Provided by: nxagent_3.5.99.27-1.1build2_amd64 bug

NAME

       nxagent - nested Xserver optimized for remote computing

SYNOPSIS

       nxagent [options]

DESCRIPTION

       nxagent is an X server for remote application/desktop access similar to Xnest or Xephyr.

       nxagent  implements  a  very  efficient  compression  of  the  X11 protocol, called the NX
       protocol.

       The NX protocol increases performance when using X applications over high latency and  low
       bandwidth networks, while providing a local (LAN-like) usage experience even if connecting
       from off-site locations (via cable modem or GSM).

       nxagent can be used standalone as a nested X server (with NX protocol disabled),  but  its
       real  benefits are gained when using it over remote connections via the nxcomp compression
       library. The counterpart application on the other end (i.e. the client) is called nxproxy.

       When used in proxy <-> agent mode, nxagent adds the feature of being suspendible. Sessions
       can  be  started  from  one  client, suspended and then resumed from another (or the same)
       client.

       nxagent and nxproxy are utilized by  various  remote  application/desktop  frameworks  for
       providing server-side GUI application access from remote client systems.

       Currently,  nxagent  is  co-maintained  by  three  of these projects: The Arctica Project,
       TheQVD and X2Go.

STARTING THE SERVER

       nxagent should be run in user space. Other than the system's local X.org  server,  nxagent
       does not require to be run as root.  When bundled with a remote application framework, you
       normally don't have to launch nxagent manually. nxagent startup is usually managed by  the
       underlying framework (e.g. Arctica Session Manager, X2Go Server, etc.).

       When  nxagent  starts  up  (e.g.  by  typing  'nxagent  -ac  :1' in a terminal window), it
       typically launches in "windowed desktop" mode. On your local X server a new window appears
       being an X server itself.

       However,  nxagent  also  supports  rootless  (or  seamless)  application mode and a shadow
       session mode (similar to what VNC does).

       Example: You can launch a complete desktop session inside this nested X server now:

       The Debian way...

           $ export DISPLAY=:1
           $ STARTUP=mate-session /etc/X11/Xsession

       The Fedora / Gentoo / openSUSE way...

           ### FIXME / TODO ###

       However, nxagent also supports rootless  (or  seamless)  application  mode  and  a  shadow
       session mode (similar to what VNC does).

OPTIONS

       nxagent  accepts  a  range  of  default X server options as described below. Those default
       options have to be provided via the command line.

       Furthermore, nxagent accepts some nx-X11 specific options, described further below.

       Last but not least, nxagent accepts several more options,  the  so-called  nx/nx  options,
       provided  via  the  $DISPLAY environment variable or the -options command line option. See
       below for further details.

STANDARD XSERVER OPTIONS

       :displaynumber
               The X server runs as the given displaynumber, which by default is 0.  If  multiple
               X  servers  are  to  run simultaneously on a host, each must have a unique display
               number.  See the DISPLAY NAMES section of the X(__miscmansuffix__) manual page  to
               learn how to specify which display number clients should try to use.

       -a number
               sets  pointer acceleration (i.e. the ratio of how much is reported to how much the
               user actually moved the pointer).

       -ac     disables host-based access control mechanisms.  Enables access by  any  host,  and
               permits  any  host  to  modify the access control list.  Use with extreme caution.
               This option exists primarily for running test suites remotely.

       -audit level
               sets the audit trail level.  The default  level  is  1,  meaning  only  connection
               rejections  are reported.  Level 2 additionally reports all successful connections
               and disconnects.  Level  4  enables  messages  from  the  SECURITY  extension,  if
               present,  including  generation and revocation of authorizations and violations of
               the security policy.  Level 0 turns off the audit trail.  Audit lines are sent  as
               standard error output.

       -auth authorization-file
               specifies  a  file  which  contains  a collection of authorization records used to
               authenticate access.  See also the xdm(1) and Xsecurity(__miscmansuffix__)  manual
               pages.

       -bs     disables backing store support on all screens.

       -br     sets the default root window to solid black (default).

       -wr     sets the default root window to solid white.

       -c      turns off key-click.

       c volume
               sets key-click volume (allowable range: 0-100).

       -cc class
               sets the visual class for the root window of color screens.  The class numbers are
               as specified in the X protocol.  Not obeyed by all servers.

       -co filename
               This used to be the option for specifying the path to the RGB color database file.
               As  the  RGB  color  database  is  now embedded into the binary this option has no
               effect but is kept for compatibility. Deprecated.

       -core   causes the server to generate a core dump on fatal errors.

       -displayfd fd
               specifies a file descriptor in the launching process.  Rather  than  specifying  a
               display number, the X server will attempt to listen on successively higher display
               numbers, and upon finding a free one, will write the port number back on this file
               descriptor  as  a newline-terminated string.  The -pn option is ignored when using
               -displayfd.

               nxagent specific:

               (1) Other than in X.org's Xserver, you can use -displayfd in conjunction  with  an
               explicit  display  number.  If the explicit display number is not available (i.e.,
               already in use), nxagent tries to figure out the next available display number,

               e.g.:

                  nxagent -displayfd 2 :50

               (2) If -displayfd <X> is given with <X> equaling  2  (STDERR),  then  the  display
               number  string  written to STDERR is beautified with some human-readable (machine-
               parseable) text.

       -sync   This option tells nxagent to synchronize its window and graphics  operations  with
               the  real  server.   This  is a useful option for debugging, but it will slow down
               nxagent's performance considerably.  It  should  not  be  used  unless  absolutely
               necessary.

       -full   This  option tells nxagent to utilize full regeneration of real server objects and
               reopen a new connection to the real server each  time  nxagent  regenerates.   The
               sample  server  implementation regenerates all objects in the server when the last
               client of this server terminates.  When this happens, nxagent by default maintains
               the  same  top-level  window  and  the  same  real  server  connection in each new
               generation.  If the user selects full regeneration, even the top-level window  and
               the connection to the real server will be regenerated for each server generation.

       -class string
               This  option  specifies  the  default  visual  class  of the nested server.  It is
               similar to the -cc option from the set of standard options  except  that  it  will
               accept  a  string  rather  than  a number for the visual class specification.  The
               string  must  be  one  of  the  following  six  values:   StaticGray,   GrayScale,
               StaticColor,  PseudoColor,  TrueColor, or DirectColor.  If both the -class and -cc
               options are specified, the last instance of either option takes  precedence.   The
               class of the default visual of the nested server need not be the same as the class
               of the default visual of the real server, but it must be  supported  by  the  real
               server.   Use  xdpyinfo(__appmansuffix__)  to  obtain  a  list of supported visual
               classes on the real server before starting nxagent.  If the user chooses a  static
               class,  all the colors in the default color map will be preallocated.  If the user
               chooses a dynamic class, colors in the default color  map  will  be  available  to
               individual clients for allocation.

       -deferglyphs whichfonts
               specifies  the  types of fonts for which the server should attempt to use deferred
               glyph loading.  whichfonts can be all (all fonts), none (no fonts), or 16 (16  bit
               fonts only).

       -depth int
               This option specifies the default visual depth of the nested server.  The depth of
               the default visual of the nested server need not be the same as the depth  of  the
               default  visual  of  the real server, but it must be supported by the real server.
               Use xdpyinfo(__appmansuffix__) to obtain a list of supported visual depths on  the
               real server before starting nxagent.

       -geometry WxH+X+Y
               This  option  specifies  the geometry parameters for the top-level nxagent window.
               See “GEOMETRY SPECIFICATIONS” in X(__miscmansuffix__)  for  a  discusson  of  this
               option's syntax.  This window corresponds to the root window of the nested server.
               The width W and height H specified with this option will be the maximum width  and
               height  of each top-level nxagent window.  nxagent will allow the user to make any
               top-level window smaller, but it will not actually change the size of  the  nested
               server  root window.  If this option is not specified, nxagent will choose W and H
               to be 3/4ths the dimensions of the root window of the  real  server.  For  further
               values accepted see the documentation of geometry=<string> below.

       -dpi resolution
               sets  the  resolution  for  all  screens,  in dots per inch. If this option is not
               specified nxagent will assume 96. There's also -autodpi which will clone the  real
               server's  dpi.  Note  that  the  resolution  specified  via  -dpi is a per session
               setting. It cannot be changed on reconnect!  This  means  that  clients  may  look
               "wrong"  when  reconnecting  a  session that had been started with a different dpi
               than the current real xserver.

       dpms    enables DPMS (display power management services), where  supported.   The  default
               state is platform and configuration specific.

       -dpms   disables  DPMS (display power management services).  The default state is platform
               and configuration specific.

       -f volume
               sets feep (bell) volume (allowable range: 0-100).

       -fc cursorFont
               sets default cursor font.

       -fn font
               sets the default font.

       -fp fontPath
               sets the search  path  for  fonts.   This  path  is  a  comma  separated  list  of
               directories which the X server searches for font databases.  See the FONTS section
               of this manual page for more information and the default list.

       -help   prints a usage message.

       -I      causes all remaining command line arguments to be ignored.

       -maxbigreqsize size
               sets the maximum big request to size MB.

       -name string
               This option specifies the name of the top-level nxagent  window  as  string.   The
               default value is the program name.

       -nolisten trans-type
               disables  a  transport type.  For example, TCP/IP connections can be disabled with
               -nolisten tcp.  This option may be issued multiple times to disable  listening  to
               different transport types.

       -noreset
               prevents a server reset when the last client connection is closed.  This overrides
               a previous -terminate command line option.

       -p minutes
               sets screen-saver pattern cycle time in minutes.

       -pn     permits the server to continue running if it fails to establish all of  its  well-
               known sockets (connection points for clients), but establishes at least one.  This
               option is set by default.

       -nopn   causes the server to exit if it fails to establish all of its  well-known  sockets
               (connection points for clients).

       -r      turns off auto-repeat.

       r       turns on auto-repeat.

       -s minutes
               sets screen-saver timeout time in minutes.

       -su     disables save under support on all screens.

       -t number
               sets  pointer acceleration threshold in pixels (i.e. after how many pixels pointer
               acceleration should take effect).

       -terminate
               causes the server to terminate at server reset,  instead  of  continuing  to  run.
               This overrides a previous -noreset command line option.

       -to seconds
               sets default connection timeout in seconds.

       -tst    disables all testing extensions.

       v       sets video-off screen-saver preference.

       -v      sets video-on screen-saver preference.

       -wm     forces  the  default  backing-store  of  all  windows to be WhenMapped.  This is a
               backdoor way of getting backing-store to  apply  to  all  windows.   Although  all
               mapped windows will have backing store, the backing store attribute value reported
               by the server for a window will be the last value established by a client.  If  it
               has  never  been  set  by  a  client,  the  server  will report the default value,
               NotUseful.  This behavior is required by the X protocol, which allows  the  server
               to  exceed  the  client's backing store expectations but does not provide a way to
               tell the client that it is doing so.

       [+-]xinerama
               enables(+) or disables(-) XINERAMA provided via the PanoramiX extension.  This  is
               set to off by default.

       [+-]rrxinerama
               enables(+)  or  disables(-) XINERAMA provided via the RandR extension. By default,
               this feature is enabled. To disable XINERAMA completely, make  sure  to  use  both
               options (-xinerama and -rrxinerama) on the command line.

SERVER DEPENDENT OPTIONS

       nxagent additionally accepts the following non-standard options:

       -logo   turns on the X Window System logo display in the screen-saver.  There is currently
               no way to change this from a client.

       nologo  turns off the X  Window  System  logo  display  in  the  screen-saver.   There  is
               currently no way to change this from a client.

       -render

               default|mono|gray|color

               sets the color allocation policy that will be used by the render extension.

               default selects the default policy defined for the display depth of the X server.

               mono    don't use any color cell.

               gray    use a gray map of 13 color cells for the X render extension.

               color   use a color cube of at most 4*4*4 colors (that is 64 color cells).

       -dumbSched
               disables smart scheduling on platforms that support the smart scheduler.

       -schedInterval interval
               sets the smart scheduler's scheduling interval to interval milliseconds.

NXAGENT SPECIFIC OPTIONS

       The nx-X11 system adds the following command line arguments:

       -forcenx
               force use of NX protocol messages assuming communication through nxproxy

       -id string
               The session id.

       -autograb
               enable  autograb  mode on nxagent startup. The autograb feature can be toggled via
               nxagent keystrokes

       -textclipboard
               force   text-only   clipboard   nxagent   startup.   See   option   file    option
               textclipboard=<bool> for an explanation.

       -nxrealwindowprop
               set  property  NX_REAL_WINDOW  for  each  X11 client inside nxagent, providing the
               window XID of the corresponding window object on the X server that nxagent runs on

       -reportwids
               explicitly tell nxagent to report its externally exposed X11  window  IDs  to  the
               session  log  (in machine readable form), so that external parsers can obtain that
               information from there

       -reportprivatewids
               explicitly tell nxagent to report X11 window  IDs  of  internally  created  window
               objects  to  the  session log (in machine readable form), so that external parsers
               can obtain that information from there; this creates  a  lot  of  output  and  may
               affect performance

       -timeout int
               auto-disconnect  timeout  in  seconds  (minimum  allowed:  60).  Default  is 0 (no
               timeout).

       -norootlessexit
               don't exit if there are no clients in rootless mode

       -autodpi
               detect real server's DPI and set it in the agent session; the -dpi cmdline  option
               overrides -autodpi.  Note that using -autodpi will also adapt the DPI on reconnect
               which will cause newly started clients respecting the new DPI while  clients  that
               had  been  started  before  the  reconnect still use the old DPI. This may lead to
               applications looking "weird".

       -nomagicpixel
               disable magic pixel support at session startup, can be re-enabled via nx/nx option
               on session resumption

       -norender
               disable the use of the render extension

       -nocomposite/-composite
               disable/enable the use of the composite extension (default ist disabled)

       -nopersistent
               disable  disconnection/reconnection  to  the  X  display on SIGHUP. Non-persistent
               sessions will terminate on SIGHUP.

       -noshmem
               disable use of shared memory extension

       -shmem  enable use of shared memory extension (default)

       -noshpix
               disable use of shared pixmaps

       -shpix  enable use of shared pixmaps (default)

       -noignore
               don't ignore pointer and keyboard configuration changes mandated by clients. As  a
               result,  configuration  commands  like  disabling the keyboard bell (xset -b) will
               also affect the real X server.

       -nokbreset
               don't reset keyboard device if the session is resumed

       -noxkblock
               this is only relevant if you also specify -keyboard=query. In  that  case  nxagent
               will  lock  the  keyboard  settings  and  clients will get an error when trying to
               change keyboard settings via XKEYBOARD. With -noxkblock the lock  is  not  applied
               and clients are allowed to change the keyboard settings through XKEYBOARD.

       -tile WxH
               maximum size of the tile used when sending an image to the remote display (minimum
               allowed: 32x32). The default depends on the link type: 64x64 for modem  and  isdn,
               4096x4096 for all other link types)

       -irlimit
               maximum image data rate to the encoder input in kB/s. The default is no limit.

       -D      enable desktop mode (default)

       -R      enable rootless mode

       -S      enable shadow mode

       -B      enable proxy binding mode

       -keystrokefile
               define    path   to   a   keyboard   shortcut   definitions   file.   Default   is
               ~/.nx/keystrokes.cfg  and  /etc/nxagent/keystroke.cfg  (first  existing  file   is
               taken). If nxagent is run as x2goagent the defaults are ~/.x2go/keystrokes.cfg and
               /etc/x2go/keystrokes.cfg Any keystrokes nxagent knows about that are  not  defined
               in  this  file are ignored. (Only) if no file is found built-in defaults are used.
               The keystroke file can be re-read by a keystroke  (ctrl-alt-k  by  default).   See
               README.keystrokes and README.keystrokes.debug for all keystrokes nxagent knows. At
               startup the active keystrokes are printed to the session output.

       -version
               show version information and exit

       -options filepath|string
               path to an options file containing nx/nx options (see below). Instead  of  a  path
               the  options  can be specified diretly on the commandline by prefixing the options
               strings with nx/nx, which is mostly useful for testing/debugging.

       In addition to the command line options, nxagent can be configured at session startup  and
       at  runtime  (i.e.  when  resuming  a  suspended  session) by so-called nx/nx options. The
       options file is read on startup. It can be modified during runtime (but it  must  stay  at
       the  same  path). On re-connect the modified file is then read and the changed options are
       applied.

       As nx/nx options all options supported by nxcomp (see nxproxy man page)  and  all  nxagent
       nx/nx  options  (see  below)  can be used.  When launching an nxcomp based nxagent session
       (i.e. proxy <-> agent), you will normally set the $DISPLAY variable like this:

         $ export DISPLAY=nx/nx,listen=<proxy-port>,options=<options.file>:<nx-display-port>
         $ nxagent <command-line-options> :<nx-display-port>

       The value for <nx-display-port> is some value of a not-yet-used X11 display (e.g. :50).

       Using an options file is recommended, but you can also put available  nx/nx  options  (see
       below)  into  the  DISPLAY variable directly. Note, that the $DISPLAY variable field is of
       limited length.

       As <proxy-port> you can pick an arbitrary (unused) TCP port or Unix socket file path. This
       is the port / socket that you have to connect to with the nxproxy application.

       The  right  hand  side of an option (the part following the "=" character) can include URL
       encoded characters. It is required to URL encode at least "," (as %2D) and "=" (as %3D) to
       avoid wrong parsing of the options string.

       Available nxagent options (as an addition to nx/nx options supported by nxcomp already):

       options=<string>
               read  options  from  file,  this  text file can contain a single loooong line with
               comma-separated nx/nx options

       rootless=<bool>
               start nxagent in rootless mode, matches -R given on the command line,  no-op  when
               resuming (default: 0, disabled)

       geometry=<string>
               desktop  geometry  when  starting  or  resuming  a session, no-op in rootless mode
               (default 66% of the underlying X  server  geometry).  You  can  either  specify  a
               standard  X  geometry  string  (WxH+X+Y)  or  allscreens for a window covering all
               available screens or  onescreen  for  a  window  covering  only  one  screen.  For
               historical reasons fullscreen (as a synonym to allscreens) is also accepted.

       fullscreen=<int>
               start  or  resume  a session in fullscreen mode (default: 0, off). Specify 1 for a
               fullscreen window covering all available screens or  2  for  a  fullscreen  window
               covering only the first screen.

       resize=<bool>
               set resizing support (default: 1, enabled)

       keyboard=<string> or kbtype=<string>

               query|clone|<model>/<layout>|rmlvo/<rules>#<model>#<layout>#<variant>#<options>

               query   use  the default XKB keyboard layout (see below) and only allow clients to
                       query the settings but prevent any changes. query  is  especially  helpful
                       for  setups  where you need to set/modify the actual keyboard layout using
                       core X protocol functions (e.g. via xmodmap).  It  is  used  for  MacOS  X
                       clients  to  handle  some  keyboard  problems  that  are  special for this
                       platform.  Note that in this case XKEYBOARD will always report the default
                       layout which will most likely not match the experienced settings.

               clone   ask  the  real X server for the keyboard settings using XKEYBOARD protocol
                       functions  and  clone  them.  This  is  the   recommended   setting.   For
                       compatibility reasons it is not the default.

               <model>/<layout>
                       use  the  given  model  and  layout. A value of null/null is equivalent to
                       clone. You can not modify keyboard rules, variant  or  options  this  way.
                       Instead preset values are used. These are base for rules and empty strings
                       for variant and options.

               rmlvo/<rules>#<model>#<layout>#<variant>#<options>
                       configure     the      keyboard      according      to      the      rmlvo
                       (Rules+Model+Layout+Variant+Options)  description  given  after  the / and
                       separated by #. This can be used to fully pass the keyboard  configuration
                       of       nxagent       right      after      the      start.      Example:
                       rmlvo/base#pc105#de,us#nodeadkeys#lv3:rwin_switch

              If keyboard is omitted the internal defaults of nxagent will be used (rules:  base,
              layout: us, model: pc102, empty variant and options).

       keyconv=<string>
               set keycode conversion mode

               auto|on|off

               by  default (auto) nxagent will activate keycode conversion if it detects an evdev
               XKEYBOARD setup on the nxproxy side (the  standard  on  Linux  systems  nowadays).
               Keycode  conversion  means  that  certain keycodes are mapped to make the keyboard
               appear as an pc105 model. Using off this conversion can be suppressed and with  on
               it will be forced.

       clipboard=<string>

               both|client|server|none

               both    Allow clipboard data exchange both from nxagent to real X server and vice-
                       versa. This is the default.

               client  Limit clipboard data exchange to work only in one direction: from  real  X
                       server to nxagent.  Clipboard will still work inside nxagent. This setting
                       effectively prevents data leakage from the nxagent session to the outside.

               server  Limit clipboard data exchange to work only in one direction: from  nxagent
                       to real X server.

               none    Disable  any clipboard data exchange. Clipboard will still work inside the
                       nxagent and on the real X server, but no data exchange will be possible.

       textclipboard=<bool>
               enable (set to 1) or disable (set to 0) text-only clipboard.  Text-only  clipboard
               is  the old (<= 3.5.99.26) clipboard behaviour where you could only copy and paste
               text strings (no graphics, no rich text, ...). Using this  mode  been  seen  as  a
               security  feature  as  it effectively prevents transferring dangerous binary data,
               e.g.  manipulated  graphics  by  accident.  On  the  other  hand  it's  also  less
               comfortable.  (default: disabled)

       streaming=<bool>
               enable  (set  to  1) or disable (set to 0) streaming support for images, not fully
               implemented yet and thus non-functional. (default: disabled)

       backingstore=<bool>
               disable (set to  0)  or  enforce  (set  to  1)  backing  store  support  (default:
               enforced). In rootless mode backingstore is always disabled.

       composite=<bool>
               enable  (set  to  1)  or disable (set to 0) Composite support in nxagent (default:
               enabled)

       xinerama=<bool>
               enable (set to 1) or disable (set to 0)  XINERAMA  support  in  nxagent  (default:
               enabled)

       shmem=<bool>
               enable/disable  using  shared  memory.  Accepted  values:  1  (enable, default), 0
               (disable)

       shpix=<bool>
               enable/disable shared pixmaps support. Accepted values:  1  (enable,  default),  0
               (disable)

       client=<string>
               type  of  connecting  operating  system  (supported:  linux,  windows, solaris and
               macosx)

       clients=<string>
               filename where to log output of the nxagent's  clients.  This  is  ignored  if  no
               session   id   has   been   provided.   It   then   points   to  stderr.  Default:
               <sessiondir>/clients.

       shadow=<string>
               define the display that should be shadowed

       shadowuid=<int>
               unique identifier for the shadow session

       shadowmode=<bool>
               full access (set to 1) or viewing-only (set to 0, default)

       state=<string>
               filename where to store the state of the nxagent (for easier  interoperation  with
               software like x2go. Default: sessiondir/state.

       defer=<int>
               defer  image updates (enabled for all connection types except LAN), accepts values
               0, 1 and 2

               The default value can be set via the command line (-defer). The value provided  as
               nx/nx  option  is  set when resuming a session, thus it overrides the command line
               default.

               The default depends on the link type (see man nxproxy).

               Each defer level adds the following rules to the previous ones:

               0       Eager encoding.

                       Default for link speed lan and local.

               1       No data is put or copied on pixmaps, marking them always as corrupted  and
                       synchronizing  them  on  demand,  i.e.  when  a  copy  area to a window is
                       requested, the source is synchronized before copying it.

                       Default for link speed wan.

               2       The put images over the windows are skipped  marking  the  destination  as
                       corrupted.  The  same  happens  for  copy  area  and composite operations,
                       spreading the corrupted regions of involved drawables.

                       Default for link speed adsl, isdn and modem.

       tile=<string>
               set the maximum tile size in pixels (<W>x<H>) for bitmap data sent over the wire

               The default value can be set via the command line (-tile). The value  provided  as
               nx/nx  option  is  set when resuming a session, thus it overrides the command line
               default.

       menu=<bool>
               support pulldown menu in nxagent session (only available on proxy <-> agent remote
               sessions) (default: 1, enabled)

       magicpixel=<bool>
               enable/disable magic pixel support in fullscreen mode (default: 1, enabled)

       copysize=<int>
               Maximum  number  of  bytes  that can be pasted from an NX session into an external
               application. Default is unlimited.

       autodpi=<bool>
               enable/disable deriving session DPI automatically from real  server  (default:  0,
               disabled);  only  takes effect on session startups, gets ignored when reconnecting
               to a suspended session

       sleep=<int>
               delay X server operations when suspended (provided in milliseconds), set to  0  to
               keep  nxagent  session fully functional when suspended (e.g. useful when mirroring
               an nxagent session via VNC). Graphic intensive applications will  be  affected  by
               this more than others. The default is 50ms.

       tolerancechecks=<string>

               strict|safe|risky|bypass

               strict  means  that  the number of internal and external pixmap formats must match
                       exactly and every internal pixmap format must be available in the external
                       pixmap format array. This is the default.

               safe    means  that  the  number of pixmap formats might diverge, but all internal
                       pixmap formats must also be included in the external pixmap formats array.
                       This is recommended, because it allows clients with more pixmap formats to
                       still connect, but not lose functionality.

               risky   means that the internal pixmap formats array is allowed to be smaller than
                       the  external pixmap formats array, but at least one pixmap format must be
                       included in both. This is potentially unsafe.

               bypass  means that all of these checks are essentially deactivated. This is a very
                       bad idea.

       autograb=<bool>
               enable  or  disable autograb (default: 0, disabled). Can be toggled during session
               via keystroke.

       If you want to use nxagent as a replacement for Xnest or Xephyr you can pass options  like
       this:

         $ echo nx/nx,fullscreen=1$DISPLAY >/tmp/opt
         $ nxagent <command-line-options> -options /tmp/opt :<nx-display-port>

XDMCP OPTIONS

       X  servers  that  support  XDMCP  have  the  following options.  See the X Display Manager
       Control Protocol specification for more information.

       -query hostname
               enables XDMCP and sends Query packets to the specified hostname.

       -broadcast
               enable XDMCP and broadcasts BroadcastQuery packets  to  the  network.   The  first
               responding display manager will be chosen for the session.

       -multicast [address [hop count]]
               Enable  XDMCP  and  multicast  BroadcastQuery  packets  to the network.  The first
               responding display manager is chosen for the session.  If an address is specified,
               the  multicast is sent to that address.  If no address is specified, the multicast
               is sent to the default XDMCP IPv6 multicast group.  If a hop count  is  specified,
               it  is  used  as  the  maximum  hop  count  for the multicast.  If no hop count is
               specified, the multicast is set to a maximum of 1 hop, to  prevent  the  multicast
               from being routed beyond the local network.

       -indirect hostname
               enables XDMCP and send IndirectQuery packets to the specified hostname.

       -port port-number
               uses  the  specified  port-number for XDMCP packets, instead of the default.  This
               option must be specified before any -query, -broadcast, -multicast,  or  -indirect
               options.

       -from local-address
               specifies  the  local  address  to connect from (useful if the connecting host has
               multiple network interfaces).  The local-address may  be  expressed  in  any  form
               acceptable to the host platform's gethostbyname(3) implementation.

       -once   causes the server to terminate (rather than reset) when the XDMCP session ends.

       -class display-class
               XDMCP  has  an  additional  display qualifier used in resource lookup for display-
               specific options.  This option sets that value, by default it is "MIT-Unspecified"
               (not a very useful value).

       -cookie xdm-auth-bits
               When  testing XDM-AUTHENTICATION-1, a private key is shared between the server and
               the manager.  This option sets the value of that private data (not that it is very
               private, being on the command line!).

       -displayID display-id
               Yet  another XDMCP specific value, this one allows the display manager to identify
               each display so that it can locate the shared key.

XKEYBOARD OPTIONS

       X servers that support  the  XKEYBOARD  (a.k.a.  "XKB")  extension  accept  the  following
       options.   All  layout files specified on the command line must be located in the XKB base
       directory or a subdirectory, and  specified  as  the  relative  path  from  the  XKB  base
       directory.  The default XKB base directory is /usr/share/X11/xkb.

       [+-]kb  enables(+) or disables(-) the XKEYBOARD extension.

       [+-]accessx [ timeout [ timeout_mask [ feedback [ options_mask ] ] ] ]
               enables(+) or disables(-) AccessX key sequences.

       -xkbdir directory
               base directory for keyboard layout files.  This option is not available for setuid
               X servers (i.e., when the X server's real and effective uids are different).

       -ardelay milliseconds
               sets the autorepeat delay (length of time in  milliseconds  that  a  key  must  be
               depressed before autorepeat starts).

       -arinterval milliseconds
               sets  the  autorepeat  interval (length of time in milliseconds that should elapse
               between autorepeat-generated keystrokes).

       -xkbmap filename
               loads keyboard description in filename on server startup.

SECURITY EXTENSION OPTIONS

       X servers that support the SECURITY extension accept the following option:

       -sp filename
               causes the server to attempt to read and interpret filename as a  security  policy
               file  with  the  format  described  below.  The file is read at server startup and
               reread at each server reset.

       The syntax of the security policy file is as follows.  Notation: "*" means  zero  or  more
       occurrences of the preceding element, and "+" means one or more occurrences.  To interpret
       <foo/bar>, ignore the text after the /; it is used to  distinguish  between  instances  of
       <foo> in the next section.

       <policy file> ::= <version line> <other line>*

       <version line> ::= <string/v> '\n'

       <other line > ::= <comment> | <access rule> | <site policy> | <blank line>

       <comment> ::= # <not newline>* '\n'

       <blank line> ::= <space> '\n'

       <site policy> ::= sitepolicy <string/sp> '\n'

       <access rule> ::= property <property/ar> <window> <perms> '\n'

       <property> ::= <string>

       <window> ::= any | root | <required property>

       <required property> ::= <property/rp> | <property with value>

       <property with value> ::= <property/rpv> = <string/rv>

       <perms> ::= [ <operation> | <action> | <space> ]*

       <operation> ::= r | w | d

       <action> ::= a | i | e

       <string> ::= <dbl quoted string> | <single quoted string> | <unquoted string>

       <dbl quoted string> ::= <space> " <not dqoute>* " <space>

       <single quoted string> ::= <space> ' <not squote>* ' <space>

       <unquoted string> ::= <space> <not space>+ <space>

       <space> ::= [ ' ' | '\t' ]*

       Character sets:

       <not newline> ::= any character except '\n'
       <not dqoute>  ::= any character except "
       <not squote>  ::= any character except '
       <not space>   ::= any character except those in <space>

       The semantics associated with the above syntax are as follows.

       <version  line>,  the  first  line in the file, specifies the file format version.  If the
       server does not recognize the version <string/v>, it ignores the rest of  the  file.   The
       version string for the file format described here is "version-1" .

       Once past the <version line>, lines that do not match the above syntax are ignored.

       <comment> lines are ignored.

       <sitepolicy>  lines are currently ignored.  They are intended to specify the site policies
       used by the XC-QUERY-SECURITY-1 authorization method.

       <access rule> lines specify how the server should react to untrusted client requests  that
       affect  the X Window property named <property/ar>.  The rest of this section describes the
       interpretation of an <access rule>.

       For an <access rule> to apply to a given instance of <property/ar>, <property/ar> must  be
       on  a window that is in the set of windows specified by <window>.  If <window> is any, the
       rule applies to <property/ar> on any window.  If <window> is root,  the  rule  applies  to
       <property/ar> only on root windows.

       If  <window>  is  <required  property>,  the following apply.  If <required property> is a
       <property/rp>, the rule applies when the window also has that <property/rp>, regardless of
       its  value.   If  <required property> is a <property with value>, <property/rpv> must also
       have the value specified by <string/rv>.  In this case, the property must have type STRING
       and  format  8,  and  should  contain  one or more null-terminated strings.  If any of the
       strings match <string/rv>, the rule applies.

       The definition of string matching is simple  case-sensitive  string  comparison  with  one
       elaboration: the occurrence of the character '*' in <string/rv> is a wildcard meaning "any
       string."  A <string/rv> can contain  multiple  wildcards  anywhere  in  the  string.   For
       example,  "x*"  matches  strings  that begin with x, "*x" matches strings that end with x,
       "*x*" matches strings containing x, and "x*y*" matches  strings  that  start  with  x  and
       subsequently contain y.

       There may be multiple <access rule> lines for a given <property/ar>.  The rules are tested
       in the order that they appear in the file.  The first rule that applies is used.

       <perms> specify operations that untrusted clients may attempt, and the  actions  that  the
       server should take in response to those operations.

       <operation>  can  be  r (read), w (write), or d (delete).  The following table shows how X
       Protocol  property  requests  map  to  these  operations  in   The   Open   Group   server
       implementation.

       GetProperty    r, or r and d if delete = True
       ChangeProperty w
       RotateProperties    r and w
       DeleteProperty d
       ListProperties none, untrusted clients can always list all properties

       <action>  can  be a (allow), i (ignore), or e (error).  Allow means execute the request as
       if it had been issued by a trusted client.  Ignore means treat the request as a no-op.  In
       the  case  of  GetProperty,  ignore  means  return an empty property value if the property
       exists, regardless of its actual value.  Error means do not execute the request and return
       a  BadAtom  error with the atom set to the property name.  Error is the default action for
       all properties, including those not listed in the security policy file.

       An <action> applies to all <operation>s  that  follow  it,  until  the  next  <action>  is
       encountered.  Thus, irwad  means ignore read and write, allow delete.

       GetProperty  and  RotateProperties  may  do multiple operations (r and d, or r and w).  If
       different actions apply to the operations, the most severe action is applied to the  whole
       request;  there is no partial request execution.  The severity ordering is: allow < ignore
       < error.  Thus, if the <perms> for a property are ired (ignore read, error delete), and an
       untrusted  client  attempts  GetProperty  on that property with delete = True, an error is
       returned, but the property value is not.   Similarly,  if  any  of  the  properties  in  a
       RotateProperties  do  not allow both read and write, an error is returned without changing
       any property values.

       Here is an example security policy file.

       version-1

       # Allow reading of application resources, but not writing.
       property RESOURCE_MANAGER     root      ar iw
       property SCREEN_RESOURCES     root      ar iw

       # Ignore attempts to use cut buffers.  Giving errors causes apps to crash,
       # and allowing access may give away too much information.
       property CUT_BUFFER0          root      irw
       property CUT_BUFFER1          root      irw
       property CUT_BUFFER2          root      irw
       property CUT_BUFFER3          root      irw
       property CUT_BUFFER4          root      irw
       property CUT_BUFFER5          root      irw
       property CUT_BUFFER6          root      irw
       property CUT_BUFFER7          root      irw

       # If you are using Motif, you probably want these.
       property _MOTIF_DEFAULT_BINDINGS        rootar iw
       property _MOTIF_DRAG_WINDOW   root      ar iw
       property _MOTIF_DRAG_TARGETS  any       ar iw
       property _MOTIF_DRAG_ATOMS    any       ar iw
       property _MOTIF_DRAG_ATOM_PAIRS         anyar iw

       # The next two rules let xwininfo -tree work when untrusted.
       property WM_NAME              any       ar

       # Allow read of WM_CLASS, but only for windows with WM_NAME.
       # This might be more restrictive than necessary, but demonstrates
       # the <required property> facility, and is also an attempt to
       # say "top level windows only."
       property WM_CLASS             WM_NAME   ar

       # These next three let xlsclients work untrusted.  Think carefully
       # before including these; giving away the client machine name and command
       # may be exposing too much.
       property WM_STATE             WM_NAME   ar
       property WM_CLIENT_MACHINE    WM_NAME   ar
       property WM_COMMAND           WM_NAME   ar

       # To let untrusted clients use the standard colormaps created by
       # xstdcmap, include these lines.
       property RGB_DEFAULT_MAP      root      ar
       property RGB_BEST_MAP         root      ar
       property RGB_RED_MAP          root      ar
       property RGB_GREEN_MAP        root      ar
       property RGB_BLUE_MAP         root      ar
       property RGB_GRAY_MAP         root      ar

       # To let untrusted clients use the color management database created
       # by xcmsdb, include these lines.
       property XDCCC_LINEAR_RGB_CORRECTION    rootar
       property XDCCC_LINEAR_RGB_MATRICES      rootar
       property XDCCC_GRAY_SCREENWHITEPOINT    rootar
       property XDCCC_GRAY_CORRECTION          rootar

       # To let untrusted clients use the overlay visuals that many vendors
       # support, include this line.
       property SERVER_OVERLAY_VISUALS         rootar

       # Dumb examples to show other capabilities.

       # oddball property names and explicit specification of error conditions
       property "property with spaces"         'property with "'aw er ed

       # Allow deletion of Woo-Hoo if window also has property OhBoy with value
       # ending in "son".  Reads and writes will cause an error.
       property Woo-Hoo              OhBoy = "*son"ad

NETWORK CONNECTIONS

       The X server supports client connections via a platform-dependent subset of the  following
       transport  types:  TCPIP,  Unix  Domain  sockets  and  several  varieties  of  SVR4  local
       connections.  See the DISPLAY NAMES section of the  X(__miscmansuffix__)  manual  page  to
       learn how to specify which transport type clients should try to use.

GRANTING ACCESS

       The  X  server  implements  a  platform-dependent  subset  of  the following authorization
       protocols: MIT-MAGIC-COOKIE-1, XDM-AUTHORIZATION-1,  XDM-AUTHORIZATION-2,  SUN-DES-1,  and
       MIT-KERBEROS-5.   See  the Xsecurity(__miscmansuffix__) manual page for information on the
       operation of these protocols.

       Authorization data required by the above protocols is passed to the server  in  a  private
       file  named  with  the -auth command line option.  Each time the server is about to accept
       the first connection after a reset (or when the server is starting), it reads  this  file.
       If  this  file  contains  any  authorization  records, the local host is not automatically
       allowed access to the server, and only clients which send one of the authorization records
       contained in the file in the connection setup information will be allowed access.  See the
       Xau manual page for a description of the binary format of this  file.   See  xauth(1)  for
       maintenance of this file, and distribution of its contents to remote hosts.

       The  X  server  also  uses a host-based access control list for deciding whether or not to
       accept connections from clients on  a  particular  machine.   If  no  other  authorization
       mechanism  is  being used, this list initially consists of the host on which the server is
       running as well as any machines listed in the file /etc/Xn.hosts, where n is  the  display
       number  of  the  server.  Each line of the file should contain either an Internet hostname
       (e.g. expo.lcs.mit.edu) or a complete name in the format family:name as described  in  the
       xhost(1)  manual  page.   There should be no leading or trailing spaces on any lines.  For
       example:

               joesworkstation
               corporate.company.com
               star::
               inet:bigcpu
               local:

       Users can add or remove hosts from this list and enable or disable  access  control  using
       the xhost command from the same machine as the server.

       If   the  X  FireWall  Proxy  (xfwp)  is  being  used  without  a  sitepolicy,  host-based
       authorization must be turned on for clients to be able to connect to the X server via  the
       xfwp.   If  xfwp is run without a configuration file and thus no sitepolicy is defined, if
       xfwp is using an X server where xhost + has been run to turn off host-based  authorization
       checks,  when  a client tries to connect to this X server via xfwp, the X server will deny
       the connection.  See xfwp(1) for more information about this proxy.

       The X protocol intrinsically does not have any notion of window operation  permissions  or
       place  any restrictions on what a client can do; if a program can connect to a display, it
       has full run of the screen.  X servers that support the  SECURITY  extension  fare  better
       because clients can be designated untrusted via the authorization they use to connect; see
       the xauth(1) manual page for details.  Restrictions are imposed on untrusted clients  that
       curtail the mischief they can do.  See the SECURITY extension specification for a complete
       list of these restrictions.

       Sites that have better authentication and authorization systems might wish to make use  of
       the hooks in the libraries and the server to provide additional security models.

SIGNALS

       The X server attaches special meaning to the following signals:

       SIGHUP  This  signal  causes  the  server  to  close  all  existing  connections, free all
               resources, and restore all defaults.  It is sent by the display  manager  whenever
               the  main  user's  main  application (usually an xterm or window manager) exits to
               force the server to clean up and prepare for the next user.

       SIGTERM This signal causes the server to exit cleanly.

       SIGUSR1 This signal is used quite differently from either of the above.  When  the  server
               starts,  it  checks  to  see if it has inherited SIGUSR1 as SIG_IGN instead of the
               usual SIG_DFL.  In this case, the server sends a SIGUSR1  to  its  parent  process
               after  it  has  set  up  the various connection schemes.  Xdm uses this feature to
               recognize when connecting to the server is possible.

FONTS

       The X server can obtain fonts from directories and/or from  font  servers.   The  list  of
       directories and font servers the X server uses when trying to open a font is controlled by
       the font path.

       The default font path is __default_font_path__ .

       The font path can be set with the -fp option or by xset(1) after the server has started.

FILES

       /etc/Xn.hosts                 Initial access control list for display number n

       /usr/share/fonts/X11/misc,
                                         /usr/share/fonts/X11/75dpi,
                                         /usr/share/fonts/X11/100dpi Bitmap font directories

       /usr/share/fonts/X11/Type1    Outline font directories

       /usr/share/nx/rgb             Color database

       /tmp/.X11-unix/Xn             Unix domain socket for display number n

       /tmp/rcXn                     Kerberos 5 replay cache for display number n

SEE ALSO

       Protocols: X Window System Protocol, NX Compression Protocol, The X Font Service Protocol,
       X Display Manager Control Protocol

       Fonts:   bdftopcf(1),  mkfontdir(1),  mkfontscale(1),  xfs(1),  xlsfonts(1),  xfontsel(1),
       xfd(1), X Logical Font Description Conventions

       Security:  Xsecurity(__miscmansuffix__),  xauth(1),  Xau(1),  xdm(1),  xhost(1),  xfwp(1),
       Security Extension Specification

       Starting the server: xdm(1), xinit(1)

       Controlling the server once started: xset(1), xsetroot(1), xhost(1)

       Server-specific  man  pages:  Xdec(1),  XmacII(1), Xsun(1), Xnest(1), Xvfb(1), XFree86(1),
       XDarwin(1).

       Server internal documentation: Definition of the Porting Layer for the X v11 Sample Server

AUTHORS

       The first sample X server was originally written by  Susan  Angebranndt,  Raymond  Drewry,
       Philip  Karlton,  and Todd Newman, from Digital Equipment Corporation, with support from a
       large cast.  It has since been extensively rewritten by Keith Packard and  Bob  Scheifler,
       from MIT. Dave Wiggins took over post-R5 and made substantial improvements.

       The  first  implementation  of  nx-X11  (version 1.x up to 3.5.x) was written by NoMachine
       (maintained until 2011).

       The current implementation of nx-X11 is maintained by various projects, amongst others The
       Arctica Project, TheQVD (Qindel Group) and X2Go.

       This  manual  page  was written by Per Hansen <spamhans@yahoo.de>, and modified by Marcelo
       Boveto Shima <marceloshima@gmail.com> and Mike Gabriel <mike.gabriel@das-netzwerkteam.de>.
       In 2016, the original Xserver.man page shipped with nx-X11 was merged into the nxagent man
       page and received a major update by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>.