Provided by: xrdp_0.9.19-1_amd64 
NAME
sesman.ini - Configuration file for xrdp-sesman(8)
DESCRIPTION
sesman.ini consists of several sections. Each section starts with the section name in
square brackets, followed by a list of parameter=value lines. Following sections are
recognized:
[Globals]
Global configuration
[Logging]
Logging subsystem
[Sessions]
Session management
[Security]
Access control
[X11rdp], [Xvnc], [Xorg]
X11 server settings for supported servers
[Chansrv]
Settings for xrdp-chansrv(8)
[ChansrvLogging]
Logging settings for xrdp-chansrv(8)
[SessionVariables]
Environment variables for the session
All parameters and values (except for file names and paths) are case insensitive, and are
described in detail below. If any parameter is specified more than once, the last entry
will be used. Options specified outside their proper section will be ignored.
GLOBALS
Following parameters can be used in the [Globals] section.
ListenAddress=ip address
xrdp-sesman listening address. If not specified, defaults to 0.0.0.0 (all
interfaces).
ListenPort=port number
xrdp-sesman listening port. If not specified, defaults to 3350.
EnableUserWindowManager=[true|false]
If set to 1, true or yes, this option enables user specific startup script. That
is, xrdp-sesman will execute the script specified by UserWindowManager if it
exists.
UserWindowManager=filename
Path of the startup script relative to the user's home directory. If present and
enabled by EnableUserWindowManager, that script is executed instead of
DefaultWindowManager.
DefaultWindowManager=filename
Full path or relative path of the default startup script used by xrdp-sesman to
start a session. If the path is not a full path, it will be resolved as relative
path to /etc/xrdp. If not specified, defaults to /etc/xrdp/startwm.sh.
ReconnectScript=filename
Full path or relative path if the script which executed when users reconnects to
the existing session. If the path is not a full path, it will be resolved as
relative path to /etc/xrdp. If not specified, defaults to /etc/xrdp/reconnectwm.sh.
LOGGING
Following parameters can be used in the [Logging] and [ChansrvLogging] sections.
LogFile=filename
Log file path. It can be either absolute or relative. If not specified, defaults to
./sesman.log It is ignored in the [ChansrvLogging] section since the channel server
creates one log file per display and instead uses the following log file naming
convention xrdp-chansrv.${DISPLAY}.log
LogLevel=level
This option can have one of the following values:
CORE or 0 - Log only core messages. Those messages are logged regardless of the
selected logging level.
ERROR or 1 - Log only error messages.
WARNING, WARN or 2 - Logs warnings and error messages.
INFO or 3 - Log errors, warnings and informational messages.
DEBUG or 4 - Log everything. If xrdp-sesman is compiled in debug mode, this options
will output many more low-level messages.
EnableSyslog=[true|false]
If set to 1, true or yes, this option enables logging to syslog.
SyslogLevel=level
Logging level for syslog. It can have the same values as LogLevel. Defaults to
DEBUG.
EnableConsole=[true|false]
If set to 1, true or yes, this option enables logging to the console (ie. stdout).
ConsoleLevel=level
Logging level for the console. It can have the same values as LogLevel. Defaults
to DEBUG.
EnableProcessId=[true|false]
If set to 1, true or yes, this option enables logging the process id in all log
messages. Defaults to false.
SESSIONS
Following parameters can be used in the [Sessions] section.
X11DisplayOffset=number
The first X display number available for xrdp-sesman. This prevents xrdp-sesman
from interfering with real X11 servers. If not specified, defaults to 10.
MaxSessions=number
Sets the maximum number of simultaneous sessions. If not set or set to 0, unlimited
session are allowed.
KillDisconnected=[true|false]
If set to 1, true or yes, every session will be killed within DisconnectedTimeLimit
seconds after the user disconnects. This setting currently only works with
xorgxrdp sessions.
DisconnectedTimeLimit=number
Sets the time limit for KillDisconnected to a value greater than 60. Values less
than 60 are to be overridden with 60. This setting currently only works with
xorgxrdp sessions.
IdleTimeLimit=number
Sets the time limit (in seconds) before an idle session is disconnected. Idle
means no keyboard inputs and no mouse moves/clicks here. If set to 0, idle
sessions will never be disconnected by timeout. This works only with xorgxrdp
sessions. Moreover, xorgxrdp must be v0.2.9 or later.
Policy=[Default|UBD|UBI|UBC|UBDI|UBDC]
Session allocation policy. Used to decide when to allocate a new session. Set to
one of the following values:
Default - session per <User,BitPerPixel>
UBD - session per <User,BitPerPixel,DisplaySize>
UBI - session per <User,BitPerPixel,IPAddr>
UBC - session per <User,BitPerPixel,Connection>
UBDI - session per <User,BitPerPixel,DisplaySize,IPAddr>
UBDC - session per <User,BitPerPixel,DisplaySize,Connection>
Note that the User and BitPerPixel criteria cannot be turned off. DisplaySize
refers to the initial geometry of a connection, as actual display sizes can change
dynamically.
SECURITY
Following parameters can be used in the [Security] section.
AllowRootLogin=[true|false]
If set to 1, true or yes, enables root login on the terminal server.
MaxLoginRetry=number
The number of login attempts that are allowed on terminal server. If set to 0,
unlimited attempts are allowed. If not specified, defaults to 3.
TerminalServerUsers=group
Only the users belonging to the specified group are allowed to login on terminal
server. If unset or set to an invalid or non-existent group, login for all users is
enabled.
TerminalServerAdmins=group
This option is currently ignored! Only members of this group can have session
management rights.
RestrictOutboundClipboard=[all|none|text|file|image]
If set to all, will restrict the clipboard outbound from the server, to prevent
data copied inside the xrdp session to be pasted in the client. Default value is
none. In addition, you can control text/file/image transfer restrictions
respectively. It also accepts comma separated list such as text,file,image.
none - No restriction about copying inbound clipboard data.
all - Restrict to copy inbound clipboard data.
text - Restrict to copy only inbound text clipboard data.
file - Restrict to copy only inbound file clipboard data.
image - Restrict to copy only inbound image clipboard data.
To keep compatibility, the following aliases are also available.
true - an alias of all.
false - an alias of none.
yes - an alias of all.
RestrictInboundClipboard=[none|all|text|file|image]
If set to all, will restrict the clipboard inbound from the client, to prevent data
copied inside the client to be pasted in the xrdp session. Default value is none.
In addition, you can control text/file/image transfer restrictions respectively. It
also accepts comma separated list such as text,file,image.
none - No restriction about copying inbound clipboard data.
all - Restrict to copy inbound clipboard data.
text - Restrict to copy only inbound text clipboard data.
file - Restrict to copy only inbound file clipboard data.
image - Restrict to copy only inbound image clipboard data.
To keep compatibility, the following aliases are also available.
true - an alias of all.
false - an alias of none.
yes - an alias of all.
AlwaysGroupCheck=[true|false]
If set to 1, true or yes, require group membership even if the group specified in
TerminalServerUsers doesn't exist.
X11 SERVER
Following parameters can be used in the [X11rdp], [Xvnc] and [Xorg] sections.
param=string
Multiple param lines are supported. This first line specifies the path to the X11
server executable. Following lines specify command line arguments passed to the X11
server.
CHANSRV
Following parameters can be used in the [Chansrv] section.
FuseMountName=string
Directory for drive redirection. Created if it doesn't exist. If not specified,
defaults to xrdp_client. If first character is not a '/', this is relative to
$HOME.
If first character is a '/' this is an absolute path. The following substitutions
are made in this string:-
%U - Username
%u - Numeric UID
%% - Percent character
If this format is used:-
1) The directory path permissions MUST be configured correctly by the system
administrator or the system itself - xrdp-chansrv will not do this for you
(although it will create the final directories owned by the user).
2) The desktop may not automatically display a link for the redirected drive. To
fix this, consult the docs for your chosen desktop.
FileUmask=mode
Additional umask to apply to files in the FuseMountName directory. The default
value of 077 prevents other users on the system from reading files on your
redirected drives. This may not be approprate for all environents, and so you can
change this value to allow other users to access your remote files if required.
EnableFuseMount=[true|false]
Defaults to true. Set to false to disable xrdp-chansrv's use of the FUSE system
feature, even if it has been built with this feature enabled.
Setting this value to false will disable the following application features:-
- drive redirection
- copying-and-pasting of files
UseNautilus3FlistFormat=[false|true]
Defaults to false. Set to true to make file copy-paste compatible with Nautilus
from GNOME 3 versions later than 3.29.92. Do not use this for any other reason.
This setting will be removed in a later version of xrdp, when GNOME 3 is no longer
supported.
SESSIONS VARIABLES
All entries in the [SessionVariables] section are set as environment variables in the
user's session.
FILES
/etc/xrdp/sesman.ini
SEE ALSO
xrdp-sesman(8), xrdp-sesrun(8), xrdp(8), xrdp.ini(5)
For more info on xrdp see ⟨http://www.xrdp.org/⟩