tigervnc.conf
Section: Virtual Network Computing (5x)
Updated: Jan 13th, 2022
Index
Return to Main Contents
NAME
tigervnc.conf - configuration files for Virtual Network Computing
SYNOPSIS
$variable = someValue ";
$variable = someValue ";
$variable .= someValue ";
$variable = $var1 . $var2;
DESCRIPTION
This man page describes the syntax and options of the three configuration files
loaded by
tigervncserver(1),
the free X server for
Virtual Network Computing
(VNC). These configuration files can be used to change the behavior of the
server at startup time, although for all values suitable inbuilt defaults are
preset.
First, /etc/tigervnc/vncserver-config-defaults is read specifying the
system defaults.
Then,
tigervncserver(1)
will proceed and read $HOME/.vnc/tigervnc.conf, a file that can be
changed on a per-user base. The options in this file will override the system
defaults.
Next, command-line options overwrite both the system defaults and the settings
in $HOME/.vnc/tigervnc.conf.
Finally, the configuration file /etc/tigervnc/vncserver-config-mandatory
is parsed. If this file exists and defines options to be passed to Xtigervnc,
they will override any of the same options defined in a user's
$HOME/.vnc/tigervnc.conf as well as options given via the command line.
This file offers a mechanism to establish some basic form of system-wide policy.
WARNING! There is nothing stopping users from constructing their own start
script that calls Xtigervnc directly to bypass any options defined in
/etc/tigervnc/vncserver-config-mandatory.
EXAMPLES
The system configuration file /etc/tigervnc/vncserver-config-defaults should come with the Debian package tigervnc-standalone-server.
This file serves as an example for the user file $HOME/.vnc/tigervnc.conf.
The system configuration file is pretty self-descriptive, and this document will mainly repeat the information that already can be found there.
OVERVIEW
The file is in
perl(1)
syntax, although only variable assignment is allowed for your safety and
convenience. But there still a variety of possibilities to set the string
variables.
All variable names are prefixed by `$'. You can assign a string to a
variable using the `=' operator, and you can append a string to a variable
using the `.=' operator. You can concatenate two strings using the `.'
operator. You can substitute variables even inside quotes. You can access
the environment variables using the notation
$ENV{VARIABLE}.
You can unset a variable by assigning undef to it. Use this to
return the state of the variable from `set' to `use default'.
You must end a line with a semicolon.
OPTIONS
The options are given with their default value if this is known.
- $fontPath = <font_dir>,<font_dir>,... "
-
Should be a comma separated list of fonts to be added to the font
path. If not specified, the default will apply.
- $PAMService = tigervnc ";
-
This parameter specifies the PAM service used for plain password authentication
if one of the security types Plain, TLSPlain, or X509Plain is
used.
If
/etc/pam.d/vnc
is not present, then
tigervncserver(1)
expects to use the tigervnc PAM service to authenticate the passwords of
users when any of the *Plain security types are used. Note that the
tigervnc-common package provides the PAM service configuration file
/etc/pam.d/tigervnc.
Otherwise, if
/etc/pam.d/vnc
is present, then the vnc PAM service will be used.
$sslAutoGenCertCommand = openssl req
-
-newkey ec:/etc/tigervnc/openssl-ecparams.pem
-
-x509 -days 2190 -nodes";
-
The command specified by the $sslAutoGenCertCommand parameter is used to auto generate the certificate for the -X509Cert and -X509Key options of
Xtigervnc(1).
The configuration for
openssl(1SSL)
is taken from
/etc/tigervnc/openssl.cnf
where we substitute @HostName@ by the fully qualified domain name of the host.
- $vncUserDir = $ENV{HOME}/.vnc ";
-
Contains the filename for the log files directory of Xtigervnc
(the server) and the viewers that are connected to it.
- $vncPasswdFile = $vncUserDir . /passwd ";
-
Contains the filename of the password file for Xtigervnc. This file is only
used for the security types VncAuth, TLSVnc, and X509Vnc.
- $vncStartup = /etc/X11/Xtigervnc-session ";
-
Points to a script that will be started at the very beginning when neither
$vncUserDir/Xtigervnc-session
nor
$vncUserDir/xstartup
is present.
If
$vncUserDir/Xtigervnc-session
is present, it will be used. Otherwise, we try
$vncUserDir/xstartup.
If this is also absent, then we use the
$vncStartup
script. If
$vncStartup
is specified in
$vncUserDir/tigervnc.conf,
then this script is used unconditionally. That is without checking for the presence of
$vncUserDir/Xtigervnc-session
or
$vncUserDir/xstartup.
- $session = undef;
-
This option can be used to control which X session type will be started. This
should match one of the files in /usr/share/xsessions. For example, if
there is a file called gnome.desktop, then $session = "gnome" would
start this X session. The command to start the session is passed to the
$vncStartup
script. If this is not specified, then
/etc/X11/Xtigervnc-session
will start the session specified by
/usr/bin/x-session-manager.
- $xauthorityFile = $ENV{HOME}/.Xauthority ";
-
Specifies the path to the X authority file that should be used
by your Xtigervnc server.
- $desktopName = ${HOSTFQDN}:nn ($ENV{LOGNAME}) ";
-
Should be set to the default name of the desktop. This can be changed at the
command line with
-desktop.
- $geometry = <width>x<height> ";
-
This sets the framebuffer width & height to be used by the Xtigervnc
server. On default, 1920x1200 is used. A values for this option as well
as the
$depth
and
$pixelformat
options can be derived if the
tigervncserver(1)
is run in a X session - either $ENV{DISPLAY} or the session given by $getDefaultFrom
- with the -xdisplaydefaults option. The geometry can also be changed
at the commandline with the -geometry option. Otherwise, the fixed
defaults given here as well as in the following two configuration parameter
documentations will be used.
- $depth = 32 ";
-
This sets the framebuffer color depth, i.e., the number of bits per pixel to
use. It must be either 16, 24, or 32.
- $pixelformat = rgb888 ";
-
Specifies the pixel format for the
Xtigervnc(1)
server to use (BGRnnn or RGBnnn). The default for depth 16 is RGB565 (meaning
the most significant five bits represent red, the next six green, and the least
significant five represent blue) and for depth 24 and 32 is RGB888.
- $wmDecoration = 8x64 ";
-
Sets the adjustment of $geometry to accommodate the window decoration
used by the X11 window manager. This is used to fully display the VNC desktop
even if the VNC viewer is not in full screen mode.
- $getDefaultFrom
-
This option lets you set the display from which you can query the default of
the above three options, if you don't want to start tigervncserver from within
a running X server. It will be added to the call of xdpyinfo. It is useful to
get the default from the X server you will run xtigervncviewer in, because the
data has not to be recalculated then.
$getDefaultFrom = -display localhost:0 ";
is an example how to do this.
- $scrapingGeometry = <width>x<height>+<xoffset>+<yoffset> ";
-
is only used by the scraping TigerVNC server. It specifies the screen area that
will be shown to VNC clients, e.g., 640x480+320+240. The format is
<width>x<height>+<xoffset>+<yoffset>, where `+' signs can be replaced
with `-' signs to specify offsets from the right and/or from the bottom of the
screen. Offsets are optional, +0+0 is assumed by default (top left corner). If
the variable is not defined, full screen is shown to VNC clients (this is the
default).
- $localhost = yes ";
-
Should the TigerVNC server only listen on localhost for incoming TigerVNC
connections. This is useful if you use SSH and want to stop non-SSH
connections from any other hosts. Hence,
$localhost = yes "
is the default if security types are not specified. In this case, only the
security type VncAuth will be offered. If the security types are
specified, either via the option -SecurityTypes given to
tigervncserver(1)
or via the $SecurityTypes configuration parameter in
/etc/tigervnc/vncserver-config-defaults
or in
$HOME/.vnc/tigervnc.conf,
then the default depends on the specified security types. The default will be
$localhost = no "
if the specified security types contain at least one of the TLS* or
X509* secutity types and also contain none of the *None security
types. As always, the defaults can be overwritten on the commandline via the
-localhost option or via the $localhost configuration parameter in
/etc/tigervnc/vncserver-config-defaults
or in
$HOME/.vnc/tigervnc.conf.
- $SecurityTypes = VncAuth "
-
The $SecurityTypes parameter contains a comma separated list of the
default security types the Xtigervnc server will offer. Available security
types are None, VncAuth, Plain, TLSNone, TLSVnc,
TLSPlain, X509None, X509Vnc and X509Plain. The
*None security types do not offer any kind of user authentication for
connecting VNC sessions.
Hence, combining a *None security type and
$localhost = no "
is a very bad idea. The TLS* and X509* security types do enforce
SSL encryption for data transmission. Hence, combining a TLS* or
X509* security type and
$localhost = yes "
is a senseless idea. Thus, in the case of
$localhost = no ",thedefaultfor$SecurityTypeswillbe
extended from VncAuth to VncAuth,TLSVnc.
- $PlainUsers = $ENV{LOGNAME} "
-
The $PlainUsers configuration parameter contains a comma separated list
of users that are authorized to access the VNC server if the security types
Plain, TLSPlain, or X509Plain are used to establish the
connection. The password for these users are check by the system via the PAM
service specified via the $PAMService configuration variable or the
-PAMService option. On default, only the user starting the
tigervncserver is contained in the list. By specifying *, any user can
authenticate using this security type.
- $X509Cert and $X509Key
-
-
These two options contain the filenames for a certificate and its key that is used
for the security types X509None, X509Vnc, and X509Plain. If
nothing is specified - the default case - then a self-signed certificate
is auto-generated by
tigervncserver(1)
and stored in
$HOME/.vnc/${HOSTFQDN}-SrvCert.pem
and
$HOME/.vnc/${HOSTFQDN}-SrvKey.pem,
respectively.
If filenames are given for $X509Cert and $X509Key either here or
on the commandline via -X509Cert and -X509Key options, then
the auto generation is disabled and the user has to take care
that usable certificates are present.
FILES
- /etc/tigervnc/vncserver-config-defaults
-
The global configuration file specifying the defaults for tigervncserver and x0tigervncserver.
- ~/.vnc/tigervnc.conf
-
The user's tigervnc.conf configuration file.
To be compatible with the upstream provided wrapper scripts, we will
fall back to trying to load configuration from ~/.vnc/config if
tigervnc.conf is not present. Note that ~/.vnc/config uses
key=value lines as configuration syntax.
- /etc/tigervnc/vncserver-config-mandatory
-
If this file exists and defines options, they will override any of the same
options defined in a user's tigervnc.conf file or ones given on the
command line of the wrapper scripts tigervncserver and
x0tigervncserver. This file offers a mechanism to establish some basic
form of system-wide policy.
WARNING! There is nothing stopping users from constructing their own wrapper
script that calls Xtigervnc or X0tigervnc directly to bypass any options
defined in the /etc/tigervnc/vncserver-config-mandatory configuration file.
SEE ALSO
tigervncconfig(1),
tigervncpasswd(1),
tigervncserver(1),
tigervncsession(8),
x0tigervncserver(1),
Xtigervnc(1),
X0tigervnc(1),
xtigervncviewer(1)
AUTHOR
2022 - Modified for TigerVNC 1.12.0 by Joachim Falk (Joachim.Falk@gmx.de)
2021 - Modified for TigerVNC 1.11.0 by Joachim Falk (Joachim.Falk@gmx.de)
2016 - Modified for TigerVNC 1.7 by Joachim Falk (Joachim.Falk@gmx.de)
2006 - Modified for vnc 4.1.2 by Joachim Falk (Joachim.Falk@gmx.de)
1998 - Originally written by Marcus Brinkmann (Marcus.Brinkmann@ruhr-uni-bochum.de)
for the Debian GNU/Linux Distribution.
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- EXAMPLES
-
- OVERVIEW
-
- OPTIONS
-
- FILES
-
- SEE ALSO
-
- AUTHOR
-
This document was created by
man2html,
using the manual pages.
Time: 23:01:02 GMT, May 02, 2024