How can I use X Window applications like XEmacs or Mathematica on Macintosh? On other computers?
The general answer is, it depends.
Mathematica on the PKS cluster computer is available only as a command-line application. If you wish to use Mathematica on it, either run the command math or connect the Mathematica frontend installed locally on your Macintosh to the Mathematica kernel on a cluster node. This requires public-key authentication via SSH. How to set this up is described elsewhere on this site.
An X Window server is installed on your Macintosh, too. It is an application called X11.app and can be found in the Utilities folder located inside the Applications folder. Of course, the standard X11 applications like xterm or xev are available.
If you want to manipulate data stored in your home directory on the cluster computer using an X Window application, you should mount your PKS home directory on your Macintosh/PC/laptop/whatever using SSH as a filesystem and start the X Window application locally.
If you prefer to use the X Window applications installed on the PKS servers, create an X11-tunnel using SSH. (See elsewhere on this site for instructions on how to create a properly encrypted SSH tunnel.)
Full disk access needed
Starting with OS X 10.11 El Capitan, Apple introduced System Integrity Protection (SIP), comprising a bunch of security features for the OS. In macOS 10.14 Mojave, this has been extended to include restrictions for application programs accessing the local filesystem. This affects many X11 applications as well.
Example: On macOS 10.15 Catalina, open /Applications/Utilities/XQuartz.app and run an xterm, for example by pressing ⌘N. Doing ls ~/Documents results in an operation not permitted error. To avoid this and other types of filesystem access errors, full disk access has to be granted to XQuartz.
Great, you say, so I am smart and add Xquartz.app to the Full Disk Access list of applications in the Security control panel of System Preferences. Weird, you will see, that doesn’t help you out. Before thinking of diabling SIP entirely, please better do the following:
- Open
System Preferences.
- Activate the
Security control panel.
- Click the
Privacy tab.
- Choose
Full Disk Access in the list on the left.
- Click the lock at the bottom left and identify yourself as an administrator.
- Click
+ underneath the right-hand side list to open a popup window with a folder listing.
- Open
Terminal.app and type open /bin to open a Finder window listing the contents of /bin.
- Drag the
bash icon onto the popup window of System Preferences opened two steps before.
- Click
Open to add /bin/bash to the list of applications having full disk access.
Being super smart, you might say “but my shell is /bin/zsh (default since macOS 10.15), so let me add that instead of /bin/bash”. Well, this won’t help either. Why? Look at the property list /Applications/Utilities/XQuartz.app/Contents/Info.plist. Under the key CFBundleExecutable you will find the value X11, meaning that a double-click in Finder actually tells it to open /Applications/Utilities/XQuartz.app/Contents/MacOS/X11. And this is a /bin/bash shell script. Your login shell as well as all other applications started under X11 is a daughter process of it and inherits the right to access local storage from the initial X11 script.