connection to ":0.0" refused by server

Chris Waters
14 Jul 1999 08:07:02 -0700

Alan DuBoff <> writes:

> When I su to another user on the system (inside a terminal), I get the
> following error when trying to run an X app:

> Xlib: connection to ":0.0" refused by server

> I can do this on Red Hat, but not Debian.

Really?  Solaris, HP/UX, and every other Unix I've ever used will do
the same thing as Debian here.  I'm a bit appalled to hear of a system
that doesn't refuse the connection.  No professional quality system
would do such a thing.  Obviously, RH doesn't fall into that category.

> How can I change this setting for Xlib?

First of all, do *not* follow the advice that someone else posted of
using "xhost +".  This is a *major* security hole.  In fact, the xhost
program is pretty much nothing but a security hole.  (RH probably
either does this or the slightly less insane "xhost +localhost" by
default, which is still extremely bad.)

Instead, browse /usr/doc/X11/FAQ, paying particular attention to the
question labeled: "How do I run an X client as root when the X session
is run by a user?"  Or, if you want all the gorey details, read the
xauth(1x) man page.

A quote from the FAQ:

"Finally, you should NEVER, EVER use the xhost command to manage X server
access control unless you know exactly what you are doing (even then,
there's hardly ever a good reason short of seeing just how many ways the
security of your system can be compromised)."
Chris Waters | I have a truly elegant proof of the
      or | above, but it is too long to fit into     | this .signature file.