X -dpi 100 -nolisten tcp #dpi(dots per inch)-像素
修改为
exec /usr/bin/X11/X -dpi 100
允许在直接使用startx启动图形时启动对TCP端口的监听.
或者登陆窗口选择"Options" -> "Configure Login Manager..."的Security页面, 取消"Deny TCP connections to Xserver"
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· AI编程工具终极对决:字节Trae VS Cursor,谁才是开发者新宠?
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!