50

I asked Google the same question and didn't like the results I got.

What is /tmp/.X11-unix/?

ThorSummoner
  • 4,422
  • 5
    Wow, I was going to ask you what you didn't like about them... but those are some pretty terrible results. – derobert Apr 16 '15 at 18:52
  • Do you run Xvnc? – toxefa Apr 16 '15 at 18:52
  • 3
    @py4on I do not think so, I ask because of my interest in running graphical apps inside a docker container, to which this mentions forwaring this x11 socket to the container. http://stackoverflow.com/a/25334301/1695680 – ThorSummoner Apr 16 '15 at 19:47
  • Terrible? Really? In my part of the world the second search result is http://unix.stackexchange.com/questions/57138/ off this very WWW site. – JdeBP Apr 16 '15 at 20:11
  • 5
    @JdeBP indeed, but the title an excerpt give you no reason to click it—looks like troubleshooting some random problem. Of course now this question shows up, so Google is fixed. – derobert Apr 16 '15 at 20:17

3 Answers3

37

On my fairly up-to-date Arch laptop, /tmp/.X11-unix/ is a directory with one entry: X0, a Unix-domain socket.

The X11 server (usuall Xorg these days) communicates with clients like xterm, firefox, etc via some kind of reliable stream of bytes. A Unix domain socket is probably a bit more secure than a TCP socket open to the world, and probably a bit faster, as the kernel does it all, and does not have to rely on an ethernet or wireless card.

My X11 server shows up as:

bediger    294   293  0 Apr09 tty1     01:23:26 /usr/lib/xorg-server/Xorg -nolisten tcp :0 vt1 -auth /tmp/serverauth.aK3Lrv5hMV

The "-nolisten tcp" keeps it from opening TCP port 6000 for communications.

The command lsof -U can tell you what processes are using which Unix domain sockets. I see Xorg as connected to /tmp/.X11-unix/X0.

  • 1
    Was just about to link to another of your answers! http://unix.stackexchange.com/a/20380/109083 – toxefa Apr 16 '15 at 19:00
  • 2
    Not to nitpick but I doubt a unix local socket has any performance advantages over a local TCP socket (which doesn't use a hardware interface, and is also 100% kernel). – goldilocks Apr 16 '15 at 19:19
  • @goldilocks - an interesting assertion. –  Apr 16 '15 at 19:57
  • 2
    @goldilocks: see http://stackoverflow.com/questions/14973942/performance-tcp-loopback-connection-vs-unix-domain-socket – Max Apr 16 '15 at 20:43
  • 2
    @Max I stand corrected! Although it is not for the reasons cited by Bruce, but because of the overhead for the kernel's TCP stack. – goldilocks Apr 16 '15 at 21:07
  • I noticed that when trying to run X in docker, it only uses abstract unix domain sockets, without needing the actual /tmp/.X11-unix/X0 inside the container. – CMCDragonkai Jul 31 '18 at 11:09
14

The X server has several ways of communicating with X clients (apps). The most common one to use, at least on the same machine, is a Unix-domain socket.

A Unix-domain socket is like the more familiar TCP ones, except that instead of connecting to an address and port, you connect to a path. You use an actual file (a socket file) to connect.

The X server puts its socket in /tmp/.X11-unix:

$ ls -l /tmp/.X11-unix/X0 
srwxrwxrwx 1 root root 0 Dec 18 18:03 /tmp/.X11-unix/X0

Note the s in front of the permissions, which means its a socket. If you have multiple X servers running, you'll have more than one file there.

At least with the Linux manpages, more details about sockets (in general) can be found in man 7 socket. Details about Unix-domain sockets are in man 7 unix. Note that these pages are programmer-focused.

derobert
  • 109,670
1

/tmp/.X11-unix/X{n} are where X server put listening AF_DOMAIN sockets. Near the same place are /tmp/.X{n}-lock being locks. As is discussed in https://bugzilla.redhat.com/show_bug.cgi?id=503181 this scheme is not FHS good.

把友情留在无盐
  • 841