sesman.ini(5)

1sesman.ini(5)                                                    sesman.ini(5)
2
3
4

NAME

6       sesman.ini - Configuration file for xrdp-sesman(8)
7
8

DESCRIPTION

10       sesman.ini  consists  of several sections. Each section starts with the
11       section name in square brackets, followed by a list of  parameter=value
12       lines. Following sections are recognized:
13
14
15       [Globals]
16              Global configuration
17
18
19       [Logging]
20              Logging subsystem
21
22
23       [Sessions]
24              Session management
25
26
27       [Security]
28              Access control
29
30
31       [X11rdp], [Xvnc], [Xorg]
32              X11 server settings for supported servers
33
34
35       [Chansrv]
36              Settings for xrdp-chansrv(8)
37
38
39       [ChansrvLogging]
40              Logging settings for xrdp-chansrv(8)
41
42
43       [SessionVariables]
44              Environment variables for the session
45
46
47       All  parameters  and  values (except for file names and paths) are case
48       insensitive, and are described in detail below.  If  any  parameter  is
49       specified  more  than once, the last entry will be used. Options speci‐
50       fied outside their proper section will be ignored.
51
52

GLOBALS

54       Following parameters can be used in the [Globals] section.
55
56
57       ListenAddress=ip address
58              xrdp-sesman listening address. If  not  specified,  defaults  to
59              0.0.0.0 (all interfaces).
60
61
62       ListenPort=port number
63              xrdp-sesman listening port. If not specified, defaults to 3350.
64
65
66       EnableUserWindowManager=[true|false]
67              If  set  to  1,  true  or yes, this option enables user specific
68              startup script. That is, xrdp-sesman  will  execute  the  script
69              specified by UserWindowManager if it exists.
70
71
72       UserWindowManager=filename
73              Path  of  the  startup script relative to the user's home direc‐
74              tory. If present and enabled  by  EnableUserWindowManager,  that
75              script is executed instead of DefaultWindowManager.
76
77
78       DefaultWindowManager=filename
79              Full path or relative path of the default startup script used by
80              xrdp-sesman to start a session.  If the path is not a full path,
81              it will be resolved as relative path to /etc/xrdp. If not speci‐
82              fied, defaults to /etc/xrdp/startwm.sh.
83
84
85       ReconnectScript=filename
86              Full path or relative path if the  script  which  executed  when
87              users  reconnects  to the existing session. If the path is not a
88              full path, it will be resolved as relative path to /etc/xrdp. If
89              not specified, defaults to /etc/xrdp/reconnectwm.sh.
90
91

LOGGING

93       Following  parameters can be used in the [Logging] and [ChansrvLogging]
94       sections.
95
96
97       LogFile=filename
98              Log file path. It can be either absolute  or  relative.  If  not
99              specified,  defaults to ./sesman.log It is ignored in the [Chan‐
100              srvLogging] section since the channel  server  creates  one  log
101              file  per display and instead uses the following log file naming
102              convention xrdp-chansrv.${DISPLAY}.log
103
104
105       LogLevel=level
106              This option can have one of the following values:
107
108              CORE or 0 - Log only core messages. Those  messages  are  logged
109              regardless of the selected logging level.
110
111              ERROR or 1 - Log only error messages.
112
113              WARNING, WARN or 2 - Logs warnings and error messages.
114
115              INFO or 3 - Log errors, warnings and informational messages.
116
117              DEBUG or 4 - Log everything. If xrdp-sesman is compiled in debug
118              mode, this options will output many more low-level messages.
119
120
121       EnableSyslog=[true|false]
122              If set to 1, true or yes, this option enables logging to syslog.
123
124
125       SyslogLevel=level
126              Logging level for  syslog.  It  can  have  the  same  values  as
127              LogLevel.  Defaults to DEBUG.
128
129
130       EnableConsole=[true|false]
131              If  set  to  1,  true or yes, this option enables logging to the
132              console (ie. stdout).
133
134
135       ConsoleLevel=level
136              Logging level for the console. It can have the  same  values  as
137              LogLevel.  Defaults to DEBUG.
138
139
140       EnableProcessId=[true|false]
141              If  set  to  1,  true  or  yes,  this option enables logging the
142              process id in all log messages. Defaults to false.
143
144

SESSIONS

146       Following parameters can be used in the [Sessions] section.
147
148
149       X11DisplayOffset=number
150              The first X display number available for xrdp-sesman. This  pre‐
151              vents xrdp-sesman from interfering with real X11 servers. If not
152              specified, defaults to 10.
153
154
155       MaxSessions=number
156              Sets the maximum number of simultaneous sessions. If not set  or
157              set to 0, unlimited session are allowed.
158
159
160       KillDisconnected=[true|false]
161              If  set  to  1, true or yes, every session will be killed within
162              DisconnectedTimeLimit seconds after the user disconnects.   This
163              setting currently only works with xorgxrdp sessions.
164
165
166       DisconnectedTimeLimit=number
167              Sets the time limit for KillDisconnected to a value greater than
168              60.  Values less than 60 are to be  overridden  with  60.   This
169              setting currently only works with xorgxrdp sessions.
170
171
172       IdleTimeLimit=number
173              Sets  the time limit (in seconds) before an idle session is dis‐
174              connected.   Idle  means  no  keyboard  inputs  and   no   mouse
175              moves/clicks  here.   If  set  to 0, idle sessions will never be
176              disconnected by timeout.  This works  only  with  xorgxrdp  ses‐
177              sions. Moreover, xorgxrdp must be v0.2.9 or later.
178
179
180       Policy=[Default|UBD|UBI|UBC|UBDI|UBDC]
181              Session allocation policy. Used to decide when to allocate a new
182              session. Set to one of the following values:
183
184              Default - session per <User,BitPerPixel>
185              UBD - session per <User,BitPerPixel,DisplaySize>
186              UBI - session per <User,BitPerPixel,IPAddr>
187              UBC - session per <User,BitPerPixel,Connection>
188              UBDI - session per <User,BitPerPixel,DisplaySize,IPAddr>
189              UBDC - session per <User,BitPerPixel,DisplaySize,Connection>
190
191              Note that the User and BitPerPixel  criteria  cannot  be  turned
192              off. DisplaySize refers to the initial geometry of a connection,
193              as actual display sizes can change dynamically.
194
195

SECURITY

197       Following parameters can be used in the [Security] section.
198
199
200       AllowRootLogin=[true|false]
201              If set to 1, true or yes, enables root  login  on  the  terminal
202              server.
203
204
205       MaxLoginRetry=number
206              The  number  of  login  attempts  that  are  allowed on terminal
207              server. If set to 0, unlimited  attempts  are  allowed.  If  not
208              specified, defaults to 3.
209
210
211       TerminalServerUsers=group
212              Only  the  users belonging to the specified group are allowed to
213              login on terminal server. If unset  or  set  to  an  invalid  or
214              non-existent group, login for all users is enabled.
215
216
217       TerminalServerAdmins=group
218              This option is currently ignored! Only members of this group can
219              have session management rights.
220
221
222       RestrictOutboundClipboard=[true|false]
223              If set to 1, true or yes, will restrict the  clipboard  outbound
224              from  the server, to prevent data copied inside the xrdp session
225              to be be pasted in the client host. Default value is false.
226
227
228       AlwaysGroupCheck=[true|false]
229              If set to 1, true or yes, require group membership even  if  the
230              group specified in TerminalServerUsers doesn't exist.
231
232

X11 SERVER

234       Following  parameters  can  be  used in the [X11rdp], [Xvnc] and [Xorg]
235       sections.
236
237
238       param=string
239              Multiple param lines are supported. This  first  line  specifies
240              the  path  to the X11 server executable. Following lines specify
241              command line arguments passed to the X11 server.
242
243

CHANSRV

245       Following parameters can be used in the [Chansrv] section.
246
247
248       FuseMountName=string
249              Directory for drive redirection.  Created if it  doesn't  exist.
250              If  not  specified, defaults to xrdp_client.  If first character
251              is not a '/', this is relative to $HOME.
252
253              If first character is a '/' this is an absolute path.  The  fol‐
254              lowing substitutions are made in this string:-
255                  %U - Username
256                  %u - Numeric UID
257                  %% - Percent character
258
259              If this format is used:-
260
261              1)  The  directory path permissions MUST be configured correctly
262                 by the system administrator or the system itself - xrdp-chan‐
263                 srv  will  not  do  this for you (although it will create the
264                 final directories owned by the user).
265
266              2) The desktop may not automatically  display  a  link  for  the
267                 redirected drive. To fix this, consult the docs for your cho‐
268                 sen desktop.
269
270
271       FileUmask=mode
272              Additional umask to apply to files in the  FuseMountName  direc‐
273              tory.  The default value of 077 prevents other users on the sys‐
274              tem from reading files on your redirected drives. This  may  not
275              be  approprate  for  all environents, and so you can change this
276              value to allow other  users  to  access  your  remote  files  if
277              required.
278
279
280       EnableFuseMount=[true|false]
281              Defaults to true.  Set to false to disable xrdp-chansrv's use of
282              the FUSE system feature, even if it has  been  built  with  this
283              feature enabled.
284
285              Setting  this value to false will disable the following applica‐
286              tion features:-
287
288              -  drive redirection
289
290              -  copying-and-pasting of files
291
292

SESSIONS VARIABLES

294       All entries in the [SessionVariables] section are  set  as  environment
295       variables in the user's session.
296
297

FILES

299       /etc/xrdp/sesman.ini
300
301