tigervnc.conf - configuration files for Virtual Network
Computing
$variable = "someValue";
$variable = "someValue";
$variable .= "someValue";
$variable = $var1 . $var2;
This man page describes the syntax and options of the three
configuration files loaded by tigervncserver(1), the free X server
for Virtual Network Computing (VNC). These configuration files can be
used to change the behavior of the server at startup time, although for all
values suitable inbuilt defaults are preset.
First, /etc/tigervnc/vncserver-config-defaults is read
specifying the system defaults. Then, tigervncserver(1) will proceed
and read $HOME/.vnc/tigervnc.conf, a file that can be changed on a
per-user base. The options in this file will override the system defaults.
Next, command-line options overwrite both the system defaults and the
settings in $HOME/.vnc/tigervnc.conf. Finally, the configuration file
/etc/tigervnc/vncserver-config-mandatory is parsed. If this file
exists and defines options to be passed to Xtigervnc, they will override any
of the same options defined in a user's $HOME/.vnc/tigervnc.conf as
well as options given via the command line. This file offers a mechanism to
establish some basic form of system-wide policy.
WARNING! There is nothing stopping users from constructing
their own start script that calls Xtigervnc directly to bypass any
options defined in /etc/tigervnc/vncserver-config-mandatory.
The system configuration file
/etc/tigervnc/vncserver-config-defaults should come with the Debian
package tigervnc-standalone-server. This file serves as an example for the
user file $HOME/.vnc/tigervnc.conf. The system configuration file is
pretty self-descriptive, and this document will mainly repeat the
information that already can be found there.
The file is in perl(1) syntax, although only variable
assignment is allowed for your safety and convenience. But there still a
variety of possibilities to set the string variables.
All variable names are prefixed by `$'. You can assign a string to
a variable using the `=' operator, and you can append a string to a variable
using the `.=' operator. You can concatenate two strings using the `.'
operator. You can substitute variables even inside quotes. You can access
the environment variables using the notation $ENV{VARIABLE}.
You can unset a variable by assigning undef to it. Use this
to return the state of the variable from `set' to `use default'.
You must end a line with a semicolon.
The options are given with their default value if this is
known.
- $fontPath = "<font_dir>,<font_dir>,..."
- Should be a comma separated list of fonts to be added to the font path. If
not specified, the default will apply.
- $PAMService = "tigervnc";
- This parameter specifies the PAM service used for plain password
authentication if one of the security types Plain, TLSPlain,
or X509Plain is used. If /etc/pam.d/vnc is not present, then
tigervncserver(1) expects to use the tigervnc PAM service to
authenticate the passwords of users when any of the *Plain security
types are used. Note that the tigervnc-common package provides the PAM
service configuration file /etc/pam.d/tigervnc. Otherwise, if
/etc/pam.d/vnc is present, then the vnc PAM service will be
used.
$sslAutoGenCertCommand = "openssl req
-newkey ec:/etc/tigervnc/openssl-ecparams.pem
-x509 -days 2190 -nodes";
The command specified by the
$sslAutoGenCertCommand parameter is used to auto generate the certificate
for the
-X509Cert and
-X509Key options of
Xtigervnc(1). The configuration for
openssl(1SSL) is
taken from
/etc/tigervnc/openssl.cnf where we substitute
@HostName@ by the fully qualified domain name of the host.
- $vncUserDir = "$ENV{HOME}/.vnc";
- Contains the filename for the log files directory of Xtigervnc (the
server) and the viewers that are connected to it.
- $vncPasswdFile = $vncUserDir . "/passwd";
- Contains the filename of the password file for Xtigervnc. This file is
only used for the security types VncAuth, TLSVnc, and
X509Vnc.
- $vncStartup = "/etc/X11/Xtigervnc-session";
- Points to a script that will be started at the very beginning when neither
$vncUserDir/Xtigervnc-session nor $vncUserDir/xstartup is
present. If $vncUserDir/Xtigervnc-session is present, it will be
used. Otherwise, we try $vncUserDir/xstartup. If this is
also absent, then we use the $vncStartup script. If
$vncStartup is specified in
$vncUserDir/tigervnc.conf, then this script is used
unconditionally. That is without checking for the presence of
$vncUserDir/Xtigervnc-session or
$vncUserDir/xstartup.
- $session = undef;
- This option can be used to control which X session type will be started.
This should match one of the files in /usr/share/xsessions. For
example, if there is a file called gnome.desktop, then $session
= "gnome" would start this X session. The command to start
the session is passed to the $vncStartup script. If this is not
specified, then /etc/X11/Xtigervnc-session will start the session
specified by /usr/bin/x-session-manager.
- $xauthorityFile = "$ENV{HOME}/.Xauthority";
- Specifies the path to the X authority file that should be used by your
Xtigervnc server.
- $desktopName = "${HOSTFQDN}:nn ($ENV{LOGNAME})";
- Should be set to the default name of the desktop. This can be changed at
the command line with -desktop.
- $geometry = "<width>x<height>";
- This sets the framebuffer width & height to be used by the
Xtigervnc server. On default, 1920x1200 is used. A values
for this option as well as the $depth and $pixelformat
options can be derived if the tigervncserver(1) is run in a X
session – either $ENV{DISPLAY} or the session given by
$getDefaultFrom – with the -xdisplaydefaults option. The
geometry can also be changed at the commandline with the -geometry
option. Otherwise, the fixed defaults given here as well as in the
following two configuration parameter documentations will be used.
- $depth = "32";
- This sets the framebuffer color depth, i.e., the number of bits per pixel
to use. It must be either 16, 24, or 32.
- $pixelformat = "rgb888";
- Specifies the pixel format for the Xtigervnc(1) server to use
(BGRnnn or RGBnnn). The default for depth 16 is RGB565 (meaning the most
significant five bits represent red, the next six green, and the least
significant five represent blue) and for depth 24 and 32 is RGB888.
- $wmDecoration = "8x64";
- Sets the adjustment of $geometry to accommodate the window
decoration used by the X11 window manager. This is used to fully display
the VNC desktop even if the VNC viewer is not in full screen mode.
- $getDefaultFrom
- This option lets you set the display from which you can query the default
of the above three options, if you don't want to start tigervncserver from
within a running X server. It will be added to the call of xdpyinfo. It is
useful to get the default from the X server you will run xtigervncviewer
in, because the data has not to be recalculated then.
$getDefaultFrom = "-display localhost:0";
is an example how to do this.
- $scrapingGeometry = "<width>x<height>+<xoffset>+<yoffset>";
- is only used by the scraping TigerVNC server. It specifies the screen area
that will be shown to VNC clients, e.g., 640x480+320+240. The
format is
<width>x<height>+<xoffset>+<yoffset>, where
`+' signs can be replaced with `-' signs to specify offsets from the right
and/or from the bottom of the screen. Offsets are optional, +0+0 is
assumed by default (top left corner). If the variable is not defined, full
screen is shown to VNC clients (this is the default).
- $localhost = "yes";
- Should the TigerVNC server only listen on localhost for incoming TigerVNC
connections. This is useful if you use SSH and want to stop non-SSH
connections from any other hosts. Hence,
$localhost = "yes" is the default if
security types are not specified. In this case, only the security type
VncAuth will be offered. If the security types are specified,
either via the option -SecurityTypes given to
tigervncserver(1) or via the $SecurityTypes configuration
parameter in /etc/tigervnc/vncserver-config-defaults or in
$HOME/.vnc/tigervnc.conf, then the default depends on the specified
security types. The default will be
$localhost = "no" if the specified
security types contain at least one of the TLS* or X509*
secutity types and also contain none of the *None security types.
As always, the defaults can be overwritten on the commandline via the
-localhost option or via the $localhost configuration
parameter in /etc/tigervnc/vncserver-config-defaults or in
$HOME/.vnc/tigervnc.conf.
- $SecurityTypes = "VncAuth"
- The $SecurityTypes parameter contains a comma separated list of the
default security types the Xtigervnc server will offer. Available security
types are None, VncAuth, Plain, TLSNone,
TLSVnc, TLSPlain, X509None, X509Vnc and
X509Plain. The *None security types do not offer any kind of
user authentication for connecting VNC sessions. Hence, combining a
*None security type and
$localhost = "no" is a very bad
idea. The TLS* and X509* security types do enforce SSL
encryption for data transmission. Hence, combining a TLS* or
X509* security type and
$localhost = "yes" is a senseless
idea. Thus, in the case of
$localhost = "no", the default for
$SecurityTypes will be extended from VncAuth to
VncAuth,TLSVnc.
- $PlainUsers = "$ENV{LOGNAME}"
- The $PlainUsers configuration parameter contains a comma separated
list of users that are authorized to access the VNC server if the security
types Plain, TLSPlain, or X509Plain are used to
establish the connection. The password for these users are check by the
system via the PAM service specified via the $PAMService
configuration variable or the -PAMService option. On default, only
the user starting the tigervncserver is contained in the list. By
specifying *, any user can authenticate using this security
type.
- $X509Cert and $X509Key
These two options contain the filenames for a certificate
and its key that is used for the security types
X509None,
X509Vnc, and
X509Plain. If nothing is specified – the
default case – then a self-signed certificate is auto-generated by
tigervncserver(1) and stored in
$HOME/.vnc/${HOSTFQDN}-SrvCert.pem and
$HOME/.vnc/${HOSTFQDN}-SrvKey.pem, respectively. If filenames are given
for
$X509Cert and
$X509Key either here or on the commandline via
-X509Cert and
-X509Key options, then the auto generation is
disabled and the user has to take care that usable certificates are
present.
- /etc/tigervnc/vncserver-config-defaults
- The global configuration file specifying the defaults for
tigervncserver and x0tigervncserver.
- ~/.vnc/tigervnc.conf
- The user's tigervnc.conf configuration file. To be compatible with
the upstream provided wrapper scripts, we will fall back to trying to load
configuration from ~/.vnc/config if tigervnc.conf is not
present. Note that ~/.vnc/config uses key=value lines as
configuration syntax.
- /etc/tigervnc/vncserver-config-mandatory
- If this file exists and defines options, they will override any of the
same options defined in a user's tigervnc.conf file or ones given
on the command line of the wrapper scripts tigervncserver and
x0tigervncserver. This file offers a mechanism to establish some
basic form of system-wide policy.
WARNING! There is nothing stopping users from constructing
their own wrapper script that calls Xtigervnc or X0tigervnc
directly to bypass any options defined in the
/etc/tigervnc/vncserver-config-mandatory configuration file.
2022 - Modified for TigerVNC 1.12.0 by Joachim Falk
(Joachim.Falk@gmx.de) 2021 - Modified for TigerVNC 1.11.0 by Joachim Falk
(Joachim.Falk@gmx.de) 2016 - Modified for TigerVNC 1.7 by Joachim Falk
(Joachim.Falk@gmx.de) 2006 - Modified for vnc 4.1.2 by Joachim Falk
(Joachim.Falk@gmx.de) 1998 - Originally written by Marcus Brinkmann
(Marcus.Brinkmann@ruhr-uni-bochum.de) for the Debian GNU/Linux
Distribution.