tigervnc.conf(5x) Virtual Network Computing tigervnc.conf(5x)
NAME
tigervnc.conf - configuration files for Virtual Network Computing
SYNOPSIS
$variable = "someValue";
$variable = "someValue";
$variable .= "someValue";
$variable = $var1 . $var2;
DESCRIPTION
This man page describes the syntax and options of the three configura-
tion files loaded by tigervncserver(1), the free X server for Virtual
Network Computing (VNC). These configuration files can be used to
change the behavior of the server at startup time, although for all
values suitable inbuilt defaults are preset.
First, /etc/tigervnc/vncserver-config-defaults is read specifying the
system defaults. Then, tigervncserver(1) will proceed and read
$HOME/.vnc/tigervnc.conf, a file that can be changed on a per-user
base. The options in this file will override the system defaults.
Next, command-line options overwrite both the system defaults and the
settings in $HOME/.vnc/tigervnc.conf. Finally, the configuration file
/etc/tigervnc/vncserver-config-mandatory is parsed. If this file exists
and defines options to be passed to Xtigervnc, they will override any
of the same options defined in a user's $HOME/.vnc/tigervnc.conf as
well as options given via the command line. This file offers a mecha-
nism to establish some basic form of system-wide policy.
WARNING! There is nothing stopping users from constructing their own
start script that calls Xtigervnc directly to bypass any options de-
fined in /etc/tigervnc/vncserver-config-mandatory.
EXAMPLES
The system configuration file /etc/tigervnc/vncserver-config-defaults
should come with the Debian package tigervnc-standalone-server. This
file serves as an example for the user file $HOME/.vnc/tigervnc.conf.
The system configuration file is pretty self-descriptive, and this doc-
ument will mainly repeat the information that already can be found
there.
OVERVIEW
The file is in perl(1) syntax, although only variable assignment is al-
lowed for your safety and convenience. But there still a variety of
possibilities to set the string variables.
All variable names are prefixed by `$'. You can assign a string to a
variable using the `=' operator, and you can append a string to a vari-
able using the `.=' operator. You can concatenate two strings using the
`.' operator. You can substitute variables even inside quotes. You can
access the environment variables using the notation $ENV{VARIABLE}.
You can unset a variable by assigning undef to it. Use this to return
the state of the variable from `set' to `use default'.
You must end a line with a semicolon.
OPTIONS
The options are given with their default value if this is known.
$fontPath = "<font_dir>,<font_dir>,..."
Should be a comma separated list of fonts to be added to the
font path. If not specified, the default will apply.
$PAMService = "tigervnc";
This parameter specifies the PAM service used for plain password
authentication if one of the security types Plain, TLSPlain, or
X509Plain is used. If /etc/pam.d/vnc is not present, then
tigervncserver(1) expects to use the tigervnc PAM service to au-
thenticate the passwords of users when any of the *Plain secu-
rity types are used. Note that the tigervnc-common package pro-
vides the PAM service configuration file /etc/pam.d/tigervnc.
Otherwise, if /etc/pam.d/vnc is present, then the vnc PAM ser-
vice will be used.
$sslAutoGenCertCommand = "openssl req
-newkey ec:/etc/tigervnc/openssl-ecparams.pem
-x509 -days 2190 -nodes";
The command specified by the $sslAutoGenCertCommand parameter is
used to auto generate the certificate for the -X509Cert and
-X509Key options of Xtigervnc(1). The configuration for
openssl(1SSL) is taken from /etc/tigervnc/openssl.cnf where we
substitute @HostName@ by the fully qualified domain name of the
host.
$vncUserDir = "$ENV{HOME}/.vnc";
Contains the filename for the log files directory of Xtigervnc
(the server) and the viewers that are connected to it.
$vncPasswdFile = $vncUserDir . "/passwd";
Contains the filename of the password file for Xtigervnc. This
file is only used for the security types VncAuth, TLSVnc, and
X509Vnc.
$vncStartup = "/etc/X11/Xtigervnc-session";
Points to a script that will be started at the very beginning
when neither $vncUserDir/Xtigervnc-session nor $vncUserDir/xs-
tartup is present. If $vncUserDir/Xtigervnc-session is present,
it will be used. Otherwise, we try $vncUserDir/xstartup. If
this is also absent, then we use the $vncStartup script. If
$vncStartup is specified in $vncUserDir/tigervnc.conf, then this
script is used unconditionally. That is without checking for the
presence of $vncUserDir/Xtigervnc-session or $vncUserDir/xs-
tartup.
$session = undef;
This option can be used to control which X session type will be
started. This should match one of the files in /usr/share/xses-
sions. For example, if there is a file called gnome.desktop,
then $session = "gnome" would start this X session. The command
to start the session is passed to the $vncStartup script. If
this is not specified, then /etc/X11/Xtigervnc-session will
start the session specified by /usr/bin/x-session-manager.
$xauthorityFile = "$ENV{HOME}/.Xauthority";
Specifies the path to the X authority file that should be used
by your Xtigervnc server.
$desktopName = "${HOSTFQDN}:nn ($ENV{LOGNAME})";
Should be set to the default name of the desktop. This can be
changed at the command line with -desktop.
$geometry = "<width>x<height>";
This sets the framebuffer width & height to be used by the
Xtigervnc server. On default, 1920x1200 is used. A values for
this option as well as the $depth and $pixelformat options can
be derived if the tigervncserver(1) is run in a X session – ei-
ther $ENV{DISPLAY} or the session given by $getDefaultFrom –
with the -xdisplaydefaults option. The geometry can also be
changed at the commandline with the -geometry option. Otherwise,
the fixed defaults given here as well as in the following two
configuration parameter documentations will be used.
$depth = "32";
This sets the framebuffer color depth, i.e., the number of bits
per pixel to use. It must be either 16, 24, or 32.
$pixelformat = "rgb888";
Specifies the pixel format for the Xtigervnc(1) server to use
(BGRnnn or RGBnnn). The default for depth 16 is RGB565 (meaning
the most significant five bits represent red, the next six
green, and the least significant five represent blue) and for
depth 24 and 32 is RGB888.
$wmDecoration = "8x64";
Sets the adjustment of $geometry to accommodate the window deco-
ration used by the X11 window manager. This is used to fully
display the VNC desktop even if the VNC viewer is not in full
screen mode.
$getDefaultFrom
This option lets you set the display from which you can query
the default of the above three options, if you don't want to
start tigervncserver from within a running X server. It will be
added to the call of xdpyinfo. It is useful to get the default
from the X server you will run xtigervncviewer in, because the
data has not to be recalculated then.
$getDefaultFrom = "-display localhost:0"; is an example how to
do this.
$scrapingGeometry = "<width>x<height>+<xoffset>+<yoffset>";
is only used by the scraping TigerVNC server. It specifies the
screen area that will be shown to VNC clients, e.g.,
640x480+320+240. The format is <width>x<height>+<xoffset>+<yoff-
set>, where `+' signs can be replaced with `-' signs to specify
offsets from the right and/or from the bottom of the screen.
Offsets are optional, +0+0 is assumed by default (top left cor-
ner). If the variable is not defined, full screen is shown to
VNC clients (this is the default).
$localhost = "yes";
Should the TigerVNC server only listen on localhost for incoming
TigerVNC connections. This is useful if you use SSH and want to
stop non-SSH connections from any other hosts. Hence, $local-
host = "yes" is the default if security types are not specified.
In this case, only the security type VncAuth will be offered. If
the security types are specified, either via the option -Securi-
tyTypes given to tigervncserver(1) or via the $SecurityTypes
configuration parameter in /etc/tigervnc/vncserver-config-de-
faults or in $HOME/.vnc/tigervnc.conf, then the default depends
on the specified security types. The default will be $local-
host = "no" if the specified security types contain at least one
of the TLS* or X509* secutity types and also contain none of the
*None security types. As always, the defaults can be overwritten
on the commandline via the -localhost option or via the $local-
host configuration parameter in /etc/tigervnc/vncserver-config-
defaults or in $HOME/.vnc/tigervnc.conf.
$SecurityTypes = "VncAuth"
The $SecurityTypes parameter contains a comma separated list of
the default security types the Xtigervnc server will offer.
Available security types are None, VncAuth, Plain, TLSNone,
TLSVnc, TLSPlain, X509None, X509Vnc and X509Plain. The *None se-
curity types do not offer any kind of user authentication for
connecting VNC sessions. Hence, combining a *None security type
and $localhost = "no" is a very bad idea. The TLS* and X509* se-
curity types do enforce SSL encryption for data transmission.
Hence, combining a TLS* or X509* security type and $local-
host = "yes" is a senseless idea. Thus, in the case of $local-
host = "no", the default for $SecurityTypes will be extended
from VncAuth to VncAuth,TLSVnc.
$PlainUsers = "$ENV{LOGNAME}"
The $PlainUsers configuration parameter contains a comma sepa-
rated list of users that are authorized to access the VNC server
if the security types Plain, TLSPlain, or X509Plain are used to
establish the connection. The password for these users are check
by the system via the PAM service specified via the $PAMService
configuration variable or the -PAMService option. On default,
only the user starting the tigervncserver is contained in the
list. By specifying *, any user can authenticate using this se-
curity type.
$X509Cert and $X509Key
These two options contain the filenames for a certificate and
its key that is used for the security types X509None, X509Vnc,
and X509Plain. If nothing is specified – the default case – then
a self-signed certificate is auto-generated by tigervncserver(1)
and stored in $HOME/.vnc/${HOSTFQDN}-SrvCert.pem and
$HOME/.vnc/${HOSTFQDN}-SrvKey.pem, respectively. If filenames
are given for $X509Cert and $X509Key either here or on the com-
mandline via -X509Cert and -X509Key options, then the auto gen-
eration is disabled and the user has to take care that usable
certificates are present.
FILES
/etc/tigervnc/vncserver-config-defaults
The global configuration file specifying the defaults for
tigervncserver and x0tigervncserver.
~/.vnc/tigervnc.conf
The user's tigervnc.conf configuration file.
/etc/tigervnc/vncserver-config-mandatory
If this file exists and defines options, they will override any
of the same options defined in a user's tigervnc.conf file or
ones given on the command line of the wrapper scripts tigervnc-
server and x0tigervncserver. This file offers a mechanism to es-
tablish some basic form of system-wide policy.
WARNING! There is nothing stopping users from constructing their
own wrapper script that calls Xtigervnc or X0tigervnc directly
to bypass any options defined in the /etc/tigervnc/vncserver-
config-mandatory configuration file.
SEE ALSO
tigervncconfig(1), tigervncpasswd(1), tigervncserver(1), tigervncses-
sion(8), x0tigervncserver(1), Xtigervnc(1), X0tigervnc(1),
xtigervncviewer(1)
AUTHOR
2022 - Modified for TigerVNC 1.12.0 by Joachim Falk
(Joachim.Falk@gmx.de) 2021 - Modified for TigerVNC 1.11.0 by Joachim
Falk (Joachim.Falk@gmx.de) 2016 - Modified for TigerVNC 1.7 by Joachim
Falk (Joachim.Falk@gmx.de) 2006 - Modified for vnc 4.1.2 by Joachim
Falk (Joachim.Falk@gmx.de) 1998 - Originally written by Marcus
Brinkmann (Marcus.Brinkmann@ruhr-uni-bochum.de) for the Debian
GNU/Linux Distribution.
TigerVNC 1.12.0 Jan 13th, 2022 tigervnc.conf(5x)
Generated by dwww version 1.14 on Sat Jun 13 11:23:38 CEST 2026.