Error while starting the X server

Support knowledgebase (maddin_xhost)
Applies to

SuSE Linux: All versions

Symptom:

You try to log in using xlogin and xdm as user A and you want to start an X application as user B (e.g. as user root, see also http://www.suse.de/sdb/en/html/perms.html).

You get the following error message:

Xlib: connection to ":0.0" refused by server
Xlib: Client is not authorized to connect to Server
Error: Can't open display: :0.0
Afterwards the program crashes.

Cause:

Using X as a matter of principle just the user can join the display that started X.

This feature is a security mechanism in the X window system. This mechanism protects against unwanted readers of your dislpay through other users or foreign systems, because X window systems are network compatible resp. network transparent.

Without any protection mechanism any user or any foreigner via ethernet is able to connect to your local machine and read your display online and accordingly able to adept and explore your password or other confidential information .

The above mentioned mechanism prevents this possibility. Further information about this security mechanism can be found in the manpage Xsecurity (Use: man Xsecurity).

Solution:

Every user can give access to other users to share their display Therefore 2 mechanism are supposed. The first is quite fast but also somewhat insecure:
xhost +localhost
Instead of localhost any other machine can be admitted. Thereby all users are permitted to access the display on this machine. That is to say no perimeter of the allowed users is possible.

By far secure is the procedure to set a key directly to the display alike described in the manpage xauth (Using: man xauth). Every user of the display can read out the key by the use of the following commands:

xauth list :0
or
xauth list `hostname`:0
and a second user with
xauth add <KEY>
Whereas <KEY> is one of the lines out of xauth list.

Of course you can read out or set the keys from other displays by the use of xauth . As a rule the local display can be accessed with

:0
or from a foreign machine with
<HOSTNAME>:0
In the first case the local display will be used in the second case another display via network (e.g. Ethernet) to another machine with the name <HOSTNAME>.

If you want to use another display than :0 or if you want to work from another machine you have to set the display correctly. For a bash or any other bourne-shell the command is:

DISPLAY=<HOSTNAME>:<NUMBER>
export DISPLAY
for the tcsh or csh:
setenv DISPLAY <HOSTNAME>:<NUMBER>
<HOSTNAME> is the name of the machine and <NUMBER> is the number of the display.
Keywords: XHOST, XAUTH, DISPLAY, X SERVER, XFREE, XDM, STARTX, XLIB

Categories: X Applications

SDB-maddin_xhost, Copyright SuSE Linux AG, Nürnberg, Germany - Version: 22. Jun 2001
SuSE Linux AG - Last generated: 08. Mai 2002 by ast (sdb_gen 1.40.0)