|
|
|
.\"
|
|
|
|
.TH "sesman.ini" "5" "0.1.0" "xrdp team" ""
|
|
|
|
.SH "NAME"
|
|
|
|
\fBsesman.ini\fR \- Configuration file for \fBxrdp-sesman\fR(8)
|
|
|
|
|
|
|
|
.SH "DESCRIPTION"
|
|
|
|
\fBsesman.ini\fR consists of several sections. Each section starts with
|
|
|
|
the section name in square brackets, followed by a list of
|
|
|
|
\fIparameter\fR=\fIvalue\fR lines. Following sections are recognized:
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fB[Globals]\fR
|
|
|
|
Global configuration
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fB[Logging]\fR
|
|
|
|
Logging subsystem
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fB[Sessions]\fR
|
|
|
|
Session management
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fB[Security]\fR
|
|
|
|
Access control
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fB[X11rdp]\fR, \fB[Xvnc]\fR, \fB[Xorg]\fR
|
|
|
|
X11 server settings for supported servers
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fB[Chansrv]\fR
|
|
|
|
Settings for xrdp-chansrv(8)
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fB[SessionVariables]\fR
|
|
|
|
Environment variables for the session
|
|
|
|
|
|
|
|
.LP
|
|
|
|
All parameters and values (except for file names and paths) are case
|
|
|
|
insensitive, and are described in detail below. If any parameter is
|
|
|
|
specified more than once, the last entry will be used. Options specified
|
|
|
|
outside their proper section will be \fIignored\fR.
|
|
|
|
|
|
|
|
.SH "GLOBALS"
|
|
|
|
Following parameters can be used in the \fB[Globals]\fR section.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBListenAddress\fR=\fIip address\fR
|
|
|
|
xrdp-sesman listening address. Default is 0.0.0.0 (all interfaces).
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBListenPort\fR=\fIport number\fR
|
|
|
|
xrdp-sesman listening port. Default is 3350.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBEnableUserWindowManager\fR=\fI[0|1]\fR
|
|
|
|
If set to \fB1\fR, \fBtrue\fR or \fByes\fR, this option enables user
|
|
|
|
specific startup script. That is, xrdp-sesman will execute the script
|
|
|
|
specified by \fBUserWindowManager\fR if it exists.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBUserWindowManager\fR=\fIfilename\fR
|
|
|
|
Name of the startup script relative to the user's home directory. If
|
|
|
|
present and enabled by \fBEnableUserWindowManager\fR, that script is
|
|
|
|
executed instead of \fBDefaultWindowManager\fR.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBDefaultWindowManager\fR=\fIfilename\fR
|
|
|
|
Full path to the default startup script used by xrdp-sesman to start a
|
|
|
|
session if the user script is disabled or missing.
|
|
|
|
|
|
|
|
.SH "LOGGING"
|
|
|
|
Following parameters can be used in the \fB[Logging]\fR section.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBLogFile\fR=\fIfilename\fR
|
|
|
|
Log file path. It can be either absolute or relative. The default is
|
|
|
|
\fI./sesman.log\fR
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBLogLevel\fR=\fIlevel\fR
|
|
|
|
This option can have one of the following values:
|
|
|
|
|
|
|
|
\fBCORE\fR or \fB0\fR \- Log only core messages. Those messages are
|
|
|
|
logged \fIregardless\fR of the selected logging level.
|
|
|
|
|
|
|
|
\fBERROR\fR or \fB1\fR \- Log only error messages.
|
|
|
|
|
|
|
|
\fBWARNING\fR, \fBWARN\fR or \fB2\fR \- Logs warnings and error messages.
|
|
|
|
|
|
|
|
\fBINFO\fR or \fB3\fR \- Log errors, warnings and informational messages.
|
|
|
|
|
|
|
|
\fBDEBUG\fR or \fB4\fR \- Log everything. If xrdp-sesman is compiled in
|
|
|
|
debug mode, this options will output many more low\-level messages.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBEnableSyslog\fR=\fI[0|1]\fR
|
|
|
|
If set to \fB1\fR, \fBtrue\fR or \fByes\fR, this option enables logging to
|
|
|
|
syslog.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBSyslogLevel\fR=\fIlevel\fR
|
|
|
|
Logging level for syslog. It can have the same values as \fBLogLevel\fR.
|
|
|
|
If \fBSyslogLevel\fR and \fBLogLevel\fR differ, the least verbose setting
|
|
|
|
takes effect for syslog.
|
|
|
|
|
|
|
|
.SH "SESSIONS"
|
|
|
|
Following parameters can be used in the \fB[Sessions]\fR section.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBX11DisplayOffset\fR=\fInumber\fR
|
|
|
|
The first X display number available for xrdp-sesman. This prevents
|
|
|
|
xrdp-sesman from interfering with real X11 servers. The default is 10.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBMaxSessions\fR=\fInumber\fR
|
|
|
|
Sets the maximum number of simultaneous sessions. If not set or set to
|
|
|
|
\fI0\fR, unlimited session are allowed.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBKillDisconnected\fR=\fI[0|1]\fR
|
|
|
|
If set to \fB1\fR, \fBtrue\fR or \fByes\fR, every session will be killed
|
|
|
|
within 60 seconds after the user disconnects.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBIdleTimeLimit\fR=\fInumber\fR
|
|
|
|
\fI\This option is currently ignored!\fR Time limit before an idle
|
|
|
|
session is disconnected. If set to \fI0\fR, automatic disconnection is
|
|
|
|
disabled.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBDisconnectedTimeLimit\fR=\fInumber\fR
|
|
|
|
Sets the time limit (in seconds) before a disconnected session is killed.
|
|
|
|
If set to \fI0\fR, automatic killing is disabled.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBPolicy\fR=\fI[Default|UBD|UBI|UBC|UBDI|UBDC]\fR
|
|
|
|
Session allocation policy. By default, a new session is created
|
|
|
|
for the combination <User,BitPerPixel> when using Xrdp, and
|
|
|
|
for the combination <User,BitPerPixel,DisplaySize> when using Xvnc.
|
|
|
|
This behavior can be changed by setting session policy to:
|
|
|
|
.br
|
|
|
|
|
|
|
|
.br
|
|
|
|
\fBUBD\fR - session per <User,BitPerPixel,DisplaySize>
|
|
|
|
.br
|
|
|
|
\fBUBI\fR - session per <User,BitPerPixel,IPAddr>
|
|
|
|
.br
|
|
|
|
\fBUBC\fR - session per <User,BitPerPixel,Connection>
|
|
|
|
.br
|
|
|
|
\fBUBDI\fR - session per <User,BitPerPixel,DisplaySize,IPAddr>
|
|
|
|
.br
|
|
|
|
\fBUBDC\fR - session per <User,BitPerPixel,DisplaySize,Connection>
|
|
|
|
.br
|
|
|
|
|
|
|
|
.br
|
|
|
|
Note that the \fBUser\fR and \fBBitPerPixel\fR criteria cannot be turned
|
|
|
|
off. For Xvnc connections, \fBDisplaySize\fR is always enabled as well.
|
|
|
|
.br
|
|
|
|
|
|
|
|
.SH "SECURITY"
|
|
|
|
Following parameters can be used in the \fB[Security]\fR section.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBAllowRootLogin\fR=\fI[0|1]\fR
|
|
|
|
If set to \fB1\fR, \fBtrue\fR or \fByes\fR, enables root login on the
|
|
|
|
terminal server.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBMaxLoginRetry\fR=\fInumber\fR
|
|
|
|
The number of login attempts that are allowed on terminal server. If set
|
|
|
|
to \fI0\fR, unlimited attempts are allowed. The default value for this
|
|
|
|
field is \fI3\fR.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBTerminalServerUsers\fR=\fIgroup\fR
|
|
|
|
Only the users belonging to the specified group are allowed to login on
|
|
|
|
terminal server. If unset or set to an invalid or non\-existent group,
|
|
|
|
login for all users is enabled.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBTerminalServerAdmins\fR=\fIgroup\fR
|
|
|
|
\fIThis option is currently ignored!\fR Only members of this group can
|
|
|
|
have session management rights.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBAlwaysGroupCheck\fR=\fI[0|1]\fR
|
|
|
|
If set to \fB1\fR, \fBtrue\fR or \fByes\fR, require group membership even
|
|
|
|
if the group specified in \fBTerminalServerUsers\fR doesn't exist.
|
|
|
|
|
|
|
|
.SH "X11 SERVER"
|
|
|
|
Following parameters can be used in the \fB[X11rdp]\fR, \fB[Xvnc]\fR and
|
|
|
|
\fB[Xorg]\fR sections.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBparam0\fR=\fIfilename\fR
|
|
|
|
Path to the X11 server executable
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBparam\fR\fIN\fR=\fIstring\fR
|
|
|
|
Nth command line argument
|
|
|
|
|
|
|
|
.SH "CHANSRV"
|
|
|
|
Following parameters can be used in the \fB[Chansrv]\fR section.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
\fBFuseMountName\fR=\fIstring\fR
|
|
|
|
Directory for drive redirection, relative to the user home directory.
|
|
|
|
Created if it doesn't exist. Defaults to \fIxrdp_client\fR
|
|
|
|
|
|
|
|
.SH "SESSIONS VARIABLES"
|
|
|
|
All entries it the \fB[SessionVariables]\fR section are set as
|
|
|
|
environment variables in the user's session.
|
|
|
|
|
|
|
|
.SH "FILES"
|
|
|
|
/etc/xrdp/sesman.ini
|
|
|
|
|
|
|
|
.SH "SEE ALSO"
|
|
|
|
.BR xrdp-sesman (8),
|
|
|
|
.BR xrdp-sesrun (8),
|
|
|
|
.BR xrdp (8),
|
|
|
|
.BR xrdp.ini (5)
|
|
|
|
|
|
|
|
For more info on \fBxrdp\fR see http://www.xrdp.org/
|