Pavel Roskin
8 years ago
parent
ae5bb5bf9c
commit
0d7f2d2802
@ -1,206 +1,225 @@
|
|||||||
.\"
|
.\"
|
||||||
.TH "sesman.ini" "5" "0.1.0" "xrdp team" ""
|
.TH "sesman.ini" "5" "0.1.0" "xrdp team" ""
|
||||||
.SH "NAME"
|
.SH "NAME"
|
||||||
\fBsesman.ini\fR \- Configuration file for \fBsesman\fR(8)
|
\fBsesman.ini\fR \- Configuration file for \fBxrdp-sesman\fR(8)
|
||||||
|
|
||||||
.SH "DESCRIPTION"
|
.SH "DESCRIPTION"
|
||||||
This is the man page for \fBsesman.ini\fR, \fBsesman\fR(8) configuration file.
|
\fBsesman.ini\fR consists of several sections. Each section starts with
|
||||||
It is composed by a number of sections, each one composed by a section name, enclosed by square brackets, folowed by a list of \fI<parameter>\fR=\fI<value>\fR lines.
|
the section name in square brackets, followed by a list of
|
||||||
|
\fIparameter\fR=\fIvalue\fR lines. Following sections are recognized:
|
||||||
|
|
||||||
\fBsesman.ini\fR supports the following sections:
|
.TP
|
||||||
|
\fB[Globals]\fR
|
||||||
|
Global configuration
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fB[Globals]\fR \- sesman global configuration section,
|
\fB[Logging]\fR
|
||||||
|
Logging subsystem
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fB[Logging]\fR \- logging subsystem parameters
|
\fB[Sessions]\fR
|
||||||
|
Session management
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fB[Security]\fR \- Access control parameters
|
\fB[Security]\fR
|
||||||
|
Access control
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fB[Sessions]\fR \- Session management parameters
|
\fB[X11rdp]\fR, \fB[Xvnc]\fR, \fB[Xorg]\fR
|
||||||
|
X11 server settings for supported servers
|
||||||
|
|
||||||
.LP
|
.TP
|
||||||
All options and values (except for file names and paths) are case insensitive, and are described in detail below.
|
\fB[Chansrv]\fR
|
||||||
|
Settings for xrdp-chansrv(8)
|
||||||
|
|
||||||
.LP
|
.TP
|
||||||
For any of the following parameter, if it's specified more than one time the last entry encountered will be used.
|
\fB[SessionVariables]\fR
|
||||||
|
Environment variables for the session
|
||||||
|
|
||||||
\fBNOTE\fR: if any of these options is specified outside its section, it will be \fIignored\fR.
|
.LP
|
||||||
|
All parameters and values (except for file names and paths) are case
|
||||||
|
insensitive, and are described in detail below. If any parameter is
|
||||||
|
specified more than once, the last entry will be used. Options specified
|
||||||
|
outside their proper section will be \fIignored\fR.
|
||||||
|
|
||||||
.SH "GLOBALS"
|
.SH "GLOBALS"
|
||||||
The options to be specified in the \fB[globals]\fR section are the following:
|
Following parameters can be used in the \fB[Globals]\fR section.
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fBListenAddress\fR=\fIip address\fR
|
\fBListenAddress\fR=\fIip address\fR
|
||||||
Specifies sesman listening address. Default is 0.0.0.0 (all interfaces)
|
xrdp-sesman listening address. Default is 0.0.0.0 (all interfaces).
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fBListenPort\fR=\fIport number\fR
|
\fBListenPort\fR=\fIport number\fR
|
||||||
Specifies sesman listening port. Default is 3350
|
xrdp-sesman listening port. Default is 3350.
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fBEnableUserWindowManager\fR=\fI[0|1]\fR
|
\fBEnableUserWindowManager\fR=\fI[0|1]\fR
|
||||||
If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables user specific window manager, that is, anyone can define it's own script executed by sesman when starting a new session, specified by \fBUserWindowManager\fR
|
If set to \fB1\fR, \fBtrue\fR or \fByes\fR, this option enables user
|
||||||
|
specific startup script. That is, xrdp-sesman will execute the script
|
||||||
|
specified by \fBUserWindowManager\fR if it exists.
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fBUserWindowManager\fR=\fIstartwm.sh\fR
|
\fBUserWindowManager\fR=\fIfilename\fR
|
||||||
This option specifies the script run by sesman when starting a session and per\-user window manager is enabled.
|
Name of the startup script relative to the user's home directory. If
|
||||||
.br
|
present and enabled by \fBEnableUserWindowManager\fR, that script is
|
||||||
The path is relative to user's HOME directory
|
executed instead of \fBDefaultWindowManager\fR.
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fBDefaultWindowManager\fR=\fI${SESMAN_BIN_DIR}/startwm.sh\fR
|
\fBDefaultWindowManager\fR=\fIfilename\fR
|
||||||
This contains full path to the default window manager startup script used by sesman to start a session
|
Full path to the default startup script used by xrdp-sesman to start a
|
||||||
|
session if the user script is disabled or missing.
|
||||||
|
|
||||||
.SH "LOGGING"
|
.SH "LOGGING"
|
||||||
The following parameters can be used in the \fB[logging]\fR section:
|
Following parameters can be used in the \fB[Logging]\fR section.
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fBLogFile\fR=\fI${SESMAN_LOG_DIR}/sesman.log\fR
|
\fBLogFile\fR=\fIfilename\fR
|
||||||
This options contains the path to logfile. It can be either absolute or relative, and the default is \fI${SESMAN_LOG_DIR}/sesman.log\fR
|
Log file path. It can be either absolute or relative. The default is
|
||||||
|
\fI./sesman.log\fR
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fBLogLevel\fR=\fIlevel\fR
|
\fBLogLevel\fR=\fIlevel\fR
|
||||||
This option can have one of the following values:
|
This option can have one of the following values:
|
||||||
|
|
||||||
\fBCORE\fR or \fB0\fR \- Log only core messages. these messages are _always_ logged, regardless the logging level selected.
|
\fBCORE\fR or \fB0\fR \- Log only core messages. Those messages are
|
||||||
|
logged \fIregardless\fR of the selected logging level.
|
||||||
|
|
||||||
\fBERROR\fR or \fB1\fR \- Log only error messages
|
\fBERROR\fR or \fB1\fR \- Log only error messages.
|
||||||
|
|
||||||
\fBWARNING\fR, \fBWARN\fR or \fB2\fR \- Logs warnings and error messages
|
\fBWARNING\fR, \fBWARN\fR or \fB2\fR \- Logs warnings and error messages.
|
||||||
|
|
||||||
\fBINFO\fR or \fB3\fR \- Logs errors, warnings and informational messages
|
\fBINFO\fR or \fB3\fR \- Log errors, warnings and informational messages.
|
||||||
|
|
||||||
\fBDEBUG\fR or \fB4\fR \- Log everything. If \fBsesman\fR is compiled in debug mode, this options will output many more low\-level message, useful for developers
|
\fBDEBUG\fR or \fB4\fR \- Log everything. If xrdp-sesman is compiled in
|
||||||
|
debug mode, this options will output many more low\-level messages.
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fBEnableSyslog\fR=\fI[0|1]\fR
|
\fBEnableSyslog\fR=\fI[0|1]\fR
|
||||||
If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables logging to syslog. Otherwise syslog is disabled.
|
If set to \fB1\fR, \fBtrue\fR or \fByes\fR, this option enables logging to
|
||||||
|
syslog.
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fBSyslogLevel\fR=\fIlevel\fR
|
\fBSyslogLevel\fR=\fIlevel\fR
|
||||||
This option sets the logging level for syslog. It can have the same values of \fBLogLevel\fR. If \fBSyslogLevel\fR is greater than \fBLogLevel\fR, its value is lowered to that of \fBLogLevel\fR.
|
Logging level for syslog. It can have the same values as \fBLogLevel\fR.
|
||||||
|
If \fBSyslogLevel\fR and \fBLogLevel\fR differ, the least verbose setting
|
||||||
|
takes effect for syslog.
|
||||||
|
|
||||||
.SH "SESSIONS"
|
.SH "SESSIONS"
|
||||||
The following parameters can be used in the \fB[Sessions]\fR section:
|
Following parameters can be used in the \fB[Sessions]\fR section.
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fBX11DisplayOffset\fR=\fI<number>\fR
|
\fBX11DisplayOffset\fR=\fInumber\fR
|
||||||
Specifies the first X display number available for \fBsesman\fP(8). This prevents sesman from interfering with real X11 servers. The default is 10.
|
The first X display number available for xrdp-sesman. This prevents
|
||||||
|
xrdp-sesman from interfering with real X11 servers. The default is 10.
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fBMaxSessions\fR=\fI<number>\fR
|
\fBMaxSessions\fR=\fInumber\fR
|
||||||
Sets the maximum number of simultaneous session on terminal server.
|
Sets the maximum number of simultaneous sessions. If not set or set to
|
||||||
.br
|
\fI0\fR, unlimited session are allowed.
|
||||||
If unset or set to \fI0\fR, unlimited session are allowed.
|
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fBKillDisconnected\fR=\fI[0|1]\fR
|
\fBKillDisconnected\fR=\fI[0|1]\fR
|
||||||
If set to \fB1\fR, \fBtrue\fR or \fByes\fR, every session will be killed within 60 seconds when the user disconnects.
|
If set to \fB1\fR, \fBtrue\fR or \fByes\fR, every session will be killed
|
||||||
.br
|
within 60 seconds after the user disconnects.
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fBIdleTimeLimit\fR=\fI<number>\fR
|
\fBIdleTimeLimit\fR=\fInumber\fR
|
||||||
Sets the the time limit before an idle session is disconnected.
|
\fI\This option is currently ignored!\fR Time limit before an idle
|
||||||
.br
|
session is disconnected. If set to \fI0\fR, automatic disconnection is
|
||||||
If set to \fI0\fR, automatic disconnection is disabled.
|
disabled.
|
||||||
.br
|
|
||||||
\fI\-this option is currently ignored!\-\fR
|
.TP
|
||||||
|
\fBDisconnectedTimeLimit\fR=\fInumber\fR
|
||||||
.TP
|
Sets the time limit (in seconds) before a disconnected session is killed.
|
||||||
\fBDisconnectedTimeLimit\fR=\fI<number>\fR
|
|
||||||
Sets the time(in seconds) limit before a disconnected session is killed.
|
|
||||||
.br
|
|
||||||
If set to \fI0\fR, automatic killing is disabled.
|
If set to \fI0\fR, automatic killing is disabled.
|
||||||
.br
|
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fBPolicy\fR=\fI[Default|UBD|UBI|UBC|UBDI|UBDC]\fR
|
\fBPolicy\fR=\fI[Default|UBD|UBI|UBC|UBDI|UBDC]\fR
|
||||||
Session allocation policy. By Default, a new session is created
|
Session allocation policy. By default, a new session is created
|
||||||
for the combination <User,BitPerPixel> when using Xrdp, and
|
for the combination <User,BitPerPixel> when using Xrdp, and
|
||||||
for the combination <User,BitPerPixel,DisplaySize> when using Xvnc.
|
for the combination <User,BitPerPixel,DisplaySize> when using Xvnc.
|
||||||
This behaviour can be changed by setting session policy to:
|
This behavior can be changed by setting session policy to:
|
||||||
.br
|
.br
|
||||||
|
|
||||||
.br
|
.br
|
||||||
\fBUBD\fR - session per <User,BitPerPixel,DisplaySize>
|
\fBUBD\fR - session per <User,BitPerPixel,DisplaySize>
|
||||||
.br
|
.br
|
||||||
\fBUBI\fR - session per <User,BitPerPixel,IPAddr>
|
\fBUBI\fR - session per <User,BitPerPixel,IPAddr>
|
||||||
.br
|
.br
|
||||||
\fBUBC\fR - session per <User,BitPerPixel,Connection>
|
\fBUBC\fR - session per <User,BitPerPixel,Connection>
|
||||||
.br
|
.br
|
||||||
\fBUBDI\fR - session per <User,BitPerPixel,DisplaySize,IPAddr>
|
\fBUBDI\fR - session per <User,BitPerPixel,DisplaySize,IPAddr>
|
||||||
.br
|
.br
|
||||||
\fBUBDC\fR - session per <User,BitPerPixel,DisplaySize,Connection>
|
\fBUBDC\fR - session per <User,BitPerPixel,DisplaySize,Connection>
|
||||||
.br
|
.br
|
||||||
|
|
||||||
.br
|
.br
|
||||||
Note that the criteria <User,BitPerPixel> can not be turned off
|
Note that the \fBUser\fR and \fBBitPerPixel\fR criteria cannot be turned
|
||||||
and <DisplaySize> will always be checkt when for Xvnc connections.
|
off. For Xvnc connections, \fBDisplaySize\fR is always enabled as well.
|
||||||
.br
|
.br
|
||||||
|
|
||||||
.SH "SECURITY"
|
.SH "SECURITY"
|
||||||
The following parameters can be used in the \fB[Sessions]\fR section:
|
Following parameters can be used in the \fB[Security]\fR section.
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fBAllowRootLogin\fR=\fI[0|1]\fR
|
\fBAllowRootLogin\fR=\fI[0|1]\fR
|
||||||
If set to \fB1\fR, \fBtrue\fR or \fByes\fR enables root login on the terminal server
|
If set to \fB1\fR, \fBtrue\fR or \fByes\fR, enables root login on the
|
||||||
|
terminal server.
|
||||||
.TP
|
|
||||||
\fBMaxLoginRetry\fR=\fI[0|1]\fR
|
.TP
|
||||||
The number of login attempts that are allowed on terminal server. If set to \fI0\fR, unlimited attempts are allowed. The default value for this field is \fI3\fR.
|
\fBMaxLoginRetry\fR=\fInumber\fR
|
||||||
|
The number of login attempts that are allowed on terminal server. If set
|
||||||
.TP
|
to \fI0\fR, unlimited attempts are allowed. The default value for this
|
||||||
\fBTerminalServerUsers\fR=\fItsusers\fR
|
field is \fI3\fR.
|
||||||
Only the users belonging to the group \fItsusers\fR are allowed to login on terminal server.
|
|
||||||
.br
|
.TP
|
||||||
If unset or set to an invalid or non\-existent group, login for all users is enabled.
|
\fBTerminalServerUsers\fR=\fIgroup\fR
|
||||||
|
Only the users belonging to the specified group are allowed to login on
|
||||||
.TP
|
terminal server. If unset or set to an invalid or non\-existent group,
|
||||||
\fBTerminalServerAdmins\fR=\fItsadmins\fR
|
login for all users is enabled.
|
||||||
Sets the group which a user shall belong to have session management rights.
|
|
||||||
.br
|
.TP
|
||||||
\fI\-this option is currently ignored!\-\fR
|
\fBTerminalServerAdmins\fR=\fIgroup\fR
|
||||||
|
\fIThis option is currently ignored!\fR Only members of this group can
|
||||||
.SH "EXAMPLES"
|
have session management rights.
|
||||||
This is an example \fBsesman.ini\fR:
|
|
||||||
|
.TP
|
||||||
.nf
|
\fBAlwaysGroupCheck\fR=\fI[0|1]\fR
|
||||||
[Globals]
|
If set to \fB1\fR, \fBtrue\fR or \fByes\fR, require group membership even
|
||||||
ListenAddress=127.0.0.1
|
if the group specified in \fBTerminalServerUsers\fR doesn't exist.
|
||||||
ListenPort=3350
|
|
||||||
EnableUserWindowManager=1
|
.SH "X11 SERVER"
|
||||||
UserWindowManager=startwm.sh
|
Following parameters can be used in the \fB[X11rdp]\fR, \fB[Xvnc]\fR and
|
||||||
DefaultWindowManager=startwm.sh
|
\fB[Xorg]\fR sections.
|
||||||
|
|
||||||
[Logging]
|
.TP
|
||||||
LogFile=/usr/local/xrdp/sesman.log
|
\fBparam0\fR=\fIfilename\fR
|
||||||
LogLevel=DEBUG
|
Path to the X11 server executable
|
||||||
EnableSyslog=0
|
|
||||||
SyslogLevel=DEBUG
|
.TP
|
||||||
|
\fBparam\fR\fIN\fR=\fIstring\fR
|
||||||
[Sessions]
|
Nth command line argument
|
||||||
MaxSessions=10
|
|
||||||
KillDisconnected=0
|
.SH "CHANSRV"
|
||||||
IdleTimeLimit=0
|
Following parameters can be used in the \fB[Chansrv]\fR section.
|
||||||
DisconnectedTimeLimit=0
|
|
||||||
|
.TP
|
||||||
[Security]
|
\fBFuseMountName\fR=\fIstring\fR
|
||||||
AllowRootLogin=1
|
Directory for drive redirection, relative to the user home directory.
|
||||||
MaxLoginRetry=3
|
Created if it doesn't exist. Defaults to \fIxrdp_client\fR
|
||||||
TerminalServerUsers=tsusers
|
|
||||||
TerminalServerAdmins=tsadmins
|
.SH "SESSIONS VARIABLES"
|
||||||
.fi
|
All entries it the \fB[SessionVariables]\fR section are set as
|
||||||
|
environment variables in the user's session.
|
||||||
|
|
||||||
.SH "FILES"
|
.SH "FILES"
|
||||||
${SESMAN_CFG_DIR}/sesman.ini
|
/etc/xrdp/sesman.ini
|
||||||
|
|
||||||
.SH "SEE ALSO"
|
.SH "SEE ALSO"
|
||||||
.BR sesman (8),
|
.BR xrdp-sesman (8),
|
||||||
.BR sesrun (8),
|
.BR xrdp-sesrun (8),
|
||||||
.BR xrdp (8),
|
.BR xrdp (8),
|
||||||
.BR xrdp.ini (5)
|
.BR xrdp.ini (5)
|
||||||
|
|
||||||
for more info on \fBxrdp\fR see http://xrdp.sf.net
|
For more info on \fBxrdp\fR see http://xrdp.sf.net
|
||||||
|
|||||||
Loading…
Reference in new issue