sesman.ini(5)

1sesman.ini(5)                                                    sesman.ini(5)
2
3
4

NAME

6       sesman.ini - Configuration file for xrdp-sesman(8)
7
8

DESCRIPTION

10       sesman.ini  consists  of several sections. Each section starts with the
11       section name in square brackets, followed by a list of  parameter=value
12       lines. Following sections are recognized:
13
14
15       [Globals]
16              Global configuration
17
18
19       [Logging]
20              Logging subsystem
21
22
23       [Sessions]
24              Session management
25
26
27       [Security]
28              Access control
29
30
31       [X11rdp], [Xvnc], [Xorg]
32              X11 server settings for supported servers
33
34
35       [Chansrv]
36              Settings for xrdp-chansrv(8)
37
38
39       [ChansrvLogging]
40              Logging settings for xrdp-chansrv(8)
41
42
43       [SessionVariables]
44              Environment variables for the session
45
46
47       All  parameters  and  values (except for file names and paths) are case
48       insensitive, and are described in detail below.  If  any  parameter  is
49       specified  more  than once, the last entry will be used. Options speci‐
50       fied outside their proper section will be ignored.
51
52

GLOBALS

54       Following parameters can be used in the [Globals] section.
55
56
57       ListenAddress=ip address
58              xrdp-sesman listening address. If  not  specified,  defaults  to
59              0.0.0.0 (all interfaces).
60
61
62       ListenPort=port number
63              xrdp-sesman listening port. If not specified, defaults to 3350.
64
65
66       EnableUserWindowManager=[true|false]
67              If  set  to  1,  true  or yes, this option enables user specific
68              startup script. That is, xrdp-sesman  will  execute  the  script
69              specified by UserWindowManager if it exists.
70
71
72       UserWindowManager=filename
73              Path  of  the  startup script relative to the user's home direc‐
74              tory. If present and enabled  by  EnableUserWindowManager,  that
75              script is executed instead of DefaultWindowManager.
76
77
78       DefaultWindowManager=filename
79              Full path or relative path of the default startup script used by
80              xrdp-sesman to start a session.  If the path is not a full path,
81              it will be resolved as relative path to /etc/xrdp. If not speci‐
82              fied, defaults to /etc/xrdp/startwm.sh.
83
84
85       ReconnectScript=filename
86              Full path or relative path if the  script  which  executed  when
87              users  reconnects  to the existing session. If the path is not a
88              full path, it will be resolved as relative path to /etc/xrdp. If
89              not specified, defaults to /etc/xrdp/reconnectwm.sh.
90
91

LOGGING

93       Following  parameters can be used in the [Logging] and [ChansrvLogging]
94       sections.
95
96
97       LogFile=filename
98              Log file path. It can be either absolute  or  relative.  If  not
99              specified,  defaults to ./sesman.log It is ignored in the [Chan‐
100              srvLogging] section since the channel  server  creates  one  log
101              file  per display and instead uses the following log file naming
102              convention xrdp-chansrv.${DISPLAY}.log
103
104
105       LogLevel=level
106              This option can have one of the following values:
107
108              CORE or 0 - Log only core messages. Those  messages  are  logged
109              regardless of the selected logging level.
110
111              ERROR or 1 - Log only error messages.
112
113              WARNING, WARN or 2 - Logs warnings and error messages.
114
115              INFO or 3 - Log errors, warnings and informational messages.
116
117              DEBUG or 4 - Log everything. If xrdp-sesman is compiled in debug
118              mode, this options will output many more low-level messages.
119
120
121       EnableSyslog=[true|false]
122              If set to 1, true or yes, this option enables logging to syslog.
123
124
125       SyslogLevel=level
126              Logging level for  syslog.  It  can  have  the  same  values  as
127              LogLevel.  Defaults to DEBUG.
128
129
130       EnableConsole=[true|false]
131              If  set  to  1,  true or yes, this option enables logging to the
132              console (ie. stdout).
133
134
135       ConsoleLevel=level
136              Logging level for the console. It can have the  same  values  as
137              LogLevel.  Defaults to DEBUG.
138
139
140       EnableProcessId=[true|false]
141              If  set  to  1,  true  or  yes,  this option enables logging the
142              process id in all log messages. Defaults to false.
143
144

SESSIONS

146       Following parameters can be used in the [Sessions] section.
147
148
149       X11DisplayOffset=number
150              The first X display number available for xrdp-sesman. This  pre‐
151              vents xrdp-sesman from interfering with real X11 servers. If not
152              specified, defaults to 10.
153
154
155       MaxSessions=number
156              Sets the maximum number of simultaneous sessions. If not set  or
157              set to 0, unlimited session are allowed.
158
159
160       KillDisconnected=[true|false]
161              If  set  to  1, true or yes, every session will be killed within
162              DisconnectedTimeLimit seconds after the user disconnects.   This
163              setting currently only works with xorgxrdp sessions.
164
165
166       DisconnectedTimeLimit=number
167              Sets the time limit for KillDisconnected to a value greater than
168              60.  Values less than 60 are to be  overridden  with  60.   This
169              setting currently only works with xorgxrdp sessions.
170
171
172       IdleTimeLimit=number
173              Sets  the time limit (in seconds) before an idle session is dis‐
174              connected.   Idle  means  no  keyboard  inputs  and   no   mouse
175              moves/clicks  here.   If  set  to 0, idle sessions will never be
176              disconnected by timeout.  This works  only  with  xorgxrdp  ses‐
177              sions. Moreover, xorgxrdp must be v0.2.9 or later.
178
179
180       Policy=[Default|UBD|UBI|UBC|UBDI|UBDC]
181              Session allocation policy. Used to decide when to allocate a new
182              session. Set to one of the following values:
183
184              Default - session per <User,BitPerPixel>
185              UBD - session per <User,BitPerPixel,DisplaySize>
186              UBI - session per <User,BitPerPixel,IPAddr>
187              UBC - session per <User,BitPerPixel,Connection>
188              UBDI - session per <User,BitPerPixel,DisplaySize,IPAddr>
189              UBDC - session per <User,BitPerPixel,DisplaySize,Connection>
190
191              Note that the User and BitPerPixel  criteria  cannot  be  turned
192              off. DisplaySize refers to the initial geometry of a connection,
193              as actual display sizes can change dynamically.
194
195

SECURITY

197       Following parameters can be used in the [Security] section.
198
199
200       AllowRootLogin=[true|false]
201              If set to 1, true or yes, enables root  login  on  the  terminal
202              server.
203
204
205       MaxLoginRetry=number
206              The  number  of  login  attempts  that  are  allowed on terminal
207              server. If set to 0, unlimited  attempts  are  allowed.  If  not
208              specified, defaults to 3.
209
210
211       TerminalServerUsers=group
212              Only  the  users belonging to the specified group are allowed to
213              login on terminal server. If unset  or  set  to  an  invalid  or
214              non-existent group, login for all users is enabled.
215
216
217       TerminalServerAdmins=group
218              This option is currently ignored! Only members of this group can
219              have session management rights.
220
221
222       RestrictOutboundClipboard=[all|none|text|file|image]
223              If set to all, will restrict the  clipboard  outbound  from  the
224              server,  to  prevent  data  copied inside the xrdp session to be
225              pasted in the client. Default value is none.  In  addition,  you
226              can  control text/file/image transfer restrictions respectively.
227              It also accepts comma separated list such as text,file,image.
228
229              none - No restriction about copying inbound clipboard data.
230              all - Restrict to copy inbound clipboard data.
231              text - Restrict to copy only inbound text clipboard data.
232              file - Restrict to copy only inbound file clipboard data.
233              image - Restrict to copy only inbound image clipboard data.
234
235              To keep compatibility, the following aliases are also available.
236              true - an alias of all.
237              false - an alias of none.
238              yes - an alias of all.
239
240
241       RestrictInboundClipboard=[none|all|text|file|image]
242              If set to all, will restrict  the  clipboard  inbound  from  the
243              client, to prevent data copied inside the client to be pasted in
244              the xrdp session. Default value is none.  In addition,  you  can
245              control  text/file/image  transfer restrictions respectively. It
246              also accepts comma separated list such as text,file,image.
247
248              none - No restriction about copying inbound clipboard data.
249              all - Restrict to copy inbound clipboard data.
250              text - Restrict to copy only inbound text clipboard data.
251              file - Restrict to copy only inbound file clipboard data.
252              image - Restrict to copy only inbound image clipboard data.
253
254              To keep compatibility, the following aliases are also available.
255              true - an alias of all.
256              false - an alias of none.
257              yes - an alias of all.
258
259
260       AlwaysGroupCheck=[true|false]
261              If set to 1, true or yes, require group membership even  if  the
262              group specified in TerminalServerUsers doesn't exist.
263
264

X11 SERVER

266       Following  parameters  can  be  used in the [X11rdp], [Xvnc] and [Xorg]
267       sections.
268
269
270       param=string
271              Multiple param lines are supported. This  first  line  specifies
272              the  path  to the X11 server executable. Following lines specify
273              command line arguments passed to the X11 server.
274
275

CHANSRV

277       Following parameters can be used in the [Chansrv] section.
278
279
280       FuseMountName=string
281              Directory for drive redirection.  Created if it  doesn't  exist.
282              If  not  specified, defaults to xrdp_client.  If first character
283              is not a '/', this is relative to $HOME.
284
285              If first character is a '/' this is an absolute path.  The  fol‐
286              lowing substitutions are made in this string:-
287                  %U - Username
288                  %u - Numeric UID
289                  %% - Percent character
290
291              If this format is used:-
292
293              1)  The  directory path permissions MUST be configured correctly
294                 by the system administrator or the system itself - xrdp-chan‐
295                 srv will not do this for you (although it will create the fi‐
296                 nal directories owned by the user).
297
298              2) The desktop may not automatically  display  a  link  for  the
299                 redirected drive. To fix this, consult the docs for your cho‐
300                 sen desktop.
301
302
303       FileUmask=mode
304              Additional umask to apply to files in the  FuseMountName  direc‐
305              tory.  The default value of 077 prevents other users on the sys‐
306              tem from reading files on your redirected drives. This  may  not
307              be  approprate  for  all environents, and so you can change this
308              value to allow other users to access your remote  files  if  re‐
309              quired.
310
311
312       EnableFuseMount=[true|false]
313              Defaults to true.  Set to false to disable xrdp-chansrv's use of
314              the FUSE system feature, even if it has  been  built  with  this
315              feature enabled.
316
317              Setting  this value to false will disable the following applica‐
318              tion features:-
319
320              -  drive redirection
321
322              -  copying-and-pasting of files
323
324       UseNautilus3FlistFormat=[false|true]
325              Defaults to false.  Set to true to make file copy-paste compati‐
326              ble  with  Nautilus from GNOME 3 versions later than 3.29.92. Do
327              not use this for any other reason.
328
329              This setting will be removed in a later version  of  xrdp,  when
330              GNOME 3 is no longer supported.
331
332

SESSIONS VARIABLES

334       All  entries  in  the [SessionVariables] section are set as environment
335       variables in the user's session.
336
337

FILES

339       /etc/xrdp/sesman.ini
340
341