sesman.ini(5)

1sesman.ini(5)                                                    sesman.ini(5)
2
3
4

NAME

6       sesman.ini - Configuration file for xrdp-sesman(8)
7
8

DESCRIPTION

10       sesman.ini  consists  of several sections. Each section starts with the
11       section name in square brackets, followed by a list of  parameter=value
12       lines. Following sections are recognized:
13
14
15       [Globals]
16              Global configuration
17
18
19       [Logging]
20              Logging subsystem
21
22
23       [Sessions]
24              Session management
25
26
27       [Security]
28              Access control
29
30
31       [X11rdp], [Xvnc], [Xorg]
32              X11 server settings for supported servers
33
34
35       [Chansrv]
36              Settings for xrdp-chansrv(8)
37
38
39       [ChansrvLogging]
40              Logging settings for xrdp-chansrv(8)
41
42
43       [SessionVariables]
44              Environment variables for the session
45
46
47       All  parameters  and  values (except for file names and paths) are case
48       insensitive, and are described in detail below.  If  any  parameter  is
49       specified  more  than once, the last entry will be used. Options speci‐
50       fied outside their proper section will be ignored.
51
52

GLOBALS

54       Following parameters can be used in the [Globals] section.
55
56
57       ListenAddress=ip address
58              xrdp-sesman listening address. If  not  specified,  defaults  to
59              0.0.0.0 (all interfaces).
60
61
62       ListenPort=port number
63              xrdp-sesman listening port. If not specified, defaults to 3350.
64
65
66       EnableUserWindowManager=[true|false]
67              If  set  to  1,  true  or yes, this option enables user specific
68              startup script. That is, xrdp-sesman  will  execute  the  script
69              specified by UserWindowManager if it exists.
70
71
72       UserWindowManager=filename
73              Path  of  the  startup script relative to the user's home direc‐
74              tory. If present and enabled  by  EnableUserWindowManager,  that
75              script is executed instead of DefaultWindowManager.
76
77
78       DefaultWindowManager=filename
79              Full path or relative path of the default startup script used by
80              xrdp-sesman to start a session.  If the path is not a full path,
81              it will be resolved as relative path to /etc/xrdp. If not speci‐
82              fied, defaults to /etc/xrdp/startwm.sh.
83
84
85       ReconnectScript=filename
86              Full path or relative path if the  script  which  executed  when
87              users  reconnects  to the existing session. If the path is not a
88              full path, it will be resolved as relative path to /etc/xrdp. If
89              not specified, defaults to /etc/xrdp/reconnectwm.sh.
90
91

LOGGING

93       Following  parameters can be used in the [Logging] and [ChansrvLogging]
94       sections.
95
96
97       LogFile=filename
98              Log file path. It can be either absolute  or  relative.  If  not
99              specified,  defaults to ./sesman.log It is ignored in the [Chan‐
100              srvLogging] section since the channel  server  creates  one  log
101              file  per display and instead uses the following log file naming
102              convention xrdp-chansrv.${DISPLAY}.log
103
104
105       LogLevel=level
106              This option can have one of the following values:
107
108              CORE or 0 - Log only core messages. Those  messages  are  logged
109              regardless of the selected logging level.
110
111              ERROR or 1 - Log only error messages.
112
113              WARNING, WARN or 2 - Logs warnings and error messages.
114
115              INFO or 3 - Log errors, warnings and informational messages.
116
117              DEBUG or 4 - Log everything. If xrdp-sesman is compiled in debug
118              mode, this options will output many more low-level messages.
119
120
121       EnableSyslog=[true|false]
122              If set to 1, true or yes, this option enables logging to syslog.
123
124
125       SyslogLevel=level
126              Logging level for  syslog.  It  can  have  the  same  values  as
127              LogLevel.  Defaults to DEBUG.
128
129
130       EnableConsole=[true|false]
131              If  set  to  1,  true or yes, this option enables logging to the
132              console (ie. stdout).
133
134
135       ConsoleLevel=level
136              Logging level for the console. It can have the  same  values  as
137              LogLevel.  Defaults to DEBUG.
138
139
140       EnableProcessId=[true|false]
141              If  set  to  1,  true  or  yes,  this option enables logging the
142              process id in all log messages. Defaults to false.
143
144

SESSIONS

146       Following parameters can be used in the [Sessions] section.
147
148
149       X11DisplayOffset=number
150              The first X display number available for xrdp-sesman. This  pre‐
151              vents xrdp-sesman from interfering with real X11 servers. If not
152              specified, defaults to 10.
153
154
155       MaxSessions=number
156              Sets the maximum number of simultaneous sessions. If not set  or
157              set to 0, unlimited session are allowed.
158
159
160       KillDisconnected=[true|false]
161              If  set  to  1, true or yes, every session will be killed within
162              DisconnectedTimeLimit seconds after the user disconnects.   This
163              setting currently only works with xorgxrdp sessions.
164
165
166       DisconnectedTimeLimit=number
167              Sets the time limit for KillDisconnected to a value greater than
168              60.  Values less than 60 are to be  overridden  with  60.   This
169              setting currently only works with xorgxrdp sessions.
170
171
172       IdleTimeLimit=number
173              Sets  the time limit (in seconds) before an idle session is dis‐
174              connected.   Idle  means  no  keyboard  inputs  and   no   mouse
175              moves/clicks  here.   If  set  to 0, idle sessions will never be
176              disconnected by timeout.  This works  only  with  xorgxrdp  ses‐
177              sions. Moreover, xorgxrdp must be v0.2.9 or later.
178
179
180       Policy=[Default|UBD|UBI|UBC|UBDI|UBDC]
181              Session allocation policy. Used to decide when to allocate a new
182              session. Set to one of the following values:
183
184              Default - session per <User,BitPerPixel>
185              UBD - session per <User,BitPerPixel,DisplaySize>
186              UBI - session per <User,BitPerPixel,IPAddr>
187              UBC - session per <User,BitPerPixel,Connection>
188              UBDI - session per <User,BitPerPixel,DisplaySize,IPAddr>
189              UBDC - session per <User,BitPerPixel,DisplaySize,Connection>
190
191              Note that the User and BitPerPixel  criteria  cannot  be  turned
192              off. DisplaySize refers to the initial geometry of a connection,
193              as actual display sizes can change dynamically.
194
195

SECURITY

197       Following parameters can be used in the [Security] section.
198
199
200       AllowRootLogin=[true|false]
201              If set to 1, true or yes, enables root  login  on  the  terminal
202              server.
203
204
205       MaxLoginRetry=number
206              The  number  of  login  attempts  that  are  allowed on terminal
207              server. If set to 0, unlimited  attempts  are  allowed.  If  not
208              specified, defaults to 3.
209
210
211       TerminalServerUsers=group
212              Only  the  users belonging to the specified group are allowed to
213              login on terminal server. If unset  or  set  to  an  invalid  or
214              non-existent group, login for all users is enabled.
215
216
217       TerminalServerAdmins=group
218              This option is currently ignored! Only members of this group can
219              have session management rights.
220
221
222       RestrictOutboundClipboard=[all|none|text|file|image]
223              If set to all, will restrict the  clipboard  outbound  from  the
224              server,  to  prevent  data  copied inside the xrdp session to be
225              pasted in the client. Default value is none.  In  addition,  you
226              can  control text/file/image transfer restrictions respectively.
227              It also accepts comma separated list such as text,file,image.
228
229              none - No restriction about copying inbound clipboard data.
230              all - Restrict to copy inbound clipboard data.
231              text - Restrict to copy only inbound text clipboard data.
232              file - Restrict to copy only inbound file clipboard data.
233              image - Restrict to copy only inbound image clipboard data.
234
235              To keep compatibility, the following aliases are also available.
236              true - an alias of all.
237              false - an alias of none.
238              yes - an alias of all.
239
240
241       RestrictInboundClipboard=[none|all|text|file|image]
242              If set to all, will restrict  the  clipboard  inbound  from  the
243              client, to prevent data copied inside the client to be pasted in
244              the xrdp session. Default value is none.  In addition,  you  can
245              control  text/file/image  transfer restrictions respectively. It
246              also accepts comma separated list such as text,file,image.
247
248              none - No restriction about copying inbound clipboard data.
249              all - Restrict to copy inbound clipboard data.
250              text - Restrict to copy only inbound text clipboard data.
251              file - Restrict to copy only inbound file clipboard data.
252              image - Restrict to copy only inbound image clipboard data.
253
254              To keep compatibility, the following aliases are also available.
255              true - an alias of all.
256              false - an alias of none.
257              yes - an alias of all.
258
259
260       AlwaysGroupCheck=[true|false]
261              If set to 1, true or yes, require group membership even  if  the
262              group specified in TerminalServerUsers doesn't exist.
263
264
265       AllowAlternateShell=[true|false]
266              If  set  to 0, false or no, prevent usage of alternate shells by
267              users.
268
269

X11 SERVER

271       Following parameters can be used in the  [X11rdp],  [Xvnc]  and  [Xorg]
272       sections.
273
274
275       param=string
276              Multiple  param  lines  are supported. This first line specifies
277              the path to the X11 server executable. Following  lines  specify
278              command line arguments passed to the X11 server.
279
280

CHANSRV

282       Following parameters can be used in the [Chansrv] section.
283
284
285       FuseMountName=string
286              Directory  for  drive redirection.  Created if it doesn't exist.
287              If not specified, defaults to xrdp_client.  If  first  character
288              is not a '/', this is relative to $HOME.
289
290              If  first  character is a '/' this is an absolute path. The fol‐
291              lowing substitutions are made in this string:-
292                  %U - Username
293                  %u - Numeric UID
294                  %% - Percent character
295
296              If this format is used:-
297
298              1) The directory path permissions MUST be  configured  correctly
299                 by the system administrator or the system itself - xrdp-chan‐
300                 srv will not do this for you (although it will create the fi‐
301                 nal directories owned by the user).
302
303              2)  The  desktop  may  not  automatically display a link for the
304                 redirected drive. To fix this, consult the docs for your cho‐
305                 sen desktop.
306
307
308       FileUmask=mode
309              Additional  umask  to apply to files in the FuseMountName direc‐
310              tory.  The default value of 077 prevents other users on the sys‐
311              tem  from  reading files on your redirected drives. This may not
312              be appropriate for all environments, and so you can change  this
313              value  to  allow  other users to access your remote files if re‐
314              quired.
315
316
317       EnableFuseMount=[true|false]
318              Defaults to true.  Set to false to disable xrdp-chansrv's use of
319              the  FUSE  system  feature,  even if it has been built with this
320              feature enabled.
321
322              Setting this value to false will disable the following  applica‐
323              tion features:-
324
325              -  drive redirection
326
327              -  copying-and-pasting of files
328
329       UseNautilus3FlistFormat=[false|true]
330              Defaults to false.  Set to true to make file copy-paste compati‐
331              ble with Nautilus from GNOME 3 versions later than  3.29.92.  Do
332              not use this for any other reason.
333
334              This  setting  will  be removed in a later version of xrdp, when
335              GNOME 3 is no longer supported.
336
337

SESSIONS VARIABLES

339       All entries in the [SessionVariables] section are  set  as  environment
340       variables in the user's session.
341
342

FILES

344       /etc/xrdp/sesman.ini
345
346