New instructions for individual vncserver sessions
This document (000021364) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Desktop 15 SP5
Situation
"vncserver" is now provided as a systemd service. The following instructions should be used for configuring individual remote access to a users desktop.
Resolution
Note: The following documentation is taken directly from the TigerVNC project with a few modifications for clarity when configured for SUSE Linux Enterprise products. The original documentation can be found here:
https://github.com/TigerVNC/tigervnc/blob/master/unix/vncserver/HOWTO.md
Changes in recent TigerVNC versions
Previous TigerVNC versions had a wrapper script called vncserver. This script could be run as a user manually to start Xvnc process. The usage was quite simple as you just run:$ vncserver :<display-number> [vncserver options] [Xvnc options]
and that was it. It worked fine for some cases, but far from all. There were issues when users wanted to use it in combination with systemd. Therefore, the implementation had to be changed to comply with SELinux and systemd rules.
How to start TigerVNC server
Add a user mapping
With this you can map a user to a particular port. The mapping should be done in /etc/tigervnc/vncserver.users configuration file. It should be pretty straightforward. Once you open the file you will see there are some examples, but basically the mapping is in form:
:<display-number>=userFor example you can have:1=testuser :2=vncuser Be sure to use a different display number for each user. The associated port number for the connection is automatically assigned based on the display number plus 5900. For example, testuser will be assigned 5901 and vncuser will be assigned 5902. Note: The YaST configuration for "Remote Administration (VNC)" will use :1 (port 5901) as the default display/port for remote access. If this option is enabled in YaST, do not use the same display/port here in this configuration or there will be a conflict. Start with :2 or higher.
Configure Xvnc options
To configure Xvnc parameters, you need to go to the same directory where you did the user mapping (/etc/tigervnc/) and open vncserver-config-defaults configuration file. This file is for the default Xvnc configuration and will be applied to every user unless any of the following applies:
- The user has its own configuration in
$HOME/.vnc/config. - The same option with different value is configured in
vncserver-config-mandatoryconfiguration file, which replaces the default configuration and has even a higher priority than the per-user configuration. This option is for system administrators when they want to force particular Xvnc options.
Format of the configuration file is also quite simple as the configuration is in form of:option=valueoption
The following examples are included in /etc/tigervnc/vncserver-config-defaults but are commented out. Just remove the # to enable the option:# session=gnome# securitytypes=vncauth,tlsvnc# geometry=2000x1200# localhost (Note: do not use for standard setup! Will reject all connections not from "localhost")# alwaysshared
See the following manpage for more details: Xvnc(1).
Note:
session=gnomeThis should match the name of a session desktop file from
/usr/share/xsessions directory. If you don't specify the session, TigerVNC will try to use the first one it finds, which may or may not work correctly.Set VNC password
You need to set a password for each user in order to be able to start the TigerVNC server. In order to create a password, you just run:$ vncpasswd
You need to run it as the user who will run the server.
Note:
If you used TigerVNC before with your user and you already created a password, then you have to make sure the $HOME/.vnc folder created by vncpasswd have the correct SELinux context. You either can delete this folder and recreate it again by creating the password one more time, or alternatively you can run:# restorecon -RFv /home/<USER>/.vnc
Start the TigerVNC server
Finally you can start the server for each user identified in the vncserver.users file by using the systemd service. To do so just run as root:# systemctl start vncserver@:<display-number>
Or as a normal user using sudo:
$ sudo systemctl start vncserver@:<display-number>Be sure to replace <display-number> with the actual display number assigned to the user you are starting the service for. For example, if I want to start the service for "testuser" from above, I would run as root:# systemctl start vncserver@:1This starts a TigerVNC server for usertestuser, but it will not survive a reboot. To make it permanent, enable it with the command:# systemctl enable vncserver@:1 Repeat the above steps for all users that need access.Note: If you previously used TigerVNC and you were used to start it by using systemd, then you might need to remove previous systemd configuration files placed in/etc/systemd/system/vncserver@.service, in order to avoid them being prioritized by the new systemd service files from latest TigerVNC.
Limitations
You will not be able to start a TigerVNC server for a user who is already logged into a graphical session. Avoid running the server as the root user as it's not a safe thing to do. While running the server as the root should work in general, it's not recommended to do so and there might be some things which are not working properly.
Additional Information
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000021364
- Creation Date: 20-Feb-2024
- Modified Date:13-Jun-2024
-
- SUSE Linux Enterprise Desktop
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server for SAP Applications
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
