nxagent - nested Xserver optimized for remote computing
nxagent is an X server for remote application/desktop
access similar to Xnest or Xephyr.
nxagent implements a very efficient compression of the X11
protocol, called the NX protocol.
The NX protocol increases performance when using X applications
over high latency and low bandwidth networks, while providing a local
(LAN-like) usage experience even if connecting from off-site locations (via
cable modem or GSM).
nxagent can be used standalone as a nested X server (with
NX protocol disabled), but its real benefits are gained when using it over
remote connections via the nxcomp compression library. The counterpart
application on the other end (i.e. the client) is called nxproxy.
When used in proxy <-> agent mode, nxagent adds the
feature of being suspendible. Sessions can be started from one client,
suspended and then resumed from another (or the same) client.
nxagent and nxproxy are utilized by various remote
application/desktop frameworks for providing server-side GUI application
access from remote client systems.
Currently, nxagent is co-maintained by three of these
projects: The Arctica Project, TheQVD and X2Go.
nxagent should be run in user space. Other than the
system's local X.org server, nxagent does not require to be run as
root. When bundled with a remote application framework, you normally don't
have to launch nxagent manually. nxagent startup is usually
managed by the underlying framework (e.g. Arctica Session Manager, X2Go
Server, etc.).
When nxagent starts up (e.g. by typing 'nxagent -ac :1' in
a terminal window), it typically launches in "windowed desktop"
mode. On your local X server a new window appears being an X server
itself.
However, nxagent also supports rootless (or seamless)
application mode and a shadow session mode (similar to what VNC does).
Example: You can launch a complete desktop session inside this
nested X server now:
- The Debian way...
$ export DISPLAY=:1
$ STARTUP=mate-session /etc/X11/Xsession
- The Fedora / Gentoo /
openSUSE way...
### FIXME / TODO ###
However, nxagent also supports rootless (or seamless)
application mode and a shadow session mode (similar to what VNC does).
nxagent accepts a range of default X server options as
described below. Those default options have to be provided via the command
line.
Furthermore, nxagent accepts some nx-X11 specific options,
described further below.
Last but not least, nxagent accepts several more options,
the so-called nx/nx options, provided via the $DISPLAY environment variable
or the -options command line option. See below for further
details.
- :displaynumber
- The X server runs as the given displaynumber, which by default is
0. If multiple X servers are to run simultaneously on a host, each must
have a unique display number. See the DISPLAY NAMES section of the
X(__miscmansuffix__) manual page to learn how to specify which
display number clients should try to use.
- -a number
- sets pointer acceleration (i.e. the ratio of how much is reported to how
much the user actually moved the pointer).
- -ac
- disables host-based access control mechanisms. Enables access by any host,
and permits any host to modify the access control list. Use with extreme
caution. This option exists primarily for running test suites
remotely.
- -audit
level
- sets the audit trail level. The default level is 1, meaning only
connection rejections are reported. Level 2 additionally reports all
successful connections and disconnects. Level 4 enables messages from the
SECURITY extension, if present, including generation and revocation of
authorizations and violations of the security policy. Level 0 turns off
the audit trail. Audit lines are sent as standard error output.
- -auth
authorization-file
- specifies a file which contains a collection of authorization records used
to authenticate access. See also the xdm(1) and
Xsecurity(__miscmansuffix__) manual pages.
- -bs
- disables backing store support on all screens.
- -br
- sets the default root window to solid black (default).
- -wr
- sets the default root window to solid white.
- -c
- turns off key-click.
- c volume
- sets key-click volume (allowable range: 0-100).
- -cc class
- sets the visual class for the root window of color screens. The class
numbers are as specified in the X protocol. Not obeyed by all
servers.
- -co
filename
- This used to be the option for specifying the path to the RGB color
database file. As the RGB color database is now embedded into the binary
this option has no effect but is kept for compatibility. Deprecated.
- -core
- causes the server to generate a core dump on fatal errors.
- -displayfd
fd
- specifies a file descriptor in the launching process. Rather than
specifying a display number, the X server will attempt to listen on
successively higher display numbers, and upon finding a free one, will
write the port number back on this file descriptor as a newline-terminated
string. The -pn option is ignored when using -displayfd.
nxagent specific:
(1) Other than in X.org's Xserver, you can use
-displayfd in conjunction with an explicit display number. If the
explicit display number is not available (i.e., already in use), nxagent
tries to figure out the next available display number,
e.g.:
nxagent -displayfd 2 :50
(2) If -displayfd <X> is given with <X>
equaling 2 (STDERR), then the display number string written to STDERR is
beautified with some human-readable (machine-parseable) text.
- -sync
- This option tells nxagent to synchronize its window and graphics
operations with the real server. This is a useful option for debugging,
but it will slow down nxagent's performance considerably. It should
not be used unless absolutely necessary.
- -full
- This option tells nxagent to utilize full regeneration of real
server objects and reopen a new connection to the real server each time
nxagent regenerates. The sample server implementation regenerates
all objects in the server when the last client of this server terminates.
When this happens, nxagent by default maintains the same top-level
window and the same real server connection in each new generation. If the
user selects full regeneration, even the top-level window and the
connection to the real server will be regenerated for each server
generation.
- -class
string
- This option specifies the default visual class of the nested server. It is
similar to the -cc option from the set of standard options except
that it will accept a string rather than a number for the visual class
specification. The string must be one of the following six values:
StaticGray, GrayScale, StaticColor,
PseudoColor, TrueColor, or DirectColor. If both the
-class and -cc options are specified, the last instance of
either option takes precedence. The class of the default visual of the
nested server need not be the same as the class of the default visual of
the real server, but it must be supported by the real server. Use
xdpyinfo(__appmansuffix__) to obtain a list of supported visual
classes on the real server before starting nxagent. If the user
chooses a static class, all the colors in the default color map will be
preallocated. If the user chooses a dynamic class, colors in the default
color map will be available to individual clients for allocation.
- -deferglyphs
whichfonts
- specifies the types of fonts for which the server should attempt to use
deferred glyph loading. whichfonts can be all (all fonts), none (no
fonts), or 16 (16 bit fonts only).
- -depth
int
- This option specifies the default visual depth of the nested server. The
depth of the default visual of the nested server need not be the same as
the depth of the default visual of the real server, but it must be
supported by the real server. Use xdpyinfo(__appmansuffix__) to
obtain a list of supported visual depths on the real server before
starting nxagent.
- -geometry
WxH+X+Y
- This option specifies the geometry parameters for the top-level
nxagent window. See “GEOMETRY SPECIFICATIONS” in
X(__miscmansuffix__) for a discusson of this option's syntax. This
window corresponds to the root window of the nested server. The width
W and height H specified with this option will be the
maximum width and height of each top-level nxagent window.
nxagent will allow the user to make any top-level window smaller,
but it will not actually change the size of the nested server root window.
If this option is not specified, nxagent will choose W and
H to be 3/4ths the dimensions of the root window of the real
server. For further values accepted see the documentation of
geometry=<string> below.
- -dpi
resolution
- sets the resolution for all screens, in dots per inch. If this option is
not specified nxagent will assume 96. There's also -autodpi
which will clone the real server's dpi. Note that the resolution specified
via -dpi is a per session setting. It cannot be changed on
reconnect! This means that clients may look "wrong" when
reconnecting a session that had been started with a different dpi than the
current real xserver.
- dpms
- enables DPMS (display power management services), where supported. The
default state is platform and configuration specific.
- -dpms
- disables DPMS (display power management services). The default state is
platform and configuration specific.
- -f volume
- sets feep (bell) volume (allowable range: 0-100).
- -fc
cursorFont
- sets default cursor font.
- -fn font
- sets the default font.
- -fp
fontPath
- sets the search path for fonts. This path is a comma separated list of
directories which the X server searches for font databases. See the FONTS
section of this manual page for more information and the default
list.
- -help
- prints a usage message.
- -I
- causes all remaining command line arguments to be ignored.
- -maxbigreqsize
size
- sets the maximum big request to size MB.
- -name string
- This option specifies the name of the top-level nxagent window as
string. The default value is the program name.
- -nolisten
trans-type
- disables a transport type. For example, TCP/IP connections can be disabled
with -nolisten tcp. This option may be issued multiple times to
disable listening to different transport types.
- -noreset
- prevents a server reset when the last client connection is closed. This
overrides a previous -terminate command line option.
- -p minutes
- sets screen-saver pattern cycle time in minutes.
- -pn
- permits the server to continue running if it fails to establish all of its
well-known sockets (connection points for clients), but establishes at
least one. This option is set by default.
- -nopn
- causes the server to exit if it fails to establish all of its well-known
sockets (connection points for clients).
- -r
- turns off auto-repeat.
- r
- turns on auto-repeat.
- -s minutes
- sets screen-saver timeout time in minutes.
- -su
- disables save under support on all screens.
- -t number
- sets pointer acceleration threshold in pixels (i.e. after how many pixels
pointer acceleration should take effect).
- -terminate
- causes the server to terminate at server reset, instead of continuing to
run. This overrides a previous -noreset command line option.
- -to seconds
- sets default connection timeout in seconds.
- -tst
- disables all testing extensions.
- v
- sets video-off screen-saver preference.
- -v
- sets video-on screen-saver preference.
- -wm
- forces the default backing-store of all windows to be WhenMapped. This is
a backdoor way of getting backing-store to apply to all windows. Although
all mapped windows will have backing store, the backing store attribute
value reported by the server for a window will be the last value
established by a client. If it has never been set by a client, the server
will report the default value, NotUseful. This behavior is required by the
X protocol, which allows the server to exceed the client's backing store
expectations but does not provide a way to tell the client that it is
doing so.
- [+-]xinerama
- enables(+) or disables(-) XINERAMA provided via the PanoramiX extension.
This is set to off by default.
- [+-]rrxinerama
- enables(+) or disables(-) XINERAMA provided via the RandR extension. By
default, this feature is enabled. To disable XINERAMA completely, make
sure to use both options (-xinerama and -rrxinerama) on the
command line.
nxagent additionally accepts the following non-standard
options:
- -logo
- turns on the X Window System logo display in the screen-saver. There is
currently no way to change this from a client.
- nologo
- turns off the X Window System logo display in the screen-saver. There is
currently no way to change this from a client.
- -render
-
default|mono|gray|color
sets the color allocation policy that will be used by the
render extension.
- default
- selects the default policy defined for the display depth of the X
server.
- mono
- don't use any color cell.
- gray
- use a gray map of 13 color cells for the X render extension.
- color
- use a color cube of at most 4*4*4 colors (that is 64 color cells).
- -dumbSched
- disables smart scheduling on platforms that support the smart
scheduler.
- -schedInterval
interval
- sets the smart scheduler's scheduling interval to interval
milliseconds.
The nx-X11 system adds the following command line arguments:
- -forcenx
- force use of NX protocol messages assuming communication through
nxproxy
- -id string
- The session id.
- -autograb
- enable autograb mode on nxagent startup. The autograb feature can
be toggled via nxagent keystrokes
- -nxrealwindowprop
- set property NX_REAL_WINDOW for each X11 client inside nxagent,
providing the window XID of the corresponding window object on the X
server that nxagent runs on
- -reportwids
- explicitly tell nxagent to report its externally exposed X11 window
IDs to the session log (in machine readable form), so that external
parsers can obtain that information from there
- -reportprivatewids
- explicitly tell nxagent to report X11 window IDs of internally
created window objects to the session log (in machine readable form), so
that external parsers can obtain that information from there; this creates
a lot of output and may affect performance
- -timeout
int
- auto-disconnect timeout in seconds (minimum allowed: 60). Default is 0 (no
timeout).
- -norootlessexit
- don't exit if there are no clients in rootless mode
- -autodpi
- detect real server's DPI and set it in the agent session; the -dpi
cmdline option overrides -autodpi. Note that
using -autodpi will also adapt the DPI on reconnect which will
cause newly started clients respecting the new DPI while clients that had
been started before the reconnect still use the old DPI. This may lead to
applications looking "weird".
- -nomagicpixel
- disable magic pixel support at session startup, can be re-enabled via
nx/nx option on session resumption
- -norender
- disable the use of the render extension
- -nocomposite
- disable the use of the composite extension
- -nopersistent
- disable disconnection/reconnection to the X display on SIGHUP.
Non-persistent sessions will terminate on SIGHUP.
- -noshmem
- disable use of shared memory extension
- -shmem
- enable use of shared memory extension (default)
- -noshpix
- disable use of shared pixmaps
- -shpix
- enable use of shared pixmaps (default)
- -noignore
- don't ignore pointer and keyboard configuration changes mandated by
clients. As a result, configuration commands like disabling the keyboard
bell (xset -b) will also affect the real X server.
- -nokbreset
- don't reset keyboard device if the session is resumed
- -noxkblock
- this is only relevant if you also specify -keyboard=query. In that case
nxagent will lock the keyboard settings and clients will get an
error when trying to change keyboard settings via XKEYBOARD. With
-noxkblock the lock is not applied and clients are allowed to change the
keyboard settings through XKEYBOARD.
- -tile WxH
- maximum size of the tile used when sending an image to the remote display
(minimum allowed: 32x32). The default depends on the link type: 64x64 for
modem and isdn, 4096x4096 for all other link types)
- -irlimit
- maximum image data rate to the encoder input in kB/s. The default is no
limit.
- -D
- enable desktop mode (default)
- -R
- enable rootless mode
- -S
- enable shadow mode
- -B
- enable proxy binding mode
- -keystrokefile
- define path to a keyboard shortcut definitions file. Default is
~/.nx/keystrokes.cfg and /etc/nxagent/keystroke.cfg (first
existing file is taken). If nxagent is run as x2goagent the
defaults are ~/.x2go/keystrokes.cfg and
/etc/x2go/keystrokes.cfg nxagent knows about that are not
defined in this file are ignored. (Only) if no file is found built-in
defaults are used. The keystroke file can be re-read by a keystroke
(ctrl-alt-k by default). See README.keystrokes and
README.keystrokes.debug for all keystrokes nxagent knows. At
startup the active keystrokes are printed to the session output.
- -version
- show version information and exit
- -options
filepath|string
- path to an options file containing nx/nx options (see below). Instead of a
path the options can be specified diretly on the commandline by prefixing
the options strings with nx/nx, which is mostly useful for
testing/debugging.
In addition to the command line options, nxagent can be
configured at session startup and at runtime (i.e. when resuming a suspended
session) by so-called nx/nx options. The options file is read on startup. It
can be modified during runtime (but it must stay at the same path). On
re-connect the modified file is then read and the changed options are
applied.
As nx/nx options all options supported by nxcomp (see
nxproxy man page) and all nxagent nx/nx options (see below)
can be used. When launching an nxcomp based nxagent session (i.e.
proxy <-> agent), you will normally set the $DISPLAY variable like
this:
$ export DISPLAY=nx/nx,listen=<proxy-port>,options=<options.file>:<nx-display-port>
$ nxagent <command-line-options> :<nx-display-port>
The value for <nx-display-port> is some value of a
not-yet-used X11 display (e.g. :50).
Using an options file is recommended, but you can also put
available nx/nx options (see below) into the DISPLAY variable directly.
Note, that the $DISPLAY variable field is of limited length.
As <proxy-port> you can pick an arbitrary (unused) TCP port
or Unix socket file path. This is the port / socket that you have to connect
to with the nxproxy application.
The right hand side of an option (the part following the
"=" character) can include URL encoded characters. It is required
to URL encode at least "," (as %2D) and "=" (as %3D) to
avoid wrong parsing of the options string.
Available nxagent options (as an addition to nx/nx options
supported by nxcomp already):
- options=<string>
- read options from file, this text file can contain a single loooong line
with comma-separated nx/nx options
- rootless=<bool>
- start nxagent in rootless mode, matches -R given on the command
line, no-op when resuming (default: 0, disabled)
- geometry=<string>
- desktop geometry when starting or resuming a session, no-op in rootless
mode (default 66% of the underlying X server geometry). You can either
specify a standard X geometry string (WxH+X+Y) or allscreens for a
window covering all available screens or onescreen for a window covering
only one screen. For historical reasons fullscreen (as a synonym to
allscreens) is also accepted.
- fullscreen=<int>
- start or resume a session in fullscreen mode (default: 0, off).
Specify 1 for a fullscreen window covering all available screens or
2 for a fullscreen window covering only the first screen.
- resize=<bool>
- set resizing support (default: 1, enabled)
- keyboard=<string>
or kbtype=<string>
-
query|clone|<model>/<layout>|rmlvo/<rules>#<model>#<layout>#<variant>#<options>
- query
- use the default XKB keyboard layout (see below) and only allow clients to
query the settings but prevent any changes. query is especially
helpful for setups where you need to set/modify the actual keyboard layout
using core X protocol functions (e.g. via xmodmap). It is used for
MacOS X clients to handle some keyboard problems that are special for this
platform. Note that in this case XKEYBOARD will always report the default
layout which will most likely not match the experienced settings.
- clone
- ask the real X server for the keyboard settings using XKEYBOARD protocol
functions and clone them. This is the recommended setting. For
compatibility reasons it is not the default.
- <model>/<layout>
- use the given model and layout. A value of null/null is equivalent
to clone. You can not modify keyboard rules, variant or options
this way. Instead preset values are used. These are base for rules
and empty strings for variant and options.
- rmlvo/<rules>#<model>#<layout>#<variant>#<options>
- configure the keyboard according to the rmlvo
(Rules+Model+Layout+Variant+Options) description given after the / and
separated by #. This can be used to fully pass the keyboard configuration
of nxagent right after the start. Example:
rmlvo/base#pc105#de,us#nodeadkeys#lv3:rwin_switch
If keyboard is omitted the internal defaults of
nxagent will be used (rules: base, layout: us, model:
pc102, empty variant and options).
- keyconv=<string>
- set keycode conversion mode
auto|on|off
by default (auto) nxagent will activate keycode
conversion if it detects an evdev XKEYBOARD setup on the nxproxy
side (the standard on Linux systems nowadays). Keycode conversion means
that certain keycodes are mapped to make the keyboard appear as an pc105
model. Using off this conversion can be suppressed and with
on it will be forced.
- clipboard=<string>
-
both|client|server|none
- both
- Allow clipboard data exchange both from nxagent to real X server and
vice-versa. This is the default.
- client
- Limit clipboard data exchange to work only in one direction: from real X
server to nxagent. Clipboard will still work inside nxagent. This setting
effectively prevents data leakage from the nxagent session to the
outside.
- server
- Limit clipboard data exchange to work only in one direction: from nxagent
to real X server.
- none
- Disable any clipboard data exchange. Clipboard will still work inside the
nxagent and on the real X server, but no data exchange will be
possible.
- streaming=<bool>
- enable (set to 1) or disable (set to 0) streaming support
for images, not fully implemented yet and thus non-functional. (default:
disabled)
- backingstore=<bool>
- disable (set to 0) or enforce (set to 1) backing store
support (default: enforced). In rootless mode backingstore is always
disabled.
- composite=<bool>
- enable (set to 1) or disable (set to 0) Composite support in
nxagent (default: enabled)
- xinerama=<bool>
- enable (set to 1) or disable (set to 0) XINERAMA support in
nxagent (default: enabled)
- shmem=<bool>
- enable/disable using shared memory. Accepted values: 1 (enable,
default), 0 (disable)
- shpix=<bool>
- enable/disable shared pixmaps support. Accepted values: 1 (enable,
default), 0 (disable)
- client=<string>
- type of connecting operating system (supported: linux,
windows, solaris and macosx)
- clients=<string>
- filename where to log output of the nxagent's clients. This is ignored if
no session id has been provided. It then points to stderr. Default:
<sessiondir>/clients.
- shadow=<string>
- define the display that should be shadowed
- shadowuid=<int>
- unique identifier for the shadow session
- shadowmode=<bool>
- full access (set to 1) or viewing-only (set to 0,
default)
- state=<string>
- filename where to store the state of the nxagent (for easier
interoperation with software like x2go. Default: sessiondir/state.
- defer=<int>
- defer image updates (enabled for all connection types except LAN), accepts
values 0, 1 and 2
The default value can be set via the command line (-defer).
The value provided as nx/nx option is set when resuming a session, thus
it overrides the command line default.
The default depends on the link type (see man nxproxy).
Each defer level adds the following rules to the previous
ones:
- 0
- Eager encoding.
Default for link speed lan and local.
- 1
- No data is put or copied on pixmaps, marking them always as corrupted and
synchronizing them on demand, i.e. when a copy area to a window is
requested, the source is synchronized before copying it.
Default for link speed wan.
- 2
- The put images over the windows are skipped marking the destination as
corrupted. The same happens for copy area and composite operations,
spreading the corrupted regions of involved drawables.
Default for link speed adsl, isdn and
modem.
- tile=<string>
- set the maximum tile size in pixels (<W>x<H>) for
bitmap data sent over the wire
The default value can be set via the command line (-tile). The
value provided as nx/nx option is set when resuming a session, thus it
overrides the command line default.
- support pulldown menu in nxagent session (only available on proxy
<-> agent remote sessions) (default: 1, enabled)
- magicpixel=<bool>
- enable/disable magic pixel support in fullscreen mode (default: 1,
enabled)
- copysize=<int>
- Maximum number of bytes that can be pasted from an NX session into an
external application. Default is unlimited.
- autodpi=<bool>
- enable/disable deriving session DPI automatically from real server
(default: 0, disabled); only takes effect on session startups, gets
ignored when reconnecting to a suspended session
- sleep=<int>
- delay X server operations when suspended (provided in milliseconds), set
to 0 to keep nxagent session fully functional when suspended
(e.g. useful when mirroring an nxagent session via VNC). Graphic
intensive applications will be affected by this more than others. The
default is 50ms.
- tolerancechecks=<string>
-
strict|safe|risky|bypass
- strict
- means that the number of internal and external pixmap formats must match
exactly and every internal pixmap format must be available in the external
pixmap format array. This is the default.
- safe
- means that the number of pixmap formats might diverge, but all internal
pixmap formats must also be included in the external pixmap formats array.
This is recommended, because it allows clients with more pixmap formats to
still connect, but not lose functionality.
- risky
- means that the internal pixmap formats array is allowed to be smaller than
the external pixmap formats array, but at least one pixmap format must be
included in both. This is potentially unsafe.
- bypass
- means that all of these checks are essentially deactivated. This is a very
bad idea.
- autograb=<bool>
- enable or disable autograb (default: 0, disabled). Can be toggled
during session via keystroke.
If you want to use nxagent as a replacement for Xnest or
Xephyr you can pass options like this:
$ echo nx/nx,fullscreen=1$DISPLAY >/tmp/opt
$ nxagent <command-line-options> -options /tmp/opt :<nx-display-port>
X servers that support XDMCP have the following options. See the
X Display Manager Control Protocol specification for more
information.
- -query hostname
- enables XDMCP and sends Query packets to the specified
hostname.
- -broadcast
- enable XDMCP and broadcasts BroadcastQuery packets to the network. The
first responding display manager will be chosen for the session.
- -multicast
[address [hop count]]
- Enable XDMCP and multicast BroadcastQuery packets to the network. The
first responding display manager is chosen for the session. If an address
is specified, the multicast is sent to that address. If no address is
specified, the multicast is sent to the default XDMCP IPv6 multicast
group. If a hop count is specified, it is used as the maximum hop count
for the multicast. If no hop count is specified, the multicast is set to a
maximum of 1 hop, to prevent the multicast from being routed beyond the
local network.
- -indirect
hostname
- enables XDMCP and send IndirectQuery packets to the specified
hostname.
- -port
port-number
- uses the specified port-number for XDMCP packets, instead of the
default. This option must be specified before any -query, -broadcast,
-multicast, or -indirect options.
- -from
local-address
- specifies the local address to connect from (useful if the connecting host
has multiple network interfaces). The local-address may be
expressed in any form acceptable to the host platform's
gethostbyname(3) implementation.
- -once
- causes the server to terminate (rather than reset) when the XDMCP session
ends.
- -class
display-class
- XDMCP has an additional display qualifier used in resource lookup for
display-specific options. This option sets that value, by default it is
"MIT-Unspecified" (not a very useful value).
- -cookie
xdm-auth-bits
- When testing XDM-AUTHENTICATION-1, a private key is shared between the
server and the manager. This option sets the value of that private data
(not that it is very private, being on the command line!).
- -displayID
display-id
- Yet another XDMCP specific value, this one allows the display manager to
identify each display so that it can locate the shared key.
X servers that support the XKEYBOARD (a.k.a. "XKB")
extension accept the following options. All layout files specified on the
command line must be located in the XKB base directory or a subdirectory,
and specified as the relative path from the XKB base directory. The default
XKB base directory is /usr/share/X11/xkb.
- [+-]kb
- enables(+) or disables(-) the XKEYBOARD extension.
- [+-]accessx [ timeout [ timeout_mask [
feedback [ options_mask ] ] ] ]
- enables(+) or disables(-) AccessX key sequences.
- -xkbdir
directory
- base directory for keyboard layout files. This option is not available for
setuid X servers (i.e., when the X server's real and effective uids are
different).
- -ardelay
milliseconds
- sets the autorepeat delay (length of time in milliseconds that a key must
be depressed before autorepeat starts).
- -arinterval
milliseconds
- sets the autorepeat interval (length of time in milliseconds that should
elapse between autorepeat-generated keystrokes).
- -xkbmap
filename
- loads keyboard description in filename on server startup.
X servers that support the SECURITY extension accept the following
option:
- -sp
filename
- causes the server to attempt to read and interpret filename as a security
policy file with the format described below. The file is read at server
startup and reread at each server reset.
The syntax of the security policy file is as follows. Notation:
"*" means zero or more occurrences of the preceding element, and
"+" means one or more occurrences. To interpret <foo/bar>,
ignore the text after the /; it is used to distinguish between instances of
<foo> in the next section.
<policy file> ::= <version line> <other line>*
<version line> ::= <string/v> '\n'
<other line > ::= <comment> | <access rule> | <site policy> | <blank line>
<comment> ::= # <not newline>* '\n'
<blank line> ::= <space> '\n'
<site policy> ::= sitepolicy <string/sp> '\n'
<access rule> ::= property <property/ar> <window> <perms> '\n'
<property> ::= <string>
<window> ::= any | root | <required property>
<required property> ::= <property/rp> | <property with value>
<property with value> ::= <property/rpv> = <string/rv>
<perms> ::= [ <operation> | <action> | <space> ]*
<operation> ::= r | w | d
<action> ::= a | i | e
<string> ::= <dbl quoted string> | <single quoted string> | <unquoted string>
<dbl quoted string> ::= <space> " <not dqoute>* " <space>
<single quoted string> ::= <space> ' <not squote>* ' <space>
<unquoted string> ::= <space> <not space>+ <space>
<space> ::= [ ' ' | '\t' ]*
Character sets:
<not newline> ::= any character except '\n'
<not dqoute> ::= any character except "
<not squote> ::= any character except '
<not space> ::= any character except those in <space>
The semantics associated with the above syntax are as follows.
<version line>, the first line in the file, specifies the
file format version. If the server does not recognize the version
<string/v>, it ignores the rest of the file. The version string for
the file format described here is "version-1" .
Once past the <version line>, lines that do not match the
above syntax are ignored.
<comment> lines are ignored.
<sitepolicy> lines are currently ignored. They are intended
to specify the site policies used by the XC-QUERY-SECURITY-1 authorization
method.
<access rule> lines specify how the server should react to
untrusted client requests that affect the X Window property named
<property/ar>. The rest of this section describes the interpretation
of an <access rule>.
For an <access rule> to apply to a given instance of
<property/ar>, <property/ar> must be on a window that is in the
set of windows specified by <window>. If <window> is any, the
rule applies to <property/ar> on any window. If <window> is
root, the rule applies to <property/ar> only on root windows.
If <window> is <required property>, the following
apply. If <required property> is a <property/rp>, the rule
applies when the window also has that <property/rp>, regardless of its
value. If <required property> is a <property with value>,
<property/rpv> must also have the value specified by
<string/rv>. In this case, the property must have type STRING and
format 8, and should contain one or more null-terminated strings. If any of
the strings match <string/rv>, the rule applies.
The definition of string matching is simple case-sensitive string
comparison with one elaboration: the occurrence of the character '*' in
<string/rv> is a wildcard meaning "any string." A
<string/rv> can contain multiple wildcards anywhere in the string. For
example, "x*" matches strings that begin with x, "*x"
matches strings that end with x, "*x*" matches strings containing
x, and "x*y*" matches strings that start with x and subsequently
contain y.
There may be multiple <access rule> lines for a given
<property/ar>. The rules are tested in the order that they appear in
the file. The first rule that applies is used.
<perms> specify operations that untrusted clients may
attempt, and the actions that the server should take in response to those
operations.
<operation> can be r (read), w (write), or d (delete). The
following table shows how X Protocol property requests map to these
operations in The Open Group server implementation.
GetProperty r, or r and d if delete = True
ChangeProperty w
RotateProperties r and w
DeleteProperty d
ListProperties none, untrusted clients can always list all properties
<action> can be a (allow), i (ignore), or e (error). Allow
means execute the request as if it had been issued by a trusted client.
Ignore means treat the request as a no-op. In the case of GetProperty,
ignore means return an empty property value if the property exists,
regardless of its actual value. Error means do not execute the request and
return a BadAtom error with the atom set to the property name. Error is the
default action for all properties, including those not listed in the
security policy file.
An <action> applies to all <operation>s that follow
it, until the next <action> is encountered. Thus, irwad means ignore
read and write, allow delete.
GetProperty and RotateProperties may do multiple operations (r and
d, or r and w). If different actions apply to the operations, the most
severe action is applied to the whole request; there is no partial request
execution. The severity ordering is: allow < ignore < error. Thus, if
the <perms> for a property are ired (ignore read, error delete), and
an untrusted client attempts GetProperty on that property with delete =
True, an error is returned, but the property value is not. Similarly, if any
of the properties in a RotateProperties do not allow both read and write, an
error is returned without changing any property values.
Here is an example security policy file.
version-1
# Allow reading of application resources, but not writing.
property RESOURCE_MANAGER root ar iw
property SCREEN_RESOURCES root ar iw
# Ignore attempts to use cut buffers. Giving errors causes apps to crash,
# and allowing access may give away too much information.
property CUT_BUFFER0 root irw
property CUT_BUFFER1 root irw
property CUT_BUFFER2 root irw
property CUT_BUFFER3 root irw
property CUT_BUFFER4 root irw
property CUT_BUFFER5 root irw
property CUT_BUFFER6 root irw
property CUT_BUFFER7 root irw
# If you are using Motif, you probably want these.
property _MOTIF_DEFAULT_BINDINGS root ar iw
property _MOTIF_DRAG_WINDOW root ar iw
property _MOTIF_DRAG_TARGETS any ar iw
property _MOTIF_DRAG_ATOMS any ar iw
property _MOTIF_DRAG_ATOM_PAIRS any ar iw
# The next two rules let xwininfo -tree work when untrusted.
property WM_NAME any ar
# Allow read of WM_CLASS, but only for windows with WM_NAME.
# This might be more restrictive than necessary, but demonstrates
# the <required property> facility, and is also an attempt to
# say "top level windows only."
property WM_CLASS WM_NAME ar
# These next three let xlsclients work untrusted. Think carefully
# before including these; giving away the client machine name and command
# may be exposing too much.
property WM_STATE WM_NAME ar
property WM_CLIENT_MACHINE WM_NAME ar
property WM_COMMAND WM_NAME ar
# To let untrusted clients use the standard colormaps created by
# xstdcmap, include these lines.
property RGB_DEFAULT_MAP root ar
property RGB_BEST_MAP root ar
property RGB_RED_MAP root ar
property RGB_GREEN_MAP root ar
property RGB_BLUE_MAP root ar
property RGB_GRAY_MAP root ar
# To let untrusted clients use the color management database created
# by xcmsdb, include these lines.
property XDCCC_LINEAR_RGB_CORRECTION root ar
property XDCCC_LINEAR_RGB_MATRICES root ar
property XDCCC_GRAY_SCREENWHITEPOINT root ar
property XDCCC_GRAY_CORRECTION root ar
# To let untrusted clients use the overlay visuals that many vendors
# support, include this line.
property SERVER_OVERLAY_VISUALS root ar
# Dumb examples to show other capabilities.
# oddball property names and explicit specification of error conditions
property "property with spaces" 'property with "' aw er ed
# Allow deletion of Woo-Hoo if window also has property OhBoy with value
# ending in "son". Reads and writes will cause an error.
property Woo-Hoo OhBoy = "*son" ad
The X server supports client connections via a platform-dependent
subset of the following transport types: TCPIP, Unix Domain sockets and
several varieties of SVR4 local connections. See the DISPLAY NAMES section
of the X(__miscmansuffix__) manual page to learn how to specify which
transport type clients should try to use.
The X server implements a platform-dependent subset of the
following authorization protocols: MIT-MAGIC-COOKIE-1, XDM-AUTHORIZATION-1,
XDM-AUTHORIZATION-2, SUN-DES-1, and MIT-KERBEROS-5. See the
Xsecurity(__miscmansuffix__) manual page for information on the
operation of these protocols.
Authorization data required by the above protocols is passed to
the server in a private file named with the -auth command line
option. Each time the server is about to accept the first connection after a
reset (or when the server is starting), it reads this file. If this file
contains any authorization records, the local host is not automatically
allowed access to the server, and only clients which send one of the
authorization records contained in the file in the connection setup
information will be allowed access. See the Xau manual page for a
description of the binary format of this file. See xauth(1) for
maintenance of this file, and distribution of its contents to remote
hosts.
The X server also uses a host-based access control list for
deciding whether or not to accept connections from clients on a particular
machine. If no other authorization mechanism is being used, this list
initially consists of the host on which the server is running as well as any
machines listed in the file /etc/Xn.hosts, where
n is the display number of the server. Each line of the file should
contain either an Internet hostname (e.g. expo.lcs.mit.edu) or a complete
name in the format family:name as described in the
xhost(1) manual page. There should be no leading or trailing spaces
on any lines. For example:
joesworkstation
corporate.company.com
star::
inet:bigcpu
local:
Users can add or remove hosts from this list and enable or disable
access control using the xhost command from the same machine as the
server.
If the X FireWall Proxy (xfwp) is being used without a
sitepolicy, host-based authorization must be turned on for clients to be
able to connect to the X server via the xfwp. If xfwp is run
without a configuration file and thus no sitepolicy is defined, if
xfwp is using an X server where xhost + has been run to turn off
host-based authorization checks, when a client tries to connect to this X
server via xfwp, the X server will deny the connection. See
xfwp(1) for more information about this proxy.
The X protocol intrinsically does not have any notion of window
operation permissions or place any restrictions on what a client can do; if
a program can connect to a display, it has full run of the screen. X servers
that support the SECURITY extension fare better because clients can be
designated untrusted via the authorization they use to connect; see the
xauth(1) manual page for details. Restrictions are imposed on
untrusted clients that curtail the mischief they can do. See the SECURITY
extension specification for a complete list of these restrictions.
Sites that have better authentication and authorization systems
might wish to make use of the hooks in the libraries and the server to
provide additional security models.
The X server attaches special meaning to the following
signals:
- SIGHUP
- This signal causes the server to close all existing connections, free all
resources, and restore all defaults. It is sent by the display manager
whenever the main user's main application (usually an xterm or
window manager) exits to force the server to clean up and prepare for the
next user.
- SIGTERM
- This signal causes the server to exit cleanly.
- SIGUSR1
- This signal is used quite differently from either of the above. When the
server starts, it checks to see if it has inherited SIGUSR1 as SIG_IGN
instead of the usual SIG_DFL. In this case, the server sends a SIGUSR1 to
its parent process after it has set up the various connection schemes.
Xdm uses this feature to recognize when connecting to the server is
possible.
The X server can obtain fonts from directories and/or from font
servers. The list of directories and font servers the X server uses when
trying to open a font is controlled by the font path.
The default font path is __default_font_path__ .
The font path can be set with the -fp option or by
xset(1) after the server has started.
- /etc/Xn.hosts
- Initial access control list for display number n
- /usr/share/fonts/X11/misc,
-
/usr/share/fonts/X11/75dpi,
/usr/share/fonts/X11/100dpi Bitmap font directories
- /usr/share/fonts/X11/Type1
- Outline font directories
- /usr/share/nx/rgb
- Color database
- /tmp/.X11-unix/Xn
- Unix domain socket for display number n
- /tmp/rcXn
- Kerberos 5 replay cache for display number n
Protocols: X Window System Protocol, NX Compression
Protocol, The X Font Service Protocol, X Display Manager
Control Protocol
Fonts: bdftopcf(1), mkfontdir(1),
mkfontscale(1), xfs(1), xlsfonts(1),
xfontsel(1), xfd(1), X Logical Font Description
Conventions
Security: Xsecurity(__miscmansuffix__), xauth(1),
Xau(1), xdm(1), xhost(1), xfwp(1), Security
Extension Specification
Starting the server: xdm(1), xinit(1)
Controlling the server once started: xset(1),
xsetroot(1), xhost(1)
Server-specific man pages: Xdec(1), XmacII(1),
Xsun(1), Xnest(1), Xvfb(1), XFree86(1),
XDarwin(1).
Server internal documentation: Definition of the Porting Layer
for the X v11 Sample Server
The first sample X server was originally written by Susan
Angebranndt, Raymond Drewry, Philip Karlton, and Todd Newman, from Digital
Equipment Corporation, with support from a large cast. It has since been
extensively rewritten by Keith Packard and Bob Scheifler, from MIT. Dave
Wiggins took over post-R5 and made substantial improvements.
The first implementation of nx-X11 (version 1.x up to 3.5.x) was
written by NoMachine (maintained until 2011).
The current implementation of nx-X11 is maintained by various
projects, amongst others The Arctica Project, TheQVD (Qindel Group) and
X2Go.
This manual page was written by Per Hansen
<spamhans@yahoo.de>, and modified by Marcelo Boveto Shima
<marceloshima@gmail.com> and Mike Gabriel
<mike.gabriel@das-netzwerkteam.de>. In 2016, the original Xserver.man
page shipped with nx-X11 was merged into the nxagent man page and
received a major update by Mike Gabriel
<mike.gabriel@das-netzwerkteam.de>.