Provided by: ltsp_22.01-2_all 
NAME
ltsp.conf - client configuration file for LTSP
SYNOPSIS
The LTSP client configuration file is placed at /etc/ltsp/ltsp.conf and it loosely follows
the .ini format. It is able to control various settings of the LTSP server and clients.
After each ltsp.conf modification, the ltsp initrd command needs to be run so that it's
included in the additional ltsp.img initrd that is sent when the clients boot.
CREATION
To create an initial ltsp.conf, run the following command:
install -m 0660 -g sudo /usr/share/ltsp/common/ltsp/ltsp.conf /etc/ltsp/ltsp.conf
The optional -g sudo parameter allows users in the sudo group to edit ltsp.conf with any
editor (e.g. gedit) without running sudo.
SYNTAX
Open and view the /etc/ltsp/ltsp.conf file that you just created, so that it's easier to
understand its syntax.
The configuration file is separated into sections:
• The special [server] section is evaluated only by the ltsp server.
• The special [common] section is evaluated by both the server and ltsp clients.
• In the special [clients] section, parameters for all clients can be defined.
Most ltsp.conf parameters should be placed there.
• MAC address, IP address, or hostname sections can be used to apply settings to
specific clients. Those support globs, for example [192.168.67.*].
• It's also possible to group parameters into named sections like [crt_monitor] in
the example, and reference them from other sections with the INCLUDE= parameter.
• Advanced users may also use [applet/host] sections, for example [initrd-
bottom/library*] would be evaluated by the ltsp initrd-bottom applet only for
clients that have a hostname that starts with "library".
The ltsp.conf configuration file is internally transformed into a shell script, so all the
shell syntax rules apply, except for the sections headers which are transformed into
functions.
This means that you must not use spaces around the "=" sign, and that you may write
comments using the "#" character.
The ltsp initrd command does a quick syntax check by running sh -n /etc/ltsp/ltsp.conf and
aborts if it detects syntax errors.
PARAMETERS
The following parameters are currently defined; an example is given in each case.
ADD_IMAGE_EXCLUDES="/etc/ltsp/add-image.excludes"
OMIT_IMAGE_EXCLUDES="home/*"
Add or omit items to the ltsp image exclusion list. Some files and directories
shouldn't be included in the generated image. The initial list is defined in
/usr/share/ltsp/server/image/image.excludes. It can be completely overridden by
creating /etc/ltsp/image.excludes. ADD_IMAGE_EXCLUDES and OMIT_IMAGE_EXCLUDES can
finetune the list by adding or removing lines to it. They can either be filenames
or multiline text.
AUTOLOGIN="user01"
RELOGIN=0|1
GDM3_CONF="WaylandEnable=false"
LIGHTDM_CONF="greeter-hide-users=true"
SDDM_CONF="/etc/ltsp/sddm.conf"
Configure the display manager to log in this user automatically. If SSHFS is used,
the PASSWORDS_x parameter (see below) must also be provided. AUTOLOGIN can be a
simple username like "user01", or it can be a partial regular expression that
transforms a hostname to a username. For example, AUTOLOGIN="pc/guest" means
"automatically log in as guest01 in pc01, as guest02 in pc02 etc". Setting
RELOGIN=0 will make AUTOLOGIN work only once. Finally, the *_CONF parameters can
be either filenames or direct text, and provide a way to write additional content
to the generated display manager configuration.
CRONTAB_x="30 15 * * * root poweroff"
Add a line in crontab. The example powers off the clients at 15:30.
CUPS_SERVER="$SERVER"
Set the CUPS server in the client /etc/cups/client.conf. Defaults to $SERVER.
You're supposed to also enable printer sharing on the server by running cupsctl
_share_printers=1 or system-config-printer or by visiting http://localhost:631.
Then all printers can be managed on the LTSP server. Other possible values are
CUPS_SERVER="localhost", when a printer is connected to a client, or
CUPS_SERVER="ignore", to skip CUPS server handling.
DEBUG_LOG=0|1
Write warnings and error messages to /run/ltsp/debug.log. Defaults to 0.
DEBUG_SHELL=0|1
Launch a debug shell when errors are detected. Defaults to 0.
DEFAULT_IMAGE="x86_64"
KERNEL_PARAMETERS="nomodeset noapic"
MENU_TIMEOUT="5000"
These parameters can be defined under [mac:address] sections in ltsp.conf, and they
are used by ltsp ipxe to generate the iPXE menu. They control the default menu
item, the additional kernel parameters and the menu timeout for each client. They
can also be defined globally under [server].
DISABLE_SESSION_SERVICES="evolution-addressbook-factory obex"
DISABLE_SYSTEM_SERVICES="anydesk teamviewerd"
KEEP_SESSION_SERVICES="at-spi-dbus-bus"
KEEP_SYSTEM_SERVICES="apparmor ssh"
MASK_SESSION_SERVICES="gnome-software-service update-notifier"
MASK_SYSTEM_SERVICES="apt-daily apt-daily-upgrade rsyslog"
Space separated lists of services to disable, permit or mask on LTSP clients. They
mostly correspond to systemctl disable/mask [--user] invocations. Setting these
ltsp.conf parameters adds or omits items from the default lists that are defined in
/usr/share/ltsp/client/init/56-services.sh. Disabled services can be started on
demand by e.g. dbus or socket activation, while masked services need to be manually
unmasked first. Currently, MASK_SESSION_SERVICES also deletes the non-systemd user
services from /etc/xdg/autostart.
DNS_SERVER="8.8.8.8 208.67.222.222"
Specify the DNS servers for the clients.
FSTAB_x="server:/home /home nfs defaults,nolock 0 0"
All parameters that start with FSTAB_ are sorted and then their values are written
to /etc/fstab at the client init phase.
HOSTNAME="pc01"
Specify the client hostname. Defaults to "ltsp%{IP}". HOSTNAME may contain the
%{IP} pseudovariable, which is a sequence number calculated from the client IP and
the subnet mask, or the %{MAC} pseudovariable, which is the MAC address without the
colons.
HOSTS_x="192.168.67.10 nfs-server"
All parameters that start with HOSTS_ are sorted and then their values are written
to /etc/hosts at the client init phase.
IMAGE_TO_RAM=0|1
Specifying this option under the [clients] section copies the rootfs image to RAM
during boot. That makes clients less dependent on the server, but they must have
sufficient memory to fit the image.
INCLUDE="other-section"
Include another section in this section.
LOCAL_SWAP=0|1
Activate local swap partitions. Defaults to 1.
MULTISEAT=0|1
UDEV_SEAT_n_x="*/usb?/?-[2,4,6,8,10,12,14,16,18]/*"
MULTISEAT=1 tries to autodetect if an LTSP client has two graphics cards and to
automatically split them along with the USB ports into two seats. Optional lines
like UDEV_SEAT_1_SOUND="*/sound/card1*" can be used to finetune the udev rules that
will be generated and placed in a file named /etc/udev/rules.d/72-ltsp-seats.rules.
NAT=0|1
Only use this under the [server] section. Normally, ltsp service runs when the
server boots and detects if a server IP is 192.168.67.1, in which case it
automatically enables IP forwarding for the clients to be able to access the
Internet in dual NIC setups. But if there's a chance that the IP isn't set yet
(e.g. disconnected network cable), setting NAT=1 enforces that.
OMIT_FUNCTIONS="pam_main mask_services_main"
A space separated list of function names that should be omitted. The functions
specified here will not be executed when called. This option can be specified in
any [section].
PASSWORDS_x="teacher/cXdlcjEyMzQK [a-z][-0-9]*/MTIzNAo= guest[^:]*/"
A space separated list of regular expressions that match usernames, followed by
slash and base64-encoded passwords. At boot, ltsp init writes those passwords for
the matching users in /etc/shadow, so that then pamltsp can pass them to SSH/SSHFS.
The end result is that those users are able to login either in the console or the
display manager by just pressing [Enter] at the password prompt.
Passwords are base64-encoded to prevent over-the-shoulder spying and to avoid the
need for escaping special characters. To encode a password in base64, run base64,
type a single password, and then Ctrl+D.
In the example above, the teacher account will automatically use "qwer1234" as the
password, the a1-01, b1-02 etc students will use "1234", and the guest01 etc
accounts will be able to use an empty password without even authenticating against
the server; in this case, SSHFS can't be used, /home should be local or NFS.
POST_APPLET_x="ln -s /etc/ltsp/xorg.conf /etc/X11/xorg.conf"
All parameters that start with POST_ and then have an ltsp client applet name are
sorted and their values are executed after the main function of that applet. See
the ltsp(8) man page for the available applets. The usual place to run client
initialization commands that don't need to daemonize is POST_INIT_x.
PRE_APPLET_x="debug_shell"
All parameters that start with PRE_ and then have an ltsp client applet name are
sorted and their values are executed before the main function of that applet.
PWMERGE_SUR=, PWMERGE_SGR=, PWMERGE_DGR=, PWMERGE_DUR=
Normally, all the server users are listed on the client login screens and are
permitted to log in. To exclude some of them, define one or more of those regular
expressions. For more information, read /usr/share/ltsp/client/login/pwmerge. For
example, if you name your clients pc01, pc02 etc, and your users a01, a02, b01, b02
etc, then the following line only shows/allows a01 and b01 to login to pc01:
PWMERGE_SUR=".*%{HOSTNAME#pc}"
REMOTEAPPS="users-admin mate-about-me"
Register the specified applications as remoteapps, so that they're executed on the
LTSP server via ssh -X instead of on the clients. For more information, see ltsp-
remoteapps(8).
RPI_IMAGE="raspios"
Select this LTSP image to boot Raspberry Pis from. This symlinks all
$BASE_DIR/$RPI_IMAGE/boot/* files directly under $TFTP_DIR when ltsp kernel
$RPI_IMAGE is called. See the Raspberry Pi OS documentation page
⟨https://ltsp.org/docs/installation/raspios⟩ for more information.
SEARCH_DOMAIN="ioa.sch.gr"
A search domain to add to resolv.conf and to /etc/hosts. Usually provided by DHCP.
SERVER="192.168.67.1"
The LTSP server is usually autodetected; it can be manually specified if there's
need for it.
X_DRIVER="vesa"
X_HORIZSYNC="28.0-87.0"
X_MODELINE='"1024x768_85.00" 94.50 1024 1096 1200 1376 768 771 775 809 -hsync +vsync'
X_MODES='"1024x768" "800x600" "640x480"'
X_PREFERREDMODE="1024x768"
X_VERTREFRESH="43.0-87.0"
X_VIRTUAL="800 600"
If any of these parameters are set, the /usr/share/ltsp/client/init/xorg.conf
template is installed to /etc/X11/xorg.conf, while applying the parameters. Read
that template and consult xorg.conf(5) for more information. The most widely
supported method to set a default resolution is X_MODES. If more parameters are
required, create a custom xorg.conf as described in the EXAMPLES section.
EXAMPLES
To specify a hostname and a user to autologin in a client:
[3c:07:71:a2:02:e3]
HOSTNAME=pc01
AUTOLOGIN=user01
PASSWORDS_PC01="user01/cGFzczAxCg=="
The password above is "pass01" in base64 encoding. To calculate it, the base64 command was
run in a terminal:
base64
pass01
<press Ctrl+D at this point>
cGFzczAxCg==
If some clients need a custom xorg.conf file, create it in e.g. /etc/ltsp/xorg-
nvidia.conf, and put the following in ltsp.conf to dynamically symlink it for those
clients at boot:
[pc01]
INCLUDE=nvidia
[nvidia]
POST_INIT_LN_XORG="ln -sf ../ltsp/xorg-nvidia.conf /etc/X11/xorg.conf"
Since ltsp.conf is transformed into a shell script and sections into functions, it's
possible to directly include code or to call sections at POST_APPLET_x hooks.
[clients]
# Allow local root logins by setting a password hash for the root user.
# The hash contains $, making it hard to escape in POST_INIT_x="sed ...".
# So put sed in a section and call it at POST_INIT like this:
POST_INIT_SET_ROOT_HASH="section_set_root_hash"
# This is the hash of "qwer1234"; cat /etc/shadow to see your hash.
[set_root_hash]
sed 's|^root:[^:]*:|root:$6$VRfFL349App5$BfxBbLE.tYInJfeqyGTv2lbk6KOza3L2AMpQz7bMuCdb3ZsJacl9Nra7F/Zm7WZJbnK5kvK74Ik9WO2qGietM0:|' -i /etc/shadow
COPYRIGHT
Copyright 2019-2022 the LTSP team, see AUTHORS.
SEE ALSO
ltsp(8), ltsp-dnsmasq(8), ltsp-image(8), ltsp-info(8), ltsp-initrd(8), ltsp-ipxe(8), ltsp-
kernel(8), ltsp-nfs(8), ltsp-remoteapps(8)
Online documentation is available on https://ltsp.org