Answers:
xhost +SI:localuser:root允许root用户访问正在运行的X服务器。当前的X服务器由DISPLAY环境变量指示。xhost +local:每个用户的操作都相同,因此该root行用处不大。
该手册页有相当不错的解释:
[+]name The given name (the plus sign is optional) is added to the list
allowed to connect to the X server. The name can be a host
name or a complete name (See NAMES for more details).
...
NAMES
A complete name has the syntax ``family:name'' where the families are
as follows:
...
local contains only one name, the empty string
si Server Interpreted
...
The local family specifies all the local connections at once. However,
the server interpreted address "si:localuser:username" can be used to
specify a single local user. (See the Xsecurity(7) manual page for more
details.)
而且Xsecurity手册页说:
SERVER INTERPRETED ACCESS TYPES
The sample implementation includes several Server Interpreted
mechanisms:
IPv6 IPv6 literal addresses
hostname Network host name
localuser Local connection user id
localgroup Local connection group id
有一点上下文:有两种常用方法允许访问X服务器。一种是通过Xauthority文件,该文件由客户端共享,不需要进一步的服务器端配置。另一个是通过xhost列表,在运行时在服务器上完成配置(因此这不是永久性的更改)。
因此,localuser是要保留的关键字(root此处是用户名)。这有点像添加到组中,因为这些组是服务器对授权的理解。但是,没有系统组或用户受到影响。仅X服务器的运行时配置被更改。
xhost不带参数运行时的默认行为是打印列表,如联机帮助页所述:
nothing If no command line arguments are given, a message indicating
whether or not access control is currently enabled is printed,
followed by the list of those allowed to connect.
例如:
$ xhost
access control enabled, only authorized clients can connect
SI:localuser:muru
(muru是我的用户名。)
(摘自我在Unix&Linux上的文章)