Provided by: tigervnc-scraping-server_1.12.0+dfsg-4ubuntu0.22.04.1_amd64 bug

NAME

       x0tigervncserver - start or stop a TigerVNC scraping server

SYNOPSIS

       x0tigervncserver  [:display#|-display :display#] [-rfbport rfbport#] [-localhost [yes|no]]
       [-SecurityTypes sec-types] [-PasswordFile|-rfbauth  passwd-file]  [-PlainUsers  user-list]
       [-PAMService|-pam_service  service-name]  [-X509Key  cert-key-file]  [-X509Cert cert-file]
       [-fg]           [-useold]           [-verbose]            [-dry-run]            [-Geometry
       <width>x<height>[{+,-}<xoffset>{+,-}<yoffset>]] [X0tigervnc options...]
       x0tigervncserver -kill [{:display#,:*}|-display {:display#,:*}] [-rfbport rfbport#] [-dry-
       run] [-verbose] [-clean]
       x0tigervncserver  -list  [{:display#,:*}|-display  {:display#,:*}]   [-rfbport   rfbport#]
       [-cleanstale]
       x0tigervncserver -version

DESCRIPTION

       The x0tigervncserver wrapper script is used to start the X0tigervnc server that makes an X
       display remotely accessible via VNC (Virtual Network Computing).  Unlike  Xtigervnc,  this
       server  does  not  create  a virtual display. Instead, it just shares an existing X server
       (typically, that one connected to the physical screen). The XDamage extension will be used
       if  the existing X server supports it. Otherwise, X0tigervnc will fall back to polling the
       screen for changes.

       As usual, the VNC desktop can be connected to with the xtigervncviewer VNC viewer  or  any
       other   VNC   viewer.  For  details,  see  the  xtigervncviewer(1)  man  page  or  execute
       "xtigervncviewer -help".

       System defaults for this  wrapper  script  are  found  in  /etc/tigervnc/vncserver-config-
       defaults.   These   defaults   can   be   overwritten   by  the  user  defaults  given  in
       ~/.vnc/tigervnc.conf (see the tigervnc.conf(5x)  man  page).  Next,  command-line  options
       overwrite  the  settings  in  both  tigervnc  configuration  files.  Finally, options from
       /etc/tigervnc/vncserver-config-mandatory  have  the  highest  priority   overwriting   all
       previous settings.

       WARNING!  There  is nothing stopping users from constructing their own wrapper script that
       calls X0tigervnc directly to bypass any options defined  in  the  /etc/tigervnc/vncserver-
       config-mandatory configuration file.

OPTIONS

       You  can  get a list of options by giving -h as an option to x0tigervncserver. In addition
       to the options listed below, any unrecognized options will be passed to X0tigervnc  –  see
       the X0tigervnc(1) man page or "X0tigervnc -help" for details.

       :display#|-display :display#
              Specifies the X11 display to be shared by the X0tigervnc server.

       -rfbport rfbport#
              Specifies  the  TCP  port  on which X0tigervnc listens for connections from viewers
              (the protocol used in VNC is called RFB – "remote  framebuffer").  The  default  is
              5900 plus the display number display#.

       -localhost [yes|no]
              Should  the  TigerVNC  server  only  listen  on  localhost  for  incoming  TigerVNC
              connections. Useful if you use SSH and want to stop non-SSH  connections  from  any
              other  hosts.  If  the option is not specified, then the behavior is as follows: We
              will only listen on localhost if the sec-types list does not contain  any  TLS*  or
              X509*  security  types  or  if  the list contains at least one *None security type.
              Otherwise, we will listen on all network addresses of the machine.

       -SecurityTypes sec-types
              Specify which security scheme to use for incoming connections. Valid values  are  a
              comma  separated list of None, VncAuth, Plain, TLSNone, TLSVnc, TLSPlain, X509None,
              X509Vnc, and  X509Plain.  Default  is  VncAuth  if  -localhost  is  not  given  and
              VncAuth,TLSVnc if -localhost no is given.

       -PasswordFile passwd-file | -rfbauth passwd-file
              Specifies  the  file  containing  the password used to authenticate viewers for the
              security types VncAuth, TLSVnc, and X509Vnc. The passwd-file is accessed each  time
              a  connection  comes in, so it can be changed on the fly via tigervncpasswd(1). The
              default password file is ~/.vnc/passwd.

       -PlainUsers user-list
              A comma separated list of user names that are allowed to authenticate  via  any  of
              the  *Plain  security  types  (i.e., Plain, TLSPlain, etc.). Specify * to allow any
              user to authenticate using this security type. Default is to only  allow  the  user
              that has started the x0tigervncserver wrapper script.

       -PAMService service-name | -pam_service service-name
              PAM  service name to use when authenticating users using any of the *Plain security
              types. Default is vnc if /etc/pam.d/vnc is  present  and  tigervnc  otherwise.  The
              tigervnc-common package ships the /etc/pam.d/tigervnc PAM service configuration for
              use by x0tigervncserver.

       -X509Cert cert-path and -X509Key key-path
              Path to a X509 certificate in PEM format to be used for  all  X509  based  security
              types  (i.e.,  X509None,  X509Vnc,  etc.)  as  well  as its private key also in PEM
              format. If the certificate and its key are  not  provided  via  the  -X509Cert  and
              -X509Key  command-line  options  or their corresponding configuration parameters in
              /etc/tigervnc/vncserver-config-defaults,          ~/.vnc/tigervnc.conf,          or
              /etc/tigervnc/vncserver-config-mandatory,  then the x0tigervncserver wrapper script
              auto  generates  a  self  signed  certificate.  The  auto  generated  self   signed
              certificates  are  stored  in  the  files  ~/.vnc/host-SrvCert.pem and ~/.vnc/host-
              SrvKey.pem.

       -fg    Runs the X0tigervnc server as a foreground process. Thus, the server can be aborted
              with CTRL-C.

       -useold
              Only  start  a  new TigerVNC server if a VNC server for your account is not already
              running on the requested display number display#  and  RFB  port  rfbport#.  If  no
              display number is requested, a new TigerVNC server will only be started if there is
              no TigerVNC server running under your user account. In any case, information  about
              the  newly  started  TigerVNC  server or the reused TigerVNC server session will be
              printed.

       -verbose
              This will turn on some debug output.

       -dry-run
              Do not actually do anything, but only perform the checks if  the  requested  action
              would be possible. For example, there will be checks performed for the availability
              of the requested display number display#.

       -Geometry <width>x<height>[{+,-}<xoffset>{+,-}<yoffset>]
              Specifies the screen area that will be shown to VNC clients, e.g., 640x480+320+240.
              The format is <width>x<height>+<xoffset>+<yoffset>, where `+' signs can be replaced
              with `-' signs to specify offsets from the right and/or  from  the  bottom  of  the
              screen.  Offsets are optional, +0+0 is assumed by default (top left corner). If the
              argument is empty, full screen is shown to VNC clients (this is the default).

       -kill [ :{display#,*} | -display :{display#,*} ] [ -rfbport rfbport# ]
              This  kills  a  TigerVNC  server  previously  started  with   x0tigervncserver   or
              tigervncserver. It does this by killing the VNC server process, whose process ID is
              stored in the file ~/.vnc/host:rfbport#.pid. If :* is given, then  x0tigervncserver
              tries  to  kill  all  VNC  server  processes  with  pidfiles in ~/.vnc on the local
              machine. If no display number is given, then x0tigervncserver tries to kill the VNC
              server process of the user on the local machine if only one such process is running
              and has a pidfile in ~/.vnc.

       -clean If given with -kill, then the logfile ~/.vnc/host:rfbport#.log is also removed.

       -list [ :{display#,*} | -display :{display#,*} ] [ -rfbport rfbport# ]
              This lists all running TigerVNC servers previously started with x0tigervncserver or
              tigervncserver. Stale entries are marked with (stale) in the output.

       -cleanstale
              If  given  with  -list,  then  stale  entries  –  resulting from missed cleanups of
              pidfiles in ~/.vnc as well as stale X11 locks and sockets in /tmp due to  Xtigervnc
              or X0tigervnc server crashes – are cleaned up and not shown in the output of -list.

FILES

       Several TigerVNC-related files are found in the ~/.vnc directory:

       ~/.vnc/tigervnc.conf
              The user configuration file for x0tigervncserver.

       ~/.vnc/passwd
              The TigerVNC password file for the security types VncAuth, TLSVnc, and X509Vnc.

       ~/.vnc/<host>:<rfbport#>.log
              The log file for the VNC server.

       ~/.vnc/<host>:<rfbport#>.pid
              Identifies the VNC server process ID, used by the -kill option.

       ~/.vnc/<host>-SrvCert.pem and <host>-SrvKey.pem
              The  security  types  X509None,  X509Vnc,  and X509Plain need a certificate and the
              corresponding private key. If these are not provided via the -X509Cert and -X509Key
              command-line   options   or   their   corresponding   configuration  parameters  in
              /etc/tigervnc/vncserver-config-defaults,          ~/.vnc/tigervnc.conf,          or
              /etc/tigervnc/vncserver-config-mandatory,  then the x0tigervncserver wrapper script
              auto generates a self signed certificate for the -X509Cert and -X509Key options  of
              the VNC server. The auto generated self signed certificates are stored in the above
              given two files. If the user wants their own certificate – instead of the on demand
              auto  generated  one  –  they  can either specify it via the -X509Cert and -X509Key
              options to the x0tigervncserver wrapper script or replace the auto generated  files
              ~/.vnc/host-SrvCert.pem   and  ~/.vnc/host-SrvKey.pem.  These  files  will  not  be
              overwritten once generated by the x0tigervncserver wrapper script.

       Furthermore,  there  are  global  configuration  files   for   x0tigervncserver   in   the
       /etc/tigervnc directory:

       /etc/tigervnc/vncserver-config-defaults
              The global configuration file specifying the defaults for x0tigervncserver.

       /etc/tigervnc/vncserver-config-mandatory
              If  this  file  exists  and  defines  options to be passed to X0tigervnc, they will
              override any of the same options defined in a user's  tigervnc.conf  file  or  ones
              given  on  the command line of this wrapper script. This file offers a mechanism to
              establish some basic form of system-wide policy.

              WARNING! There is nothing stopping users from constructing their own wrapper script
              that   calls   X0tigervnc   directly   to   bypass   any  options  defined  in  the
              /etc/tigervnc/vncserver-config-mandatory configuration file.

SEE ALSO

       tigervnc.conf(5x), tigervncpasswd(1), X0tigervnc(1), xtigervncviewer(1), tigervncserver(1)
       https://www.tigervnc.org/

AUTHOR

       Joachim Falk, Constantin Kaplinsky and others.

       VNC was originally developed by the RealVNC team while at Olivetti  Research  Ltd  /  AT&T
       Laboratories  Cambridge. TightVNC additions were implemented by Constantin Kaplinsky. Many
       other people have since participated in development, testing and support. This  manual  is
       part of the TigerVNC Debian packaging project.