cf2b629462
In RHEL and its clones, /usr/bin/Xorg is set suid-root. To execute Xorg with user privileges, /etc/pam.d/xserver needs be edited [1], or suid bit of Xorg binary needs to be dropped. In order to keep Xorg and /etc/pam.d/xserver untouched, preparing non-suid version of Xorg as /usr/bin/Xorg.non-suid for example is the simplest solution. However, Xorg.non-suid cannot be executed since it is hardcoded to execute Xorg in sesman. This change makes more flexible to execute Xorg with non-standard name or not in PATH environment variable. [1] https://www.centos.org/forums/viewtopic.php?t=21185
100 lines
2.1 KiB
INI
100 lines
2.1 KiB
INI
[Globals]
|
|
ListenAddress=127.0.0.1
|
|
ListenPort=3350
|
|
EnableUserWindowManager=1
|
|
UserWindowManager=startwm.sh
|
|
DefaultWindowManager=startwm.sh
|
|
|
|
[Security]
|
|
AllowRootLogin=1
|
|
MaxLoginRetry=4
|
|
TerminalServerUsers=tsusers
|
|
TerminalServerAdmins=tsadmins
|
|
# When AlwaysGroupCheck = false access will be permitted
|
|
# if the group TerminalServerUsers is not defined.
|
|
AlwaysGroupCheck = false
|
|
|
|
[Sessions]
|
|
|
|
## X11DisplayOffset - x11 display number offset
|
|
# Type: integer
|
|
# Default: 10
|
|
X11DisplayOffset=10
|
|
|
|
## MaxSessions - maximum number of connections to an xrdp server
|
|
# Type: integer
|
|
# Default: 0
|
|
MaxSessions=50
|
|
|
|
## KillDisconnected - kill disconnected sessions
|
|
# Type: integer
|
|
# Default: 0
|
|
# if 1, true, or yes, kill session after 60 seconds
|
|
KillDisconnected=0
|
|
|
|
## IdleTimeLimit - when to disconnect idle sessions
|
|
# Type: integer
|
|
# Default: 0
|
|
# if not zero, the seconds without mouse or keyboard input before disconnect
|
|
# not complete yet
|
|
IdleTimeLimit=0
|
|
|
|
## DisconnectedTimeLimit - when to kill idle sessions
|
|
# Type: integer
|
|
# Default: 0
|
|
# if not zero, the seconds before a disconnected session is killed
|
|
# min 60 seconds
|
|
DisconnectedTimeLimit=0
|
|
|
|
## Policy - session allocation policy
|
|
# Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ]
|
|
# Default: Xrdp:<User,BitPerPixel> and Xvnc:<User,BitPerPixel,DisplaySize>
|
|
# "UBD" session per <User,BitPerPixel,DisplaySize>
|
|
# "UBI" session per <User,BitPerPixel,IPAddr>
|
|
# "UBC" session per <User,BitPerPixel,Connection>
|
|
# "UBDI" session per <User,BitPerPixel,DisplaySize,IPAddr>
|
|
# "UBDC" session per <User,BitPerPixel,DisplaySize,Connection>
|
|
Policy=Default
|
|
|
|
[Logging]
|
|
LogFile=xrdp-sesman.log
|
|
LogLevel=DEBUG
|
|
EnableSyslog=1
|
|
SyslogLevel=DEBUG
|
|
|
|
[X11rdp]
|
|
param0=X11rdp
|
|
param1=-bs
|
|
param2=-ac
|
|
param3=-nolisten
|
|
param4=tcp
|
|
param5=-uds
|
|
|
|
[Xvnc]
|
|
param0=Xvnc
|
|
param1=-bs
|
|
param2=-ac
|
|
param3=-nolisten
|
|
param4=tcp
|
|
param5=-localhost
|
|
param6=-dpi
|
|
param7=96
|
|
|
|
[Xorg]
|
|
param0=Xorg
|
|
param1=-config
|
|
param2=xrdp/xorg.conf
|
|
param3=-logfile
|
|
param4=/dev/null
|
|
param5=-noreset
|
|
param6=-ac
|
|
param7=-nolisten
|
|
param8=tcp
|
|
|
|
[Chansrv]
|
|
# drive redirection, defaults to xrdp_client if not set
|
|
FuseMountName=thinclient_drives
|
|
|
|
[SessionVariables]
|
|
PULSE_SCRIPT=/etc/xrdp/pulse/default.pa
|