1nxagent(1)                    NX Agent (Xserver)                    nxagent(1)
2
3
4

NAME

6       nxagent - nested Xserver optimized for remote computing
7

SYNOPSIS

9       nxagent [options]
10

DESCRIPTION

12       nxagent is an X server for remote application/desktop access similar to
13       Xnest or Xephyr.
14
15       nxagent implements a very efficient compression of  the  X11  protocol,
16       called the NX protocol.
17
18       The  NX  protocol  increases performance when using X applications over
19       high latency and low bandwidth networks, while providing a local  (LAN-
20       like)  usage experience even if connecting from off-site locations (via
21       cable modem or GSM).
22
23       nxagent can be used standalone as a nested X server (with  NX  protocol
24       disabled),  but  its real benefits are gained when using it over remote
25       connections via the nxcomp compression library. The counterpart  appli‐
26       cation on the other end (i.e. the client) is called nxproxy.
27
28       When  used  in  proxy <-> agent mode, nxagent adds the feature of being
29       suspendible. Sessions can be started from  one  client,  suspended  and
30       then resumed from another (or the same) client.
31
32       nxagent  and nxproxy are utilized by various remote application/desktop
33       frameworks for providing server-side GUI application access from remote
34       client systems.
35
36       Currently,  nxagent  is  co-maintained  by three of these projects: The
37       Arctica Project, TheQVD and X2Go.
38

STARTING THE SERVER

40       nxagent should be run in user space.  Other  than  the  system's  local
41       X.org server, nxagent does not require to be run as root.  When bundled
42       with a remote application framework, you normally don't have to  launch
43       nxagent  manually. nxagent startup is usually managed by the underlying
44       framework (e.g. Arctica Session Manager, X2Go Server, etc.).
45
46       When nxagent starts up (e.g. by typing 'nxagent -ac :1' in  a  terminal
47       window),  it  typically  launches  in  "windowed desktop" mode. On your
48       local X server a new window appears being an X server itself.
49
50       However, nxagent also supports rootless (or seamless) application  mode
51       and a shadow session mode (similar to what VNC does).
52
53       Example: You can launch a complete desktop session inside this nested X
54       server now:
55
56       The Debian way...
57
58           $ export DISPLAY=:1
59           $ STARTUP=mate-session /etc/X11/Xsession
60
61       The Fedora / Gentoo / openSUSE way...
62
63           ### FIXME / TODO ###
64
65       However, nxagent also supports rootless (or seamless) application  mode
66       and a shadow session mode (similar to what VNC does).
67
68

OPTIONS

70       nxagent accepts a range of default X server options as described below.
71       Those default options have to be provided via the command line.
72
73       Furthermore, nxagent accepts some nx-X11  specific  options,  described
74       further below.
75
76       Last but not least, nxagent accepts several more options, the so-called
77       nx/nx options, provided via the $DISPLAY environment  variable  or  the
78       -options command line option. See below for further details.
79
80

STANDARD XSERVER OPTIONS

82       :displaynumber
83               The  X server runs as the given displaynumber, which by default
84               is 0.  If multiple X servers are to  run  simultaneously  on  a
85               host,  each must have a unique display number.  See the DISPLAY
86               NAMES section of the X(__miscmansuffix__) manual page to  learn
87               how to specify which display number clients should try to use.
88
89       -a number
90               sets  pointer  acceleration  (i.e.  the  ratio  of  how much is
91               reported to how much the user actually moved the pointer).
92
93       -ac     disables host-based access control mechanisms.  Enables  access
94               by  any host, and permits any host to modify the access control
95               list.  Use with extreme caution.  This option exists  primarily
96               for running test suites remotely.
97
98       -audit level
99               sets  the  audit  trail level.  The default level is 1, meaning
100               only connection rejections are reported.  Level 2  additionally
101               reports  all  successful  connections and disconnects.  Level 4
102               enables messages  from  the  SECURITY  extension,  if  present,
103               including  generation and revocation of authorizations and vio‐
104               lations of the security policy.  Level 0 turns  off  the  audit
105               trail.  Audit lines are sent as standard error output.
106
107       -auth authorization-file
108               specifies  a  file which contains a collection of authorization
109               records used to authenticate access.  See also the  xdm(1)  and
110               Xsecurity(__miscmansuffix__) manual pages.
111
112       -bs     disables backing store support on all screens.
113
114       -br     sets the default root window to solid black (default).
115
116       -wr     sets the default root window to solid white.
117
118       -c      turns off key-click.
119
120       c volume
121               sets key-click volume (allowable range: 0-100).
122
123       -cc class
124               sets  the  visual  class  for the root window of color screens.
125               The class numbers are as specified  in  the  X  protocol.   Not
126               obeyed by all servers.
127
128       -co filename
129               This  used  to be the option for specifying the path to the RGB
130               color database file. As the RGB color database is now  embedded
131               into  the binary this option has no effect but is kept for com‐
132               patibility. Deprecated.
133
134       -core   causes the server to generate a core dump on fatal errors.
135
136       -displayfd fd
137               specifies a file descriptor in the launching  process.   Rather
138               than  specifying a display number, the X server will attempt to
139               listen on successively higher display numbers, and upon finding
140               a  free  one,  will  write  the  port  number back on this file
141               descriptor as a newline-terminated string.  The -pn  option  is
142               ignored when using -displayfd.
143
144               nxagent specific:
145
146               (1)  Other  than  in X.org's Xserver, you can use -displayfd in
147               conjunction with an explicit display number.  If  the  explicit
148               display number is not available (i.e., already in use), nxagent
149               tries to figure out the next available display number,
150
151               e.g.:
152
153                  nxagent -displayfd 2 :50
154
155               (2) If -displayfd <X> is given with <X>  equaling  2  (STDERR),
156               then  the display number string written to STDERR is beautified
157               with some human-readable (machine-parseable) text.
158
159       -sync   This option tells nxagent to synchronize its window and  graph‐
160               ics  operations  with the real server.  This is a useful option
161               for debugging, but it will slow down nxagent's performance con‐
162               siderably.  It should not be used unless absolutely necessary.
163
164       -full   This  option tells nxagent to utilize full regeneration of real
165               server objects and reopen a new connection to the  real  server
166               each  time  nxagent regenerates.  The sample server implementa‐
167               tion regenerates all objects in the server when the last client
168               of  this  server  terminates.   When  this  happens, nxagent by
169               default maintains the same top-level window and the  same  real
170               server  connection in each new generation.  If the user selects
171               full regeneration, even the top-level window and the connection
172               to  the real server will be regenerated for each server genera‐
173               tion.
174
175       -class string
176               This option specifies the default visual class  of  the  nested
177               server.   It is similar to the -cc option from the set of stan‐
178               dard options except that it will accept a string rather than  a
179               number  for the visual class specification.  The string must be
180               one of the following six values: StaticGray, GrayScale, Static‐
181               Color,  PseudoColor,  TrueColor,  or  DirectColor.  If both the
182               -class and -cc options are  specified,  the  last  instance  of
183               either  option takes precedence.  The class of the default vis‐
184               ual of the nested server need not be the same as the  class  of
185               the default visual of the real server, but it must be supported
186               by the real server.  Use xdpyinfo(__appmansuffix__) to obtain a
187               list  of  supported  visual  classes  on the real server before
188               starting nxagent.  If the user chooses a static class, all  the
189               colors  in  the default color map will be preallocated.  If the
190               user chooses a dynamic class, colors in the default  color  map
191               will be available to individual clients for allocation.
192
193       -deferglyphs whichfonts
194               specifies  the  types  of  fonts  for  which  the server should
195               attempt to use deferred glyph loading.  whichfonts can  be  all
196               (all fonts), none (no fonts), or 16 (16 bit fonts only).
197
198       -depth int
199               This  option  specifies  the default visual depth of the nested
200               server.  The depth of the default visual of the  nested  server
201               need  not be the same as the depth of the default visual of the
202               real server, but it must be supported by the real server.   Use
203               xdpyinfo(__appmansuffix__) to obtain a list of supported visual
204               depths on the real server before starting nxagent.
205
206       -geometry WxH+X+Y
207               This option specifies the geometry parameters for the top-level
208               nxagent  window.  See “GEOMETRY SPECIFICATIONS” in X(__miscman‐
209               suffix__) for a discusson of this option's syntax.  This window
210               corresponds to the root window of the nested server.  The width
211               W and height H specified with this option will be  the  maximum
212               width  and  height  of  each top-level nxagent window.  nxagent
213               will allow the user to make any top-level window  smaller,  but
214               it  will not actually change the size of the nested server root
215               window.  If this option is not specified, nxagent will choose W
216               and  H  to  be  3/4ths the dimensions of the root window of the
217               real server. For further values accepted see the  documentation
218               of geometry=<string> below.
219
220       -dpi resolution
221               sets  the resolution for all screens, in dots per inch. If this
222               option is not specified nxagent will assume  96.  There's  also
223               -autodpi  which will clone the real server's dpi. Note that the
224               resolution specified via -dpi is a per session setting. It can‐
225               not  be  changed on reconnect! This means that clients may look
226               "wrong" when reconnecting a session that had been started  with
227               a different dpi than the current real xserver.
228
229       dpms    enables  DPMS  (display  power management services), where sup‐
230               ported.  The default state is platform and  configuration  spe‐
231               cific.
232
233       -dpms   disables DPMS (display power management services).  The default
234               state is platform and configuration specific.
235
236       -f volume
237               sets feep (bell) volume (allowable range: 0-100).
238
239       -fc cursorFont
240               sets default cursor font.
241
242       -fn font
243               sets the default font.
244
245       -fp fontPath
246               sets the search path for fonts.  This path is a comma separated
247               list  of directories which the X server searches for font data‐
248               bases.  See the FONTS section of  this  manual  page  for  more
249               information and the default list.
250
251       -help   prints a usage message.
252
253       -I      causes all remaining command line arguments to be ignored.
254
255       -maxbigreqsize size
256               sets the maximum big request to size MB.
257
258       -name string
259               This  option specifies the name of the top-level nxagent window
260               as string.  The default value is the program name.
261
262       -nolisten trans-type
263               disables a transport type.  For example, TCP/IP connections can
264               be disabled with -nolisten tcp.  This option may be issued mul‐
265               tiple times to disable listening to different transport types.
266
267       -noreset
268               prevents a server reset when  the  last  client  connection  is
269               closed.   This  overrides  a  previous  -terminate command line
270               option.
271
272       -p minutes
273               sets screen-saver pattern cycle time in minutes.
274
275       -pn     permits the server to continue running if it fails to establish
276               all  of its well-known sockets (connection points for clients),
277               but establishes at least one.  This option is set by default.
278
279       -nopn   causes the server to exit if it fails to establish all  of  its
280               well-known sockets (connection points for clients).
281
282       -r      turns off auto-repeat.
283
284       r       turns on auto-repeat.
285
286       -s minutes
287               sets screen-saver timeout time in minutes.
288
289       -su     disables save under support on all screens.
290
291       -t number
292               sets  pointer  acceleration threshold in pixels (i.e. after how
293               many pixels pointer acceleration should take effect).
294
295       -terminate
296               causes the server to terminate at server reset, instead of con‐
297               tinuing  to  run.   This  overrides a previous -noreset command
298               line option.
299
300       -to seconds
301               sets default connection timeout in seconds.
302
303       -tst    disables all testing extensions.
304
305       v       sets video-off screen-saver preference.
306
307       -v      sets video-on screen-saver preference.
308
309       -wm     forces the default backing-store of all  windows  to  be  When‐
310               Mapped.   This  is  a  backdoor way of getting backing-store to
311               apply to all windows.  Although all mapped  windows  will  have
312               backing  store,  the  backing store attribute value reported by
313               the server for a window will be the last value established by a
314               client.   If it has never been set by a client, the server will
315               report the default value, NotUseful.  This behavior is required
316               by  the  X  protocol,  which  allows  the  server to exceed the
317               client's backing store expectations but does not provide a  way
318               to tell the client that it is doing so.
319
320       [+-]xinerama
321               enables(+)  or  disables(-) XINERAMA provided via the PanoramiX
322               extension. This is set to off by default.
323
324       [+-]rrxinerama
325               enables(+) or  disables(-)  XINERAMA  provided  via  the  RandR
326               extension. By default, this feature is enabled. To disable XIN‐
327               ERAMA completely, make sure to use both options (-xinerama  and
328               -rrxinerama) on the command line.
329
330

SERVER DEPENDENT OPTIONS

332       nxagent additionally accepts the following non-standard options:
333
334       -logo   turns  on the X Window System logo display in the screen-saver.
335               There is currently no way to change this from a client.
336
337       nologo  turns off the X Window System logo display in the screen-saver.
338               There is currently no way to change this from a client.
339
340       -render
341
342               default|mono|gray|color
343
344               sets  the color allocation policy that will be used by the ren‐
345               der extension.
346
347               default selects the default  policy  defined  for  the  display
348                       depth of the X server.
349
350               mono    don't use any color cell.
351
352               gray    use  a  gray  map  of  13  color cells for the X render
353                       extension.
354
355               color   use a color cube of at most 4*4*4 colors  (that  is  64
356                       color cells).
357
358       -dumbSched
359               disables  smart  scheduling on platforms that support the smart
360               scheduler.
361
362       -schedInterval interval
363               sets the smart scheduler's scheduling interval to interval mil‐
364               liseconds.
365

NXAGENT SPECIFIC OPTIONS

367       The nx-X11 system adds the following command line arguments:
368
369       -forcenx
370               force  use  of  NX  protocol  messages  assuming  communication
371               through nxproxy
372
373       -autograb
374               enable autograb mode on nxagent startup. The  autograb  feature
375               can be toggled via nxagent keystrokes
376
377       -nxrealwindowprop
378               set property NX_REAL_WINDOW for each X11 client inside nxagent,
379               providing the window XID of the corresponding window object  on
380               the X server that nxagent runs on
381
382       -reportwids
383               explicitly  tell  nxagent  to report its externally exposed X11
384               window IDs to the session log (in machine  readable  form),  so
385               that external parsers can obtain that information from there
386
387       -reportprivatewids
388               explicitly  tell nxagent to report X11 window IDs of internally
389               created window objects to the session log (in machine  readable
390               form),  so  that  external  parsers can obtain that information
391               from there; this creates a lot of output and may affect perfor‐
392               mance
393
394       -timeout int
395               auto-disconnect  timeout  in  seconds  (minimum  allowed:  60).
396               Default is 0 (no timeout).
397
398       -norootlessexit
399               don't exit if there are no clients in rootless mode
400
401       -autodpi
402               detect real server's DPI and set it in the agent  session;  the
403               -dpi  cmdline  option  overrides  -autodpi.   Note  that  using
404               -autodpi will also adapt the DPI on reconnect which will  cause
405               newly started clients respecting the new DPI while clients that
406               had been started before the reconnect still use  the  old  DPI.
407               This may lead to applications looking "weird".
408
409       -nomagicpixel
410               disable  magic  pixel  support  at  session startup, can be re-
411               enabled via nx/nx option on session resumption
412
413       -norender
414               disable the use of the render extension
415
416       -nocomposite
417               disable the use of the composite extension
418
419       -nopersistent
420               disable disconnection/reconnection to the X display on  SIGHUP.
421               Non-persistent sessions will terminate on SIGHUP.
422
423       -noshmem
424               disable use of shared memory extension
425
426       -shmem  enable use of shared memory extension (default)
427
428       -noshpix
429               disable use of shared pixmaps
430
431       -shpix  enable use of shared pixmaps (default)
432
433       -noignore
434               don't  ignore  pointer  and keyboard configuration changes man‐
435               dated by clients. As a result, configuration commands like dis‐
436               abling  the keyboard bell (xset -b) will also affect the real X
437               server.
438
439       -nokbreset
440               don't reset keyboard device if the session is resumed
441
442       -noxkblock
443               this is only relevant if you also specify  -keyboard=query.  In
444               that  case  nxagent will lock the keyboard settings and clients
445               will get an error when trying to change keyboard  settings  via
446               XKEYBOARD.  With -noxkblock the lock is not applied and clients
447               are allowed to change the keyboard settings through XKEYBOARD.
448
449       -tile WxH
450               maximum size of the tile used when  sending  an  image  to  the
451               remote display (minimum allowed: 32x32). The default depends on
452               the link type: 64x64 for modem  and  isdn,  4096x4096  for  all
453               other link types)
454
455       -irlimit
456               maximum  image  data  rate  to  the  encoder input in kB/s. The
457               default is no limit.
458
459       -D      enable desktop mode (default)
460
461       -R      enable rootless mode
462
463       -S      enable shadow mode
464
465       -B      enable proxy binding mode
466
467       -keystrokefile
468               define path to a keyboard shortcut definitions file. Default is
469               ~/.nx/keystrokes.cfg   and   /etc/nxagent/keystroke.cfg  (first
470               existing file is taken). If nxagent is  run  as  x2goagent  the
471               defaults    are   ~/.x2go/keystrokes.cfg   and   /etc/x2go/key‐
472               strokes.cfg nxagent knows about that are not  defined  in  this
473               file  are ignored. (Only) if no file is found built-in defaults
474               are used. The keystroke file can  be  re-read  by  a  keystroke
475               (ctrl-alt-k by default).  See README.keystrokes and README.key‐
476               strokes.debug for all keystrokes nxagent knows. At startup  the
477               active keystrokes are printed to the session output.
478
479       -version
480               show version information and exit
481
482       -options filepath|string
483               path  to  an options file containing nx/nx options (see below).
484               Instead of a path the options can be specified diretly  on  the
485               commandline  by prefixing the options strings with nx/nx, which
486               is mostly useful for testing/debugging.
487
488       In addition to the command line options, nxagent can be  configured  at
489       session startup and at runtime (i.e. when resuming a suspended session)
490       by so-called nx/nx options. The options file is read on startup. It can
491       be  modified during runtime (but it must stay at the same path). On re-
492       connect the modified file is then read  and  the  changed  options  are
493       applied.
494
495       As nx/nx options all options supported by nxcomp (see nxproxy man page)
496       and all nxagent nx/nx options (see below) can be used.  When  launching
497       an  nxcomp  based nxagent session (i.e. proxy <-> agent), you will nor‐
498       mally set the $DISPLAY variable like this:
499
500         $ export DISPLAY=nx/nx,listen=<proxy-port>,options=<options.file>:<nx-display-port>
501         $ nxagent <command-line-options> :<nx-display-port>
502
503       The value for <nx-display-port> is some value  of  a  not-yet-used  X11
504       display (e.g. :50).
505
506       Using  an  options  file is recommended, but you can also put available
507       nx/nx options (see below) into the  DISPLAY  variable  directly.  Note,
508       that the $DISPLAY variable field is of limited length.
509
510       As  <proxy-port>  you  can  pick an arbitrary (unused) TCP port or Unix
511       socket file path. This is the port / socket that you have to connect to
512       with the nxproxy application.
513
514       The right hand side of an option (the part following the "=" character)
515       can include URL encoded characters. It is required  to  URL  encode  at
516       least  ","  (as  %2D)  and  "="  (as %3D) to avoid wrong parsing of the
517       options string.
518
519       Available nxagent options (as an addition to nx/nx options supported by
520       nxcomp already):
521
522       options=<string>
523               read  options  from  file,  this text file can contain a single
524               loooong line with comma-separated nx/nx options
525
526       rootless=<bool>
527               start nxagent in rootless mode, matches -R given on the command
528               line, no-op when resuming (default: 0, disabled)
529
530       geometry=<string>
531               desktop  geometry when starting or resuming a session, no-op in
532               rootless mode (default 66% of the underlying  X  server  geome‐
533               try).  You  can  either  specify  a  standard X geometry string
534               (WxH+X+Y) or allscreens for a  window  covering  all  available
535               screens or onescreen for a window covering only one screen. For
536               historical reasons fullscreen (as a synonym to  allscreens)  is
537               also accepted.
538
539       fullscreen=<int>
540               start or resume a session in fullscreen mode (default: 0, off).
541               Specify 1  for  a  fullscreen  window  covering  all  available
542               screens  or  2  for a fullscreen window covering only the first
543               screen.
544
545       resize=<bool>
546               set resizing support (default: 1, enabled)
547
548       keyboard=<string> or kbtype=<string>
549
550               query|clone|<model>/<layout>|rmlvo/<rules>#<model>#<lay‐
551               out>#<variant>#<options>
552
553
554               query   use  the  default  XKB  keyboard layout (see below) and
555                       only allow clients to query the  settings  but  prevent
556                       any  changes.  query  is  especially helpful for setups
557                       where you need to set/modify the actual keyboard layout
558                       using  core X protocol functions (e.g. via xmodmap). It
559                       is used for MacOS X clients  to  handle  some  keyboard
560                       problems that are special for this platform.  Note that
561                       in this case XKEYBOARD will always report  the  default
562                       layout which will most likely not match the experienced
563                       settings.
564
565               clone   ask the real X server for the keyboard  settings  using
566                       XKEYBOARD  protocol  functions  and clone them. This is
567                       the recommended setting. For compatibility  reasons  it
568                       is not the default.
569
570               <model>/<layout>
571                       use the given model and layout. A value of null/null is
572                       equivalent to clone. You can not modify keyboard rules,
573                       variant  or options this way. Instead preset values are
574                       used. These are base for rules and  empty  strings  for
575                       variant and options.
576
577               rmlvo/<rules>#<model>#<layout>#<variant>#<options>
578                       configure   the   keyboard   according   to  the  rmlvo
579                       (Rules+Model+Layout+Variant+Options) description  given
580                       after  the  /  and  separated by #. This can be used to
581                       fully pass the keyboard configuration of nxagent  right
582                       after           the           start.           Example:
583                       rmlvo/base#pc105#de,us#nodeadkeys#lv3:rwin_switch
584
585
586
587              If keyboard is omitted the internal defaults of nxagent will  be
588              used  (rules:  base, layout: us, model: pc102, empty variant and
589              options).
590
591
592       keyconv=<string>
593               set keycode conversion mode
594
595               auto|on|off
596
597               by default (auto) nxagent will activate keycode  conversion  if
598               it  detects  an  evdev XKEYBOARD setup on the nxproxy side (the
599               standard on Linux systems nowadays). Keycode  conversion  means
600               that certain keycodes are mapped to make the keyboard appear as
601               an pc105 model. Using off this conversion can be suppressed and
602               with on it will be forced.
603
604
605       clipboard=<string>
606
607               both|client|server|none
608
609
610               both    Allow clipboard data exchange both from nxagent to real
611                       X server and vice-versa. This is the default.
612
613               client  Limit clipboard data  exchange  to  work  only  in  one
614                       direction:  from  real  X server to nxagent.  Clipboard
615                       will still work inside  nxagent.  This  setting  effec‐
616                       tively  prevents  data leakage from the nxagent session
617                       to the outside.
618
619               server  Limit clipboard data  exchange  to  work  only  in  one
620                       direction: from nxagent to real X server.
621
622               none    Disable  any  clipboard  data  exchange. Clipboard will
623                       still work inside the nxagent and on the real X server,
624                       but no data exchange will be possible.
625
626       streaming=<bool>
627               enable  (set  to 1) or disable (set to 0) streaming support for
628               images, not fully  implemented  yet  and  thus  non-functional.
629               (default: disabled)
630
631       backingstore=<bool>
632               disable  (set to 0) or enforce (set to 1) backing store support
633               (default: enforced). In rootless mode  backingstore  is  always
634               disabled.
635
636       composite=<bool>
637               enable  (set  to  1) or disable (set to 0) Composite support in
638               nxagent (default: enabled)
639
640       xinerama=<bool>
641               enable (set to 1) or disable (set to  0)  XINERAMA  support  in
642               nxagent (default: enabled)
643
644       shmem=<bool>
645               enable/disable using shared memory. Accepted values: 1 (enable,
646               default), 0 (disable)
647
648       shpix=<bool>
649               enable/disable  shared  pixmaps  support.  Accepted  values:  1
650               (enable, default), 0 (disable)
651
652       client=<string>
653               type of connecting operating system (supported: linux, windows,
654               solaris and macosx)
655
656       shadow=<string>
657               define the display that should be shadowed
658
659       shadowuid=<int>
660               unique identifier for the shadow session
661
662       shadowmode=<bool>
663               full access (set to 1) or viewing-only (set to 0, default)
664
665       defer=<int>
666               defer image updates (enabled for all  connection  types  except
667               LAN), accepts values 0, 1 and 2
668
669               The default value can be set via the command line (-defer). The
670               value provided as nx/nx option is set when resuming a  session,
671               thus it overrides the command line default.
672
673               The default depends on the link type (see man nxproxy).
674
675               Each defer level adds the following rules to the previous ones:
676
677               0       Eager encoding.
678
679                       Default for link speed lan and local.
680
681               1       No  data  is  put  or  copied  on pixmaps, marking them
682                       always as corrupted and synchronizing them  on  demand,
683                       i.e.  when  a  copy  area to a window is requested, the
684                       source is synchronized before copying it.
685
686                       Default for link speed wan.
687
688               2       The put images over the windows are skipped marking the
689                       destination  as  corrupted.  The  same happens for copy
690                       area and composite operations, spreading the  corrupted
691                       regions of involved drawables.
692
693                       Default for link speed adsl, isdn and modem.
694
695
696       tile=<string>
697               set  the  maximum tile size in pixels (<W>x<H>) for bitmap data
698               sent over the wire
699
700               The default value can be set via the command line (-tile).  The
701               value  provided as nx/nx option is set when resuming a session,
702               thus it overrides the command line default.
703
704       menu=<bool>
705               support pulldown menu in nxagent  session  (only  available  on
706               proxy <-> agent remote sessions) (default: 1, enabled)
707
708       magicpixel=<bool>
709               enable/disable magic pixel support in fullscreen mode (default:
710               1, enabled)
711
712       copysize=<int>
713               Maximum number of bytes that can be pasted from an  NX  session
714               into an external application. Default is unlimited.
715
716       autodpi=<bool>
717               enable/disable  deriving  session  DPI  automatically from real
718               server (default: 0, disabled); only  takes  effect  on  session
719               startups, gets ignored when reconnecting to a suspended session
720
721       sleep=<int>
722               delay X server operations when suspended (provided in millisec‐
723               onds), set to 0 to keep nxagent session fully  functional  when
724               suspended  (e.g.  useful  when mirroring an nxagent session via
725               VNC). Graphic intensive applications will be affected  by  this
726               more than others. The default is 50ms.
727
728       tolerancechecks=<string>
729
730               strict|safe|risky|bypass
731
732               strict  means  that  the number of internal and external pixmap
733                       formats must match exactly and  every  internal  pixmap
734                       format  must be available in the external pixmap format
735                       array. This is the default.
736
737               safe    means that the number of pixmap formats might  diverge,
738                       but  all  internal pixmap formats must also be included
739                       in the external pixmap formats array.  This  is  recom‐
740                       mended, because it allows clients with more pixmap for‐
741                       mats to still connect, but not lose functionality.
742
743               risky   means that the internal pixmap formats array is allowed
744                       to  be  smaller than the external pixmap formats array,
745                       but at least one pixmap  format  must  be  included  in
746                       both. This is potentially unsafe.
747
748               bypass  means  that all of these checks are essentially deacti‐
749                       vated. This is a very bad idea.
750
751       autograb=<bool>
752               enable or disable autograb (default: 0, disabled). Can be  tog‐
753               gled during session via keystroke.
754
755       If you want to use nxagent as a replacement for Xnest or Xephyr you can
756       pass options like this:
757
758         $ echo nx/nx,fullscreen=1$DISPLAY >/tmp/opt
759         $ nxagent <command-line-options> -options /tmp/opt :<nx-display-port>
760
761

XDMCP OPTIONS

763       X servers that support XDMCP have the following  options.   See  the  X
764       Display Manager Control Protocol specification for more information.
765
766       -query hostname
767               enables  XDMCP  and  sends Query packets to the specified host‐
768               name.
769
770       -broadcast
771               enable XDMCP and broadcasts BroadcastQuery packets to the  net‐
772               work.   The first responding display manager will be chosen for
773               the session.
774
775       -multicast [address [hop count]]
776               Enable XDMCP and multicast BroadcastQuery packets to  the  net‐
777               work.   The  first responding display manager is chosen for the
778               session.  If an address is specified, the multicast is sent  to
779               that  address.   If  no  address is specified, the multicast is
780               sent to the default XDMCP IPv6 multicast group.  If a hop count
781               is  specified, it is used as the maximum hop count for the mul‐
782               ticast.  If no hop count is specified, the multicast is set  to
783               a  maximum of 1 hop, to prevent the multicast from being routed
784               beyond the local network.
785
786       -indirect hostname
787               enables XDMCP and send IndirectQuery packets to  the  specified
788               hostname.
789
790       -port port-number
791               uses  the  specified  port-number for XDMCP packets, instead of
792               the default.  This option must be specified before any  -query,
793               -broadcast, -multicast, or -indirect options.
794
795       -from local-address
796               specifies the local address to connect from (useful if the con‐
797               necting host has  multiple  network  interfaces).   The  local-
798               address  may  be  expressed  in any form acceptable to the host
799               platform's gethostbyname(3) implementation.
800
801       -once   causes the server to terminate (rather  than  reset)  when  the
802               XDMCP session ends.
803
804       -class display-class
805               XDMCP  has  an  additional  display  qualifier used in resource
806               lookup for display-specific options.   This  option  sets  that
807               value,  by  default  it is "MIT-Unspecified" (not a very useful
808               value).
809
810       -cookie xdm-auth-bits
811               When testing XDM-AUTHENTICATION-1,  a  private  key  is  shared
812               between the server and the manager.  This option sets the value
813               of that private data (not that it is very private, being on the
814               command line!).
815
816       -displayID display-id
817               Yet  another  XDMCP specific value, this one allows the display
818               manager to identify each display so  that  it  can  locate  the
819               shared key.
820
821

XKEYBOARD OPTIONS

823       X  servers  that  support the XKEYBOARD (a.k.a. "XKB") extension accept
824       the following options.  All layout files specified on the command  line
825       must be located in the XKB base directory or a subdirectory, and speci‐
826       fied as the relative path from the XKB base directory.  The default XKB
827       base directory is /usr/share/X11/xkb.
828
829       [+-]kb  enables(+) or disables(-) the XKEYBOARD extension.
830
831       [+-]accessx [ timeout [ timeout_mask [ feedback [ options_mask ] ] ] ]
832               enables(+) or disables(-) AccessX key sequences.
833
834       -xkbdir directory
835               base  directory  for keyboard layout files.  This option is not
836               available for setuid X servers (i.e., when the X server's  real
837               and effective uids are different).
838
839       -ardelay milliseconds
840               sets  the autorepeat delay (length of time in milliseconds that
841               a key must be depressed before autorepeat starts).
842
843       -arinterval milliseconds
844               sets the autorepeat interval (length of  time  in  milliseconds
845               that should elapse between autorepeat-generated keystrokes).
846
847       -xkbmap filename
848               loads keyboard description in filename on server startup.
849
850

SECURITY EXTENSION OPTIONS

852       X  servers  that  support  the  SECURITY extension accept the following
853       option:
854
855       -sp filename
856               causes the server to attempt to read and interpret filename  as
857               a  security  policy  file with the format described below.  The
858               file is read at server startup and reread at each server reset.
859
860       The syntax of the security policy file is as  follows.   Notation:  "*"
861       means  zero or more occurrences of the preceding element, and "+" means
862       one or more occurrences.  To interpret <foo/bar>, ignore the text after
863       the /; it is used to distinguish between instances of <foo> in the next
864       section.
865
866       <policy file> ::= <version line> <other line>*
867
868       <version line> ::= <string/v> '\n'
869
870       <other line > ::= <comment> | <access rule> | <site policy> | <blank line>
871
872       <comment> ::= # <not newline>* '\n'
873
874       <blank line> ::= <space> '\n'
875
876       <site policy> ::= sitepolicy <string/sp> '\n'
877
878       <access rule> ::= property <property/ar> <window> <perms> '\n'
879
880       <property> ::= <string>
881
882       <window> ::= any | root | <required property>
883
884       <required property> ::= <property/rp> | <property with value>
885
886       <property with value> ::= <property/rpv> = <string/rv>
887
888       <perms> ::= [ <operation> | <action> | <space> ]*
889
890       <operation> ::= r | w | d
891
892       <action> ::= a | i | e
893
894       <string> ::= <dbl quoted string> | <single quoted string> | <unquoted string>
895
896       <dbl quoted string> ::= <space> " <not dqoute>* " <space>
897
898       <single quoted string> ::= <space> ' <not squote>* ' <space>
899
900       <unquoted string> ::= <space> <not space>+ <space>
901
902       <space> ::= [ ' ' | '\t' ]*
903
904       Character sets:
905
906       <not newline> ::= any character except '\n'
907       <not dqoute>  ::= any character except "
908       <not squote>  ::= any character except '
909       <not space>   ::= any character except those in <space>
910
911       The semantics associated with the above syntax are as follows.
912
913       <version line>, the first line in the file, specifies the  file  format
914       version.   If  the server does not recognize the version <string/v>, it
915       ignores the rest of the file.  The version string for the  file  format
916       described here is "version-1" .
917
918       Once  past the <version line>, lines that do not match the above syntax
919       are ignored.
920
921       <comment> lines are ignored.
922
923       <sitepolicy> lines are currently ignored.  They are intended to specify
924       the site policies used by the XC-QUERY-SECURITY-1 authorization method.
925
926       <access  rule>  lines  specify how the server should react to untrusted
927       client requests that affect the X Window property named  <property/ar>.
928       The  rest  of  this  section describes the interpretation of an <access
929       rule>.
930
931       For an <access rule> to apply to a  given  instance  of  <property/ar>,
932       <property/ar>  must be on a window that is in the set of windows speci‐
933       fied by <window>.  If <window> is  any,  the  rule  applies  to  <prop‐
934       erty/ar>  on  any  window.   If  <window>  is root, the rule applies to
935       <property/ar> only on root windows.
936
937       If <window> is <required property>, the following apply.  If  <required
938       property> is a <property/rp>, the rule applies when the window also has
939       that <property/rp>, regardless of its value.  If <required property> is
940       a <property with value>, <property/rpv> must also have the value speci‐
941       fied by <string/rv>.  In this case, the property must have type  STRING
942       and  format  8, and should contain one or more null-terminated strings.
943       If any of the strings match <string/rv>, the rule applies.
944
945       The definition of string matching is simple case-sensitive string  com‐
946       parison  with  one  elaboration: the occurrence of the character '*' in
947       <string/rv> is a wildcard meaning "any string."  A <string/rv> can con‐
948       tain  multiple  wildcards  anywhere  in  the string.  For example, "x*"
949       matches strings that begin with x, "*x" matches strings that  end  with
950       x,  "*x*" matches strings containing x, and "x*y*" matches strings that
951       start with x and subsequently contain y.
952
953       There may be multiple <access rule> lines for  a  given  <property/ar>.
954       The  rules  are  tested in the order that they appear in the file.  The
955       first rule that applies is used.
956
957       <perms> specify operations that untrusted clients may attempt, and  the
958       actions that the server should take in response to those operations.
959
960       <operation>  can  be r (read), w (write), or d (delete).  The following
961       table shows how X Protocol property requests map to these operations in
962       The Open Group server implementation.
963
964       GetProperty    r, or r and d if delete = True
965       ChangeProperty w
966       RotateProperties    r and w
967       DeleteProperty d
968       ListProperties none, untrusted clients can always list all properties
969
970       <action>  can be a (allow), i (ignore), or e (error).  Allow means exe‐
971       cute the request as if it had been issued by a trusted client.   Ignore
972       means treat the request as a no-op.  In the case of GetProperty, ignore
973       means return an empty property value if the property exists, regardless
974       of its actual value.  Error means do not execute the request and return
975       a BadAtom error with the atom set to the property name.  Error  is  the
976       default  action  for  all properties, including those not listed in the
977       security policy file.
978
979       An <action> applies to all <operation>s that follow it, until the  next
980       <action>  is  encountered.   Thus,  irwad  means ignore read and write,
981       allow delete.
982
983       GetProperty and RotateProperties may do multiple operations (r  and  d,
984       or  r  and  w).  If different actions apply to the operations, the most
985       severe action is applied to the whole  request;  there  is  no  partial
986       request  execution.   The severity ordering is: allow < ignore < error.
987       Thus, if the <perms> for  a  property  are  ired  (ignore  read,  error
988       delete),  and an untrusted client attempts GetProperty on that property
989       with delete = True, an error is returned, but  the  property  value  is
990       not.   Similarly, if any of the properties in a RotateProperties do not
991       allow both read and write, an error is returned  without  changing  any
992       property values.
993
994       Here is an example security policy file.
995
996       version-1
997
998       # Allow reading of application resources, but not writing.
999       property RESOURCE_MANAGER     root      ar iw
1000       property SCREEN_RESOURCES     root      ar iw
1001
1002       # Ignore attempts to use cut buffers.  Giving errors causes apps to crash,
1003       # and allowing access may give away too much information.
1004       property CUT_BUFFER0          root      irw
1005       property CUT_BUFFER1          root      irw
1006       property CUT_BUFFER2          root      irw
1007       property CUT_BUFFER3          root      irw
1008       property CUT_BUFFER4          root      irw
1009       property CUT_BUFFER5          root      irw
1010       property CUT_BUFFER6          root      irw
1011       property CUT_BUFFER7          root      irw
1012
1013       # If you are using Motif, you probably want these.
1014       property _MOTIF_DEFAULT_BINDINGS        rootar iw
1015       property _MOTIF_DRAG_WINDOW   root      ar iw
1016       property _MOTIF_DRAG_TARGETS  any       ar iw
1017       property _MOTIF_DRAG_ATOMS    any       ar iw
1018       property _MOTIF_DRAG_ATOM_PAIRS         anyar iw
1019
1020       # The next two rules let xwininfo -tree work when untrusted.
1021       property WM_NAME              any       ar
1022
1023       # Allow read of WM_CLASS, but only for windows with WM_NAME.
1024       # This might be more restrictive than necessary, but demonstrates
1025       # the <required property> facility, and is also an attempt to
1026       # say "top level windows only."
1027       property WM_CLASS             WM_NAME   ar
1028
1029       # These next three let xlsclients work untrusted.  Think carefully
1030       # before including these; giving away the client machine name and command
1031       # may be exposing too much.
1032       property WM_STATE             WM_NAME   ar
1033       property WM_CLIENT_MACHINE    WM_NAME   ar
1034       property WM_COMMAND           WM_NAME   ar
1035
1036       # To let untrusted clients use the standard colormaps created by
1037       # xstdcmap, include these lines.
1038       property RGB_DEFAULT_MAP      root      ar
1039       property RGB_BEST_MAP         root      ar
1040       property RGB_RED_MAP          root      ar
1041       property RGB_GREEN_MAP        root      ar
1042       property RGB_BLUE_MAP         root      ar
1043       property RGB_GRAY_MAP         root      ar
1044
1045       # To let untrusted clients use the color management database created
1046       # by xcmsdb, include these lines.
1047       property XDCCC_LINEAR_RGB_CORRECTION    rootar
1048       property XDCCC_LINEAR_RGB_MATRICES      rootar
1049       property XDCCC_GRAY_SCREENWHITEPOINT    rootar
1050       property XDCCC_GRAY_CORRECTION          rootar
1051
1052       # To let untrusted clients use the overlay visuals that many vendors
1053       # support, include this line.
1054       property SERVER_OVERLAY_VISUALS         rootar
1055
1056       # Dumb examples to show other capabilities.
1057
1058       # oddball property names and explicit specification of error conditions
1059       property "property with spaces"         'property with "'aw er ed
1060
1061       # Allow deletion of Woo-Hoo if window also has property OhBoy with value
1062       # ending in "son".  Reads and writes will cause an error.
1063       property Woo-Hoo              OhBoy = "*son"ad
1064
1065

NETWORK CONNECTIONS

1067       The  X server supports client connections via a platform-dependent sub‐
1068       set of the following transport types: TCPIP, Unix  Domain  sockets  and
1069       several  varieties  of  SVR4  local connections.  See the DISPLAY NAMES
1070       section of the X(__miscmansuffix__) manual page to learn how to specify
1071       which transport type clients should try to use.
1072
1073

GRANTING ACCESS

1075       The  X  server  implements a platform-dependent subset of the following
1076       authorization protocols: MIT-MAGIC-COOKIE-1, XDM-AUTHORIZATION-1,  XDM-
1077       AUTHORIZATION-2,   SUN-DES-1,   and  MIT-KERBEROS-5.   See  the  Xsecu‐
1078       rity(__miscmansuffix__) manual page for information on the operation of
1079       these protocols.
1080
1081       Authorization  data  required  by  the above protocols is passed to the
1082       server in a private file named with  the  -auth  command  line  option.
1083       Each  time  the  server is about to accept the first connection after a
1084       reset (or when the server is starting), it reads this  file.   If  this
1085       file contains any authorization records, the local host is not automat‐
1086       ically allowed access to the server, and only clients which send one of
1087       the authorization records contained in the file in the connection setup
1088       information will be allowed access.  See the  Xau  manual  page  for  a
1089       description  of the binary format of this file.  See xauth(1) for main‐
1090       tenance of this file, and distribution of its contents to remote hosts.
1091
1092       The X server also uses a host-based access control  list  for  deciding
1093       whether  or  not  to  accept  connections  from clients on a particular
1094       machine.  If no other authorization mechanism is being used, this  list
1095       initially  consists  of the host on which the server is running as well
1096       as any machines listed in the file /etc/Xn.hosts, where n is  the  dis‐
1097       play number of the server.  Each line of the file should contain either
1098       an Internet hostname (e.g. expo.lcs.mit.edu) or a complete name in  the
1099       format  family:name  as  described  in the xhost(1) manual page.  There
1100       should be no leading or trailing spaces on any lines.  For example:
1101
1102               joesworkstation
1103               corporate.company.com
1104               star::
1105               inet:bigcpu
1106               local:
1107
1108       Users can add or remove hosts from this  list  and  enable  or  disable
1109       access  control  using  the  xhost command from the same machine as the
1110       server.
1111
1112       If the X FireWall Proxy (xfwp) is  being  used  without  a  sitepolicy,
1113       host-based  authorization  must  be turned on for clients to be able to
1114       connect to the X server via the xfwp.  If xfwp is run without a config‐
1115       uration  file  and thus no sitepolicy is defined, if xfwp is using an X
1116       server where xhost + has been run to turn off host-based  authorization
1117       checks, when a client tries to connect to this X server via xfwp, the X
1118       server will deny the connection.   See  xfwp(1)  for  more  information
1119       about this proxy.
1120
1121       The  X protocol intrinsically does not have any notion of window opera‐
1122       tion permissions or place any restrictions on what a client can do;  if
1123       a  program  can connect to a display, it has full run of the screen.  X
1124       servers that support the SECURITY extension fare better because clients
1125       can  be designated untrusted via the authorization they use to connect;
1126       see the xauth(1) manual page for details.  Restrictions are imposed  on
1127       untrusted clients that curtail the mischief they can do.  See the SECU‐
1128       RITY extension specification for a complete list of these restrictions.
1129
1130       Sites that have better authentication and authorization  systems  might
1131       wish  to  make use of the hooks in the libraries and the server to pro‐
1132       vide additional security models.
1133

SIGNALS

1135       The X server attaches special meaning to the following signals:
1136
1137       SIGHUP  This signal causes the server to  close  all  existing  connec‐
1138               tions,  free  all  resources,  and restore all defaults.  It is
1139               sent by the display  manager  whenever  the  main  user's  main
1140               application (usually an xterm or window manager) exits to force
1141               the server to clean up and prepare for the next user.
1142
1143       SIGTERM This signal causes the server to exit cleanly.
1144
1145       SIGUSR1 This signal is used quite differently from either of the above.
1146               When  the  server  starts, it checks to see if it has inherited
1147               SIGUSR1 as SIG_IGN instead of the usual SIG_DFL.  In this case,
1148               the  server  sends a SIGUSR1 to its parent process after it has
1149               set up the various connection schemes.  Xdm uses  this  feature
1150               to recognize when connecting to the server is possible.
1151

FONTS

1153       The  X  server  can  obtain  fonts  from  directories  and/or from font
1154       servers.  The list of directories and font servers the  X  server  uses
1155       when trying to open a font is controlled by the font path.
1156
1157       The default font path is __default_font_path__ .
1158
1159       The  font  path  can be set with the -fp option or by xset(1) after the
1160       server has started.
1161

FILES

1163       /etc/Xn.hosts                 Initial access control list  for  display
1164                                     number n
1165
1166       /usr/share/fonts/X11/misc,
1167                                         /usr/share/fonts/X11/75dpi,
1168                                         /usr/share/fonts/X11/100dpi    Bitmap
1169                                     font directories
1170
1171       /usr/share/fonts/X11/Type1    Outline font directories
1172
1173       /usr/share/nx/rgb             Color database
1174
1175       /tmp/.X11-unix/Xn             Unix domain socket for display number n
1176
1177       /tmp/rcXn                     Kerberos 5 replay cache for display  num‐
1178                                     ber n
1179

SEE ALSO

1181       Protocols:  X  Window  System  Protocol, NX Compression Protocol, The X
1182       Font Service Protocol, X Display Manager Control Protocol
1183
1184       Fonts: bdftopcf(1), mkfontdir(1), mkfontscale(1), xfs(1),  xlsfonts(1),
1185       xfontsel(1), xfd(1), X Logical Font Description Conventions
1186
1187       Security:   Xsecurity(__miscmansuffix__),   xauth(1),  Xau(1),  xdm(1),
1188       xhost(1), xfwp(1), Security Extension Specification
1189
1190       Starting the server: xdm(1), xinit(1)
1191
1192       Controlling the server once started: xset(1), xsetroot(1), xhost(1)
1193
1194       Server-specific  man  pages:  Xdec(1),  XmacII(1),  Xsun(1),  Xnest(1),
1195       Xvfb(1), XFree86(1), XDarwin(1).
1196
1197       Server  internal documentation: Definition of the Porting Layer for the
1198       X v11 Sample Server
1199

AUTHORS

1201       The first sample X server was originally written by Susan  Angebranndt,
1202       Raymond Drewry, Philip Karlton, and Todd Newman, from Digital Equipment
1203       Corporation, with support from a large cast.  It has since been  exten‐
1204       sively  rewritten  by  Keith  Packard and Bob Scheifler, from MIT. Dave
1205       Wiggins took over post-R5 and made substantial improvements.
1206
1207       The first implementation of nx-X11 (version 1.x up to 3.5.x) was  writ‐
1208       ten by NoMachine (maintained until 2011).
1209
1210       The current implementation of nx-X11 is maintained by various projects,
1211       amongst others The Arctica Project, TheQVD (Qindel Group) and X2Go.
1212
1213       This manual page was written by  Per  Hansen  <spamhans@yahoo.de>,  and
1214       modified  by  Marcelo  Boveto  Shima  <marceloshima@gmail.com> and Mike
1215       Gabriel  <mike.gabriel@das-netzwerkteam.de>.  In  2016,  the   original
1216       Xserver.man  page  shipped  with nx-X11 was merged into the nxagent man
1217       page and received a major update by Mike Gabriel <mike.gabriel@das-net‐
1218       zwerkteam.de>.
1219
1220
1221
1222Version 3.5.99.26                  Feb 2021                         nxagent(1)
Impressum