XSERVER(1) XSERVER(1) NAME Xserver - X Window System display server SYNOPSIS X [option ...] DESCRIPTION X is the generic name for the X Window System display - server. It is frequently a link or a copy of the appro­ priate server binary for driving the most frequently used server on a given machine. STARTING THE SERVER The X server is usually started from the X Display Manager program xdm(1). This utility is run from the system boot ------ files and takes care of keeping the server running, prompting for usernames and passwords, and starting up the user sessions. Installations that run more than one window system may need to use the xinit(1) utility instead of xdm. However, -------- --- xinit is to be considered a tool for building startup ----- scripts and is not intended for use by end users. Site administrators are strongly urged to use xdm, or build --- other interfaces for novice users. The X server may also be started directly by the user, though this method is usually reserved for testing and is not recommended for normal operation. On some platforms, the user must have special permission to start the X server, often because access to certain devices (e.g. /dev/mouse) is restricted. When the X server starts up, it typically takes over the display. If you are running on a workstation whose con­ sole is the display, you may not be able to log into the console while the server is running. OPTIONS All of the X servers accept the following command line options: :displaynumber ------------- the X server runs as the given displaynumber, ------------- which by default is 0. If multiple X servers are to run simultaneously on a host, each must have a unique display number. See the DISPLAY NAMES sec­ tion of the X(1) manual page to learn how to spec­ ---- ify which display number clients should try to use. -a number ------ sets pointer acceleration (i.e. the ratio of how much is reported to how much the user actually X Version 11 Release 6.3 1 XSERVER(1) XSERVER(1) moved the pointer). -ac disables host-based access control mechanisms. Enables access by any host, and permits any host to modify the access control list. Use with extreme caution. This option exists primarily for running test suites remotely. -audit level ----- Sets the audit trail level. The default level is 1, meaning only connection rejections are reported. Level 2 additionally reports all suc­ cessful connections and disconnects. Level 4 enables messages from the SECURITY extension, if present, including generation and revocation of authorizations and violations of the security pol­ icy. Level 0 turns off the audit trail. Audit lines are sent as standard error output. -auth authorization-file ------------------ Specifies a file which contains a collection of authorization records used to authenticate access. See also the xdm and Xsecurity manual pages. --- --------- bc disables certain kinds of error checking, for bug compatibility with previous releases (e.g., to work around bugs in R2 and R3 xterms and toolk­ its). Deprecated. -bs disables backing store support on all screens. -c turns off key-click. c volume ------ sets key-click volume (allowable range: 0-100). -cc class ----- sets the visual class for the root window of color screens. The class numbers are as specified in the X protocol. Not obeyed by all servers. -co filename -------- sets name of RGB color database. The default is /lib/X11/rgb, where refers to the root of the X11 install tree. -core causes the server to generate a core dump on fatal errors. -dpi resolution ---------- sets the resolution of the screen, in dots per inch. To be used when the server cannot determine the screen size from the hardware. X Version 11 Release 6.3 2 XSERVER(1) XSERVER(1) dpms Enable DPMS (when supported). -dpms Disable DPMS. -deferglyphs whichfonts ---------- specifies the types of fonts for which the server should attempt to use deferred glyph loading. whichfonts can be all (all fonts), none (no ---------- fonts), or 16 (16 bit fonts only). -f volume ------ sets feep (bell) volume (allowable range: 0-100). -fc cursorFont ---------- sets default cursor font. -fn font ---- sets the default font. -fp fontPath -------- sets the search path for fonts. This path is a comma separated list of directories which the X server searches for font databases. -help prints a usage message. -I causes all remaining command line arguments to be ignored. -kb disables the XKEYBOARD extension if present. -nolisten trans-type ---------- Disable a transport type. For example, TCP/IP connections can be disabled with -nolisten tcp -nolock Disable the use of an X server lock file. -p minutes ------- sets screen-saver pattern cycle time in minutes. -pn permits the server to continue running if it fails to establish all of its well-known sockets (con­ nection points for clients), but establishes at least one. -r turns off auto-repeat. r turns on auto-repeat. -s minutes ------- sets screen-saver timeout time in minutes. -su disables save under support on all screens. X Version 11 Release 6.3 3 XSERVER(1) XSERVER(1) -t number ------ sets pointer acceleration threshold in pixels (i.e. after how many pixels pointer acceleration should take effect). -terminate causes the server to terminate at server reset, instead of continuing to run. -to seconds ------- sets default connection timeout in seconds. -tst disables all testing extensions (e.g., XTEST, XTrap, XTestExtension1, RECORD). ttyxx ignored, for servers started the ancient way (from -- init). v sets video-off screen-saver preference. -v sets video-on screen-saver preference. -wm forces the default backing-store of all windows to be WhenMapped. This is a backdoor way of getting backing-store to apply to all windows. Although all mapped windows will have backing store, the backing store attribute value reported by the server for a window will be the last value estab­ lished by a client. If it has never been set by a client, the server will report the default value, NotUseful. This behavior is required by the X protocol, which allows the server to exceed the client's backing store expectations but does not provide a way to tell the client that it is doing so. -x extension --------- loads the specified extension at init. This is a no-op for most implementations. SERVER DEPENDENT OPTIONS Some X servers accept the following options: -ld kilobytes --------- sets the data space limit of the server to the specified number of kilobytes. A value of zero makes the data size as large as possible. The default value of -1 leaves the data space limit unchanged. -lf files ----- sets the number-of-open-files limit of the server to the specified number. A value of zero makes the limit as large as possible. The default value X Version 11 Release 6.3 4 XSERVER(1) XSERVER(1) of -1 leaves the limit unchanged. -ls kilobytes --------- sets the stack space limit of the server to the specified number of kilobytes. A value of zero makes the stack size as large as possible. The default value of -1 leaves the stack space limit unchanged. -logo turns on the X Window System logo display in the screen-saver. There is currently no way to change this from a client. nologo turns off the X Window System logo display in the screen-saver. There is currently no way to change this from a client. XDMCP OPTIONS X servers that support XDMCP have the following options. See the X Display Manager Control Protocol specification - ------- ------- ------- -------- for more information. -query host-name --------- Enable XDMCP and send Query packets to the speci­ fied host. -broadcast Enable XDMCP and broadcast BroadcastQuery packets to the network. The first responding display man­ ager will be chosen for the session. -indirect host-name --------- Enable XDMCP and send IndirectQuery packets to the specified host. -port port-num -------- Use an alternate port number for XDMCP packets. Must be specified before any -query, -broadcast or -indirect options. -class display-class ------------- XDMCP has an additional display qualifier used in resource lookup for display-specific options. This option sets that value, by default it is "MIT-Unspecified" (not a very useful value). -cookie xdm-auth-bits ------------- When testing XDM-AUTHENTICATION-1, a private key is shared between the server and the manager. This option sets the value of that private data (not that it is very private, being on the command line!). X Version 11 Release 6.3 5 XSERVER(1) XSERVER(1) -displayID display-id ---------- Yet another XDMCP specific value, this one allows the display manager to identify each display so that it can locate the shared key. XKEYBOARD OPTIONS X servers that support the XKEYBOARD extension accept the following options: -xkbmap filename -------- keyboard description to load on startup [+-]accessx enable(+) or disable(-) AccessX key sequences -ar1 milliseconds ------------ sets the length of time in milliseconds that a key must be depressed before autorepeat starts -ar2 milliseconds ------------ sets the length of time in milliseconds that should elapse between autorepeat-generated keystrokes Many servers also have device-specific command line options. See the manual pages for the individual servers for more details. SECURITY EXTENSION OPTIONS X servers that support the SECURITY extension accept the following option: -sp filename -------- causes the server to attempt to read and interpret filename as a security policy file with the format described below. The file is read at server startup and reread at each server reset. The syntax of the security policy file is as follows. Notation: "*" means zero or more occurrences of the pre­ ceding element, and "+" means one or more occurrences. To interpret , ignore the text after the /; it is used to distinguish between instances of in the next section. ::= * ::= '\n' ::= | | | ::= # * '\n' ::= '\n' X Version 11 Release 6.3 6 XSERVER(1) XSERVER(1) ::= sitepolicy '\n' ::= property '\n' ::= ::= any | root | ::= | ::= = ::= [ | | ]* ::= r | w | d ::= a | i | e ::= | | ::= " * " ::= ' * ' ::= + ::= [ ' ' | '\t' ]* Character sets: ::= any character except '\n' ::= any character except " ::= any character except ' ::= any character except those in The semantics associated with the above syntax are as fol­ lows. , the first line in the file, specifies the file format version. If the server does not recognize the version , it ignores the rest of the file. The version string for the file format described here is "ver­ sion-1" . Once past the , lines that do not match the above syntax are ignored. lines are ignored. lines are currently ignored. They are intended to specify the site policies used by the XC- QUERY-SECURITY-1 authorization method. lines specify how the server should react to X Version 11 Release 6.3 7 XSERVER(1) XSERVER(1) untrusted client requests that affect the X Window prop­ erty named . The rest of this section describes the interpretation of an . For an to apply to a given instance of , must be on a window that is in the set of windows specified by . If is any, the rule applies to on any window. If is root, the rule applies to only on root windows. If is , the following apply. If is a , the rule applies when the window also has that , regardless of its value. If is a , must also have the value specified by . In this case, the prop­ erty must have type STRING and format 8, and should con­ tain one or more null-terminated strings. If any of the strings match , the rule applies. The definition of string matching is simple case-sensitive string comparison with one elaboration: the occurence of the character '*' in is a wildcard meaning "any string." A can contain multiple wild­ cards anywhere in the string. For example, "x*" matches strings that begin with x, "*x" matches strings that end with x, "*x*" matches strings containing x, and "x*y*" matches strings that start with x and subsequently contain y. There may be multiple lines for a given . The rules are tested in the order that they appear in the file. The first rule that applies is used. specify operations that untrusted clients may attempt, and the actions that the server should take in response to those operations. can be r (read), w (write), or d (delete). The following table shows how X Protocol property requests map to these operations in the X Consortium server imple­ mentation. GetProperty r, or r and d if delete = True ChangeProperty w RotateProperties r and w DeleteProperty d ListProperties none, untrusted clients can always list all properties can be a (allow), i (ignore), or e (error). Allow means execute the request as if it had been issued by a trusted client. Ignore means treat the request as a X Version 11 Release 6.3 8 XSERVER(1) XSERVER(1) no-op. In the case of GetProperty, ignore means return an empty property value if the property exists, regardless of its actual value. Error means do not execute the request and return a BadAtom error with the atom set to the prop­ erty name. Error is the default action for all proper­ ties, including those not listed in the security policy file. An applies to all s that follow it, until the next is encountered. Thus, irwad means ignore read and write, allow delete. GetProperty and RotateProperties may do multiple opera­ tions (r and d, or r and w). If different actions apply to the operations, the most severe action is applied to the whole request; there is no partial request execution. The severity ordering is: allow < ignore < error. Thus, if the for a property are ired (ignore read, error delete), and an untrusted client attempts GetProperty on that property with delete = True, an error is returned, but the property value is not. Similarly, if any of the properties in a RotateProperties do not allow both read and write, an error is returned without changing any prop­ erty values. Here is an example security policy file. version-1 # Allow reading of application resources, but not writing. property RESOURCE MANAGER root ar iw - property SCREEN RESOURCES root ar iw - # Ignore attempts to use cut buffers. Giving errors causes apps to crash, # and allowing access may give away too much information. property CUT BUFFER0 root irw - property CUT BUFFER1 root irw - property CUT BUFFER2 root irw - property CUT BUFFER3 root irw - property CUT BUFFER4 root irw - property CUT BUFFER5 root irw - property CUT BUFFER6 root irw - property CUT BUFFER7 root irw - # If you are using Motif, you probably want these. property MOTIF DEFAULT BINDINGS rootar iw - - - property MOTIF DRAG WINDOW root ar iw - - - property MOTIF DRAG TARGETS any ar iw - - - property MOTIF DRAG ATOMS any ar iw - - - property MOTIF DRAG ATOM PAIRS any ar iw - - - - # The next two rules let xwininfo -tree work when untrusted. property WM NAME any ar - X Version 11 Release 6.3 9 XSERVER(1) XSERVER(1) # Allow read of WM CLASS, but only for windows with WM NAME. - - # This might be more restrictive than necessary, but demonstrates # the facility, and is also an attempt to # say "top level windows only." property WM CLASS WM NAME ar - - # These next three let xlsclients work untrusted. Think carefully # before including these; giving away the client machine name and command # may be exposing too much. property WM STATE WM NAME ar - - property WM CLIENT MACHINE WM NAME ar - - - property WM COMMAND WM NAME ar - - # To let untrusted clients use the standard colormaps created by # xstdcmap, include these lines. property RGB DEFAULT MAP root ar - - property RGB BEST MAP root ar - - property RGB RED MAP root ar - - property RGB GREEN MAP root ar - - property RGB BLUE MAP root ar - - property RGB GRAY MAP root ar - - # To let untrusted clients use the color management database created # by xcmsdb, include these lines. property XDCCC LINEAR RGB CORRECTION rootar - - - property XDCCC LINEAR RGB MATRICES rootar - - - property XDCCC GRAY SCREENWHITEPOINT rootar - - property XDCCC GRAY CORRECTION rootar - - # To let untrusted clients use the overlay visuals that many vendors # support, include this line. property SERVER OVERLAY VISUALS rootar - - # Dumb examples to show other capabilities. # oddball property names and explicit specification of error conditions property "property with spaces" 'property with "'aw er ed # Allow deletion of Woo-Hoo if window also has property OhBoy with value # ending in "son". Reads and writes will cause an error. property Woo-Hoo OhBoy = "*son"ad NETWORK CONNECTIONS The X server supports client connections via a platform- dependent subset of the following transport types: TCPIP, Unix Domain sockets, DECnet, and several varieties of SVR4 local connections. See the DISPLAY NAMES section of the X(1) manual page to learn how to specify which transport ---- type clients should try to use. GRANTING ACCESS The X server implements a platform-dependent subset of the following authorization protocols: MIT-MAGIC-COOKIE-1, X Version 11 Release 6.3 10 XSERVER(1) XSERVER(1) XDM-AUTHORIZATION-1, SUN-DES-1, and MIT-KERBEROS-5. See the Xsecurity(1) manual page for information on the opera­ ------------ tion of these protocols. Authorization data required by the above protocols is passed to the server in a private file named with the -auth command line option. Each time the server is about to accept the first connection after a reset (or when the server is starting), it reads this file. If this file contains any authorization records, the local host is not automatically allowed access to the server, and only clients which send one of the authorization records con­ tained in the file in the connection setup information will be allowed access. See the Xau manual page for a --- description of the binary format of this file. See xauth(1) for maintenance of this file, and distribution of -------- its contents to remote hosts. The X server also uses a host-based access control list for deciding whether or not to accept connections from clients on a particular machine. If no other authoriza­ tion mechanism is being used, this list initially consists of the host on which the server is running as well as any machines listed in the file /etc/Xn.hosts, where n is the ------ ------ display number of the server. Each line of the file should contain either an Internet hostname (e.g. expo.lcs.mit.edu) or a DECnet hostname in double colon format (e.g. hydra::). There should be no leading or trailing spaces on any lines. For example: joesworkstation corporate.company.com star:: bigcpu:: Users can add or remove hosts from this list and enable or disable access control using the xhost command from the ----- same machine as the server. The X protocol intrinsically does not have any notion of window operation permissions or place any restrictions on what a client can do; if a program can connect to a dis­ play, it has full run of the screen. X servers that sup­ port the SECURITY extension fare better because clients can be designated untrusted via the authorization they use to connect; see the xauth(1) manual page for details. -------- Restrictions are imposed on untrusted clients that curtail the mischief they can do. See the SECURITY extension specification for a complete list of these restrictions. Sites that have better authentication and authorization systems might wish to make use of the hooks in the libraries and the server to provide additional security models. X Version 11 Release 6.3 11 XSERVER(1) XSERVER(1) SIGNALS The X server attaches special meaning to the following signals: SIGHUP This signal causes the server to close all exist­ ------ ing connections, free all resources, and restore all defaults. It is sent by the display manager whenever the main user's main application (usually an xterm or window manager) exits to force the ----- server to clean up and prepare for the next user. SIGTERM This signal causes the server to exit cleanly. ------- SIGUSR1 This signal is used quite differently from either ------- of the above. When the server starts, it checks to see if it has inherited SIGUSR1 as SIG IGN - instead of the usual SIG DFL. In this case, the - server sends a SIGUSR1 to its parent process after it has set up the various connection schemes. Xdm --- uses this feature to recognize when connecting to the server is possible. FONTS The X server can obtain fonts from directories and/or from font servers. The list of directories and font servers the X server uses when trying to open a font is controlled by the font path. ---- ---- The default font path is "/lib/X11/fonts/misc/, /lib/X11/fonts/Speedo/, /lib/X11/fonts/Type1/, /lib/X11/fonts/75dpi/, /lib/X11/fonts/100dpi/" . where refers to the root of the X11 install tree. The font path can be set with the -fp option or by xset(1) ------- after the server has started. FILES /etc/Xn.hosts Initial access control list for display number n /lib/X11/fonts/misc, /lib/X11/fonts/75dpi, /lib/X11/fonts/100dpi Bitmap font directories /lib/X11/fonts/Speedo, /lib/X11/fonts/Type1 Outline font directories /lib/X11/fonts/PEX PEX font directories /lib/X11/rgb.txt Color database X Version 11 Release 6.3 12 XSERVER(1) XSERVER(1) /tmp/.X11-unix/Xn Unix domain socket for dis­ play number n /tmp/rcXn Kerberos 5 replay cache for display number n /usr/adm/Xnmsgs Error log file for display number n if run from init(8) ------- /lib/X11/xdm/xdm-errors Default error log file if the server is run from xdm(1) ------ Note: refers to the root of the X11 install tree. SEE ALSO General information: X(1) Protocols: X Window System Protocol, The X Font Service - ------ ------ --------- --- - ---- ------- Protocol, X Display Manager Control Protocol --------- - ------- ------- ------- -------- Fonts: bdftopcf(1), mkfontdir(1), xfs(1), xlsfonts(1), xfontsel(1), xfd(1), X Logical Font Description Conven­ - ------- ---- ----------- ------- tions ----- Security: Xsecurity(1), xauth(1), Xau(1), xdm(1), xhost(1), Security Extension Specification -------- --------- ------------- Starting the server: xdm(1), xinit(1) Controlling the server once started: xset(1), xsetroot(1), xhost(1) Server-specific man pages: Xdec(1), XmacII(1), Xsun(1), Xnest(1), Xvfb(1), XF86 Accel(1), XF86 Mono(1), - - XF86 SVGA(1), XF86 VGA16(1), XFree86(1) - - Server internal documentation: Definition of the Porting ---------- -- --- ------- Layer for the X v11 Sample Server ----- --- --- - --- ------ ------ AUTHORS The sample server was originally written by Susan Ange­ branndt, Raymond Drewry, Philip Karlton, and Todd Newman, from Digital Equipment Corporation, with support from a large cast. It has since been extensively rewritten by Keith Packard and Bob Scheifler, from MIT. Dave Wiggins took over post-R5 and made substantial improvements. X Version 11 Release 6.3 13