Provided by: tigervnc-common_1.12.0+dfsg-5_amd64 bug


       tigervnc.conf - configuration files for Virtual Network Computing


       $variable = "someValue";

       $variable = "someValue";

       $variable .= "someValue";

       $variable = $var1 . $var2;


       This  man page describes the syntax and options of the three configuration files loaded by
       tigervncserver(1),  the  free  X  server  for  Virtual  Network  Computing  (VNC).   These
       configuration  files  can  be  used  to change the behavior of the server at startup time,
       although for all values suitable inbuilt defaults are preset.

       First, /etc/tigervnc/vncserver-config-defaults is read  specifying  the  system  defaults.
       Then, tigervncserver(1) will proceed and read $HOME/.vnc/tigervnc.conf, a file that can be
       changed on a per-user base. The options in this file will override  the  system  defaults.
       Next,  command-line  options  overwrite  both  the  system  defaults  and  the settings in
       $HOME/.vnc/tigervnc.conf.  Finally, the configuration file /etc/tigervnc/vncserver-config-
       mandatory  is  parsed.  If this file exists and defines options to be passed to Xtigervnc,
       they will override any of the same options defined in a user's $HOME/.vnc/tigervnc.conf as
       well  as  options  given  via the command line.  This file offers a mechanism to establish
       some basic form of system-wide policy.

       WARNING! There is nothing stopping users from constructing their  own  start  script  that
       calls  Xtigervnc directly to bypass any options defined in /etc/tigervnc/vncserver-config-


       The system configuration file /etc/tigervnc/vncserver-config-defaults should come with the
       Debian  package  tigervnc-standalone-server.   This file serves as an example for the user
       file $HOME/.vnc/tigervnc.conf.  The system configuration file is pretty  self-descriptive,
       and this document will mainly repeat the information that already can be found there.


       The  file  is  in  perl(1)  syntax,  although only variable assignment is allowed for your
       safety and convenience. But there still a variety  of  possibilities  to  set  the  string

       All  variable  names  are prefixed by `$'. You can assign a string to a variable using the
       `=' operator, and you can append a string to a variable using the `.=' operator.  You  can
       concatenate  two strings using the `.'  operator. You can substitute variables even inside
       quotes. You can access the environment variables using the notation $ENV{VARIABLE}.

       You can unset a variable by assigning undef to it. Use this to return  the  state  of  the
       variable from `set' to `use default'.

       You must end a line with a semicolon.


       The options are given with their default value if this is known.

       $fontPath = "<font_dir>,<font_dir>,..."
              Should  be  a  comma  separated  list of fonts to be added to the font path. If not
              specified, the default will apply.

       $PAMService = "tigervnc";
              This parameter specifies the PAM service used for plain password authentication  if
              one of the security types Plain, TLSPlain, or X509Plain is used.  If /etc/pam.d/vnc
              is not present, then tigervncserver(1) expects to use the tigervnc PAM  service  to
              authenticate the passwords of users when any of the *Plain security types are used.
              Note that the tigervnc-common package provides the PAM service  configuration  file
              /etc/pam.d/tigervnc.   Otherwise,  if  /etc/pam.d/vnc  is present, then the vnc PAM
              service will be used.

       $sslAutoGenCertCommand = "openssl req
                      -newkey ec:/etc/tigervnc/openssl-ecparams.pem
                      -x509 -days 2190 -nodes";
              The command specified by the  $sslAutoGenCertCommand  parameter  is  used  to  auto
              generate  the  certificate  for the -X509Cert and -X509Key options of Xtigervnc(1).
              The configuration for openssl(1SSL) is taken from  /etc/tigervnc/openssl.cnf  where
              we substitute @HostName@ by the fully qualified domain name of the host.

       $vncUserDir = "$ENV{HOME}/.vnc";
              Contains the filename for the log files directory of Xtigervnc (the server) and the
              viewers that are connected to it.

       $vncPasswdFile = $vncUserDir . "/passwd";
              Contains the filename of the password file for Xtigervnc. This file  is  only  used
              for the security types VncAuth, TLSVnc, and X509Vnc.

       $vncStartup = "/etc/X11/Xtigervnc-session";
              Points  to  a  script  that  will  be  started  at  the very beginning when neither
              $vncUserDir/Xtigervnc-session   nor   $vncUserDir/xstartup    is    present.     If
              $vncUserDir/Xtigervnc-session  is  present,  it  will  be  used.  Otherwise, we try
              $vncUserDir/xstartup.  If this is also absent, then we use the $vncStartup  script.
              If  $vncStartup is specified in $vncUserDir/tigervnc.conf, then this script is used
              unconditionally.   That   is    without    checking    for    the    presence    of
              $vncUserDir/Xtigervnc-session or $vncUserDir/xstartup.

       $session = undef;
              This  option  can  be  used  to  control which X session type will be started. This
              should match one of the files in /usr/share/xsessions. For example, if there  is  a
              file  called gnome.desktop, then $session = "gnome" would start this X session. The
              command to start the session is passed to the $vncStartup script. If  this  is  not
              specified,  then  /etc/X11/Xtigervnc-session  will  start  the session specified by

       $xauthorityFile = "$ENV{HOME}/.Xauthority";
              Specifies the path to the X authority file that should be used  by  your  Xtigervnc

       $desktopName = "${HOSTFQDN}:nn ($ENV{LOGNAME})";
              Should  be  set  to  the  default  name  of the desktop. This can be changed at the
              command line with -desktop.

       $geometry = "<width>x<height>";
              This sets the framebuffer width & height to be used by  the  Xtigervnc  server.  On
              default,  1920x1200  is  used.  A  values for this option as well as the $depth and
              $pixelformat options can be derived if the tigervncserver(1) is run in a X  session
              –  either  $ENV{DISPLAY}  or  the  session  given  by  $getDefaultFrom  –  with the
              -xdisplaydefaults option. The geometry can also be changed at the commandline  with
              the  -geometry  option.  Otherwise, the fixed defaults given here as well as in the
              following two configuration parameter documentations will be used.

       $depth = "32";
              This sets the framebuffer color depth, i.e., the number of bits per pixel  to  use.
              It must be either 16, 24, or 32.

       $pixelformat = "rgb888";
              Specifies  the  pixel format for the Xtigervnc(1) server to use (BGRnnn or RGBnnn).
              The default for depth  16  is  RGB565  (meaning  the  most  significant  five  bits
              represent  red,  the next six green, and the least significant five represent blue)
              and for depth 24 and 32 is RGB888.

       $wmDecoration = "8x64";
              Sets the adjustment of $geometry to accommodate the window decoration used  by  the
              X11  window  manager. This is used to fully display the VNC desktop even if the VNC
              viewer is not in full screen mode.

              This option lets you set the display from which you can query the  default  of  the
              above  three  options,  if  you  don't  want  to start tigervncserver from within a
              running X server. It will be added to the call of xdpyinfo. It is useful to get the
              default from the X server you will run xtigervncviewer in, because the data has not
              to be recalculated then.

              $getDefaultFrom = "-display localhost:0"; is an example how to do this.

       $scrapingGeometry = "<width>x<height>+<xoffset>+<yoffset>";
              is only used by the scraping TigerVNC server. It specifies  the  screen  area  that
              will   be   shown   to   VNC   clients,   e.g.,   640x480+320+240.  The  format  is
              <width>x<height>+<xoffset>+<yoffset>, where `+' signs  can  be  replaced  with  `-'
              signs  to  specify  offsets  from  the  right and/or from the bottom of the screen.
              Offsets are optional, +0+0 is assumed by default (top left corner). If the variable
              is not defined, full screen is shown to VNC clients (this is the default).

       $localhost = "yes";
              Should  the  TigerVNC  server  only  listen  on  localhost  for  incoming  TigerVNC
              connections. This is useful if you use SSH and want  to  stop  non-SSH  connections
              from  any  other  hosts. Hence, $localhost = "yes" is the default if security types
              are not specified. In this case, only the security type VncAuth will be offered. If
              the  security  types  are  specified, either via the option -SecurityTypes given to
              tigervncserver(1)  or   via   the   $SecurityTypes   configuration   parameter   in
              /etc/tigervnc/vncserver-config-defaults  or  in  $HOME/.vnc/tigervnc.conf, then the
              default  depends  on  the  specified  security   types.   The   default   will   be
              $localhost = "no"  if the specified security types contain at least one of the TLS*
              or X509* secutity types and also contain none  of  the  *None  security  types.  As
              always,  the  defaults  can  be  overwritten  on the commandline via the -localhost
              option or via the $localhost configuration  parameter  in  /etc/tigervnc/vncserver-
              config-defaults or in $HOME/.vnc/tigervnc.conf.

       $SecurityTypes = "VncAuth"
              The  $SecurityTypes  parameter  contains  a  comma  separated  list  of the default
              security types the Xtigervnc server will offer. Available security types are  None,
              VncAuth,  Plain,  TLSNone,  TLSVnc,  TLSPlain, X509None, X509Vnc and X509Plain. The
              *None security types do not offer any kind of user  authentication  for  connecting
              VNC  sessions.   Hence,  combining a *None security type and $localhost = "no" is a
              very bad idea. The TLS* and X509* security types do enforce SSL encryption for data
              transmission. Hence, combining a TLS* or X509* security type and $localhost = "yes"
              is a senseless idea. Thus, in  the  case  of  $localhost = "no",  the  default  for
              $SecurityTypes will be extended from VncAuth to VncAuth,TLSVnc.

       $PlainUsers = "$ENV{LOGNAME}"
              The  $PlainUsers  configuration  parameter contains a comma separated list of users
              that are authorized to access the VNC server if the security types Plain, TLSPlain,
              or X509Plain are used to establish the connection. The password for these users are
              check by the system via the PAM service specified via the $PAMService configuration
              variable  or  the  -PAMService  option.  On  default,  only  the  user starting the
              tigervncserver is contained in the list. By specifying *, any user can authenticate
              using this security type.

       $X509Cert and $X509Key
              These  two options contain the filenames for a certificate and its key that is used
              for the security types X509None, X509Vnc, and X509Plain. If nothing is specified  –
              the   default   case   –  then  a  self-signed  certificate  is  auto-generated  by
              tigervncserver(1)   and   stored    in    $HOME/.vnc/${HOSTFQDN}-SrvCert.pem    and
              $HOME/.vnc/${HOSTFQDN}-SrvKey.pem,   respectively.   If  filenames  are  given  for
              $X509Cert and $X509Key either here or on the commandline via -X509Cert and -X509Key
              options,  then  the  auto generation is disabled and the user has to take care that
              usable certificates are present.


              The global configuration  file  specifying  the  defaults  for  tigervncserver  and

              The user's tigervnc.conf configuration file.

              If this file exists and defines options, they will override any of the same options
              defined in a user's tigervnc.conf file or ones given on the  command  line  of  the
              wrapper  scripts  tigervncserver and x0tigervncserver. This file offers a mechanism
              to establish some basic form of system-wide policy.

              WARNING! There is nothing stopping users from constructing their own wrapper script
              that  calls  Xtigervnc  or X0tigervnc directly to bypass any options defined in the
              /etc/tigervnc/vncserver-config-mandatory configuration file.


       tigervncconfig(1),     tigervncpasswd(1),      tigervncserver(1),      tigervncsession(8),
       x0tigervncserver(1), Xtigervnc(1), X0tigervnc(1), xtigervncviewer(1)


       2022  - Modified for TigerVNC 1.12.0 by Joachim Falk ( 2021 - Modified
       for TigerVNC 1.11.0 by Joachim Falk ( 2016 - Modified for TigerVNC 1.7
       by  Joachim  Falk  (  2006  -  Modified  for vnc 4.1.2 by Joachim Falk
       (    1998    -    Originally    written    by     Marcus     Brinkmann
       ( for the Debian GNU/Linux Distribution.