Ubuntu Manpage: x0tigervncserver - start or stop a TigerVNC scraping server

Provided by: tigervnc-scraping-server_1.12.0+dfsg-4ubuntu0.22.04.1_amd64

NAME

       x0tigervncserver - start or stop a TigerVNC scraping server

SYNOPSIS

       x0tigervncserver [:display#|-display :display#] [-rfbport rfbport#] [-localhost [yes|no]] [-SecurityTypes
       sec-types]   [-PasswordFile|-rfbauth   passwd-file]   [-PlainUsers  user-list]  [-PAMService|-pam_service
       service-name] [-X509Key  cert-key-file]  [-X509Cert  cert-file]  [-fg]  [-useold]  [-verbose]  [-dry-run]
       [-Geometry <width>x<height>[{+,-}<xoffset>{+,-}<yoffset>]] [X0tigervnc options...]
       x0tigervncserver -kill [{:display#,:*}|-display {:display#,:*}] [-rfbport rfbport#] [-dry-run] [-verbose]
       [-clean]
       x0tigervncserver -list [{:display#,:*}|-display {:display#,:*}] [-rfbport rfbport#] [-cleanstale]
       x0tigervncserver -version

DESCRIPTION

       The  x0tigervncserver  wrapper  script  is  used  to  start the X0tigervnc server that makes an X display
       remotely accessible via VNC (Virtual Network Computing). Unlike Xtigervnc, this server does not create  a
       virtual  display.  Instead,  it  just  shares  an existing X server (typically, that one connected to the
       physical screen). The XDamage extension will be used if the existing X  server  supports  it.  Otherwise,
       X0tigervnc will fall back to polling the screen for changes.

       As  usual,  the  VNC  desktop  can  be  connected to with the xtigervncviewer VNC viewer or any other VNC
       viewer. For details, see the xtigervncviewer(1) man page or execute "xtigervncviewer -help".

       System defaults for this wrapper  script  are  found  in  /etc/tigervnc/vncserver-config-defaults.  These
       defaults can be overwritten by the user defaults given in ~/.vnc/tigervnc.conf (see the tigervnc.conf(5x)
       man  page).  Next,  command-line  options  overwrite  the  settings in both tigervnc configuration files.
       Finally, options from /etc/tigervnc/vncserver-config-mandatory have the highest priority overwriting  all
       previous settings.

       WARNING! There is nothing stopping users from constructing their own wrapper script that calls X0tigervnc
       directly  to  bypass  any  options  defined in the /etc/tigervnc/vncserver-config-mandatory configuration
       file.

OPTIONS

You can get a list of options by giving -h as an option to x0tigervncserver. In addition to the options
listed below, any unrecognized options will be passed to X0tigervnc – see the X0tigervnc(1) man page or
"X0tigervnc -help" for details.

:display#|-display :display#
Specifies the X11 display to be shared by the X0tigervnc server.

-rfbport rfbport#
Specifies the TCP port on which X0tigervnc listens for connections from viewers (the protocol used
in VNC is called RFB – "remote framebuffer"). The default is 5900 plus the display number
display#.

-localhost [yes|no]
Should the TigerVNC server only listen on localhost for incoming TigerVNC connections. Useful if
you use SSH and want to stop non-SSH connections from any other hosts. If the option is not
specified, then the behavior is as follows: We will only listen on localhost if the sec-types list
does not contain any TLS* or X509* security types or if the list contains at least one *None
security type. Otherwise, we will listen on all network addresses of the machine.

-SecurityTypes sec-types
Specify which security scheme to use for incoming connections. Valid values are a comma separated
list of None, VncAuth, Plain, TLSNone, TLSVnc, TLSPlain, X509None, X509Vnc, and X509Plain. Default
is VncAuth if -localhost is not given and VncAuth,TLSVnc if -localhost no is given.

-PasswordFile passwd-file | -rfbauth passwd-file
Specifies the file containing the password used to authenticate viewers for the security types
VncAuth, TLSVnc, and X509Vnc. The passwd-file is accessed each time a connection comes in, so it
can be changed on the fly via tigervncpasswd(1). The default password file is ~/.vnc/passwd.

-PlainUsers user-list
A comma separated list of user names that are allowed to authenticate via any of the *Plain
security types (i.e., Plain, TLSPlain, etc.). Specify * to allow any user to authenticate using
this security type. Default is to only allow the user that has started the x0tigervncserver
wrapper script.

-PAMService service-name | -pam_service service-name
PAM service name to use when authenticating users using any of the *Plain security types. Default
is vnc if /etc/pam.d/vnc is present and tigervnc otherwise. The tigervnc-common package ships the
/etc/pam.d/tigervnc PAM service configuration for use by x0tigervncserver.

-X509Cert cert-path and -X509Key key-path
Path to a X509 certificate in PEM format to be used for all X509 based security types (i.e.,
X509None, X509Vnc, etc.) as well as its private key also in PEM format. If the certificate and its
key are not provided via the -X509Cert and -X509Key command-line options or their corresponding
configuration parameters in /etc/tigervnc/vncserver-config-defaults, ~/.vnc/tigervnc.conf, or
/etc/tigervnc/vncserver-config-mandatory, then the x0tigervncserver wrapper script auto generates
a self signed certificate. The auto generated self signed certificates are stored in the files
~/.vnc/host-SrvCert.pem and ~/.vnc/host-SrvKey.pem.

-fg Runs the X0tigervnc server as a foreground process. Thus, the server can be aborted with CTRL-C.

-useold
Only start a new TigerVNC server if a VNC server for your account is not already running on the
requested display number display# and RFB port rfbport#. If no display number is requested, a new
TigerVNC server will only be started if there is no TigerVNC server running under your user
account. In any case, information about the newly started TigerVNC server or the reused TigerVNC
server session will be printed.

-verbose
This will turn on some debug output.

-dry-run
Do not actually do anything, but only perform the checks if the requested action would be
possible. For example, there will be checks performed for the availability of the requested
display number display#.

-Geometry <width>x<height>[{+,-}<xoffset>{+,-}<yoffset>]
Specifies the screen area that will be shown to VNC clients, e.g., 640x480+320+240. The format is
<width>x<height>+<xoffset>+<yoffset>, where `+' signs can be replaced with `-' signs to specify
offsets from the right and/or from the bottom of the screen. Offsets are optional, +0+0 is assumed
by default (top left corner). If the argument is empty, full screen is shown to VNC clients (this
is the default).

-kill [ :{display#,*} | -display :{display#,*} ] [ -rfbport rfbport# ]
This kills a TigerVNC server previously started with x0tigervncserver or tigervncserver. It does
this by killing the VNC server process, whose process ID is stored in the file
~/.vnc/host:rfbport#.pid. If :* is given, then x0tigervncserver tries to kill all VNC server
processes with pidfiles in ~/.vnc on the local machine. If no display number is given, then
x0tigervncserver tries to kill the VNC server process of the user on the local machine if only one
such process is running and has a pidfile in ~/.vnc.

-clean If given with -kill, then the logfile ~/.vnc/host:rfbport#.log is also removed.

-list [ :{display#,*} | -display :{display#,*} ] [ -rfbport rfbport# ]
This lists all running TigerVNC servers previously started with x0tigervncserver or
tigervncserver. Stale entries are marked with (stale) in the output.

-cleanstale
If given with -list, then stale entries – resulting from missed cleanups of pidfiles in ~/.vnc as
well as stale X11 locks and sockets in /tmp due to Xtigervnc or X0tigervnc server crashes – are
cleaned up and not shown in the output of -list.

FILES

Several TigerVNC-related files are found in the ~/.vnc directory:

~/.vnc/tigervnc.conf
The user configuration file for x0tigervncserver.

~/.vnc/passwd
The TigerVNC password file for the security types VncAuth, TLSVnc, and X509Vnc.

~/.vnc/<host>:<rfbport#>.log
The log file for the VNC server.

~/.vnc/<host>:<rfbport#>.pid
Identifies the VNC server process ID, used by the -kill option.

~/.vnc/<host>-SrvCert.pem and <host>-SrvKey.pem
The security types X509None, X509Vnc, and X509Plain need a certificate and the corresponding
private key. If these are not provided via the -X509Cert and -X509Key command-line options or
their corresponding configuration parameters in /etc/tigervnc/vncserver-config-defaults,
~/.vnc/tigervnc.conf, or /etc/tigervnc/vncserver-config-mandatory, then the x0tigervncserver
wrapper script auto generates a self signed certificate for the -X509Cert and -X509Key options of
the VNC server. The auto generated self signed certificates are stored in the above given two
files. If the user wants their own certificate – instead of the on demand auto generated one –
they can either specify it via the -X509Cert and -X509Key options to the x0tigervncserver wrapper
script or replace the auto generated files ~/.vnc/host-SrvCert.pem and ~/.vnc/host-SrvKey.pem.
These files will not be overwritten once generated by the x0tigervncserver wrapper script.

Furthermore, there are global configuration files for x0tigervncserver in the /etc/tigervnc directory:

/etc/tigervnc/vncserver-config-defaults
The global configuration file specifying the defaults for x0tigervncserver.

/etc/tigervnc/vncserver-config-mandatory
If this file exists and defines options to be passed to X0tigervnc, they will override any of the
same options defined in a user's tigervnc.conf file or ones given on the command line of this
wrapper script. This file offers a mechanism to establish some basic form of system-wide policy.

WARNING! There is nothing stopping users from constructing their own wrapper script that calls
X0tigervnc directly to bypass any options defined in the /etc/tigervnc/vncserver-config-mandatory
configuration file.

AUTHOR