diff options
author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2016-07-05 13:25:17 +0200 |
---|---|---|
committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2016-07-05 13:28:01 +0200 |
commit | 7e18fdf6e9de19bd549ca5e28e45892a3fc2e3c2 (patch) | |
tree | a764e2b4f421e86af9c9c00e1a91bb0f64de2605 /nx-X11/programs/Xserver/Xserver.man | |
parent | ebb2026a7cb5295986397955c1661322fb13963d (diff) | |
download | nx-libs-7e18fdf6e9de19bd549ca5e28e45892a3fc2e3c2.tar.gz nx-libs-7e18fdf6e9de19bd549ca5e28e45892a3fc2e3c2.tar.bz2 nx-libs-7e18fdf6e9de19bd549ca5e28e45892a3fc2e3c2.zip |
Xserver.man: Drop original and old Xserver man page. Relevant parts have now been added to nxagent.1 man page.
Diffstat (limited to 'nx-X11/programs/Xserver/Xserver.man')
-rw-r--r-- | nx-X11/programs/Xserver/Xserver.man | 790 |
1 files changed, 0 insertions, 790 deletions
diff --git a/nx-X11/programs/Xserver/Xserver.man b/nx-X11/programs/Xserver/Xserver.man deleted file mode 100644 index bacfa4fc1..000000000 --- a/nx-X11/programs/Xserver/Xserver.man +++ /dev/null @@ -1,790 +0,0 @@ -.\" $Xorg: Xserver.man,v 1.4 2001/02/09 02:04:07 xorgcvs Exp $ -.\" Copyright 1984 - 1991, 1993, 1994, 1998 The Open Group -.\" -.\" Permission to use, copy, modify, distribute, and sell this software and its -.\" documentation for any purpose is hereby granted without fee, provided that -.\" the above copyright notice appear in all copies and that both that -.\" copyright notice and this permission notice appear in supporting -.\" documentation. -.\" -.\" The above copyright notice and this permission notice shall be included -.\" in all copies or substantial portions of the Software. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -.\" OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -.\" MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -.\" IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR -.\" OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -.\" ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -.\" OTHER DEALINGS IN THE SOFTWARE. -.\" -.\" Except as contained in this notice, the name of The Open Group shall -.\" not be used in advertising or otherwise to promote the sale, use or -.\" other dealings in this Software without prior written authorization -.\" from The Open Group. -.\" $XFree86: xc/programs/Xserver/Xserver.man,v 3.31 2004/01/10 22:27:46 dawes Exp $ -.\" shorthand for double quote that works everywhere. -.ds q \N'34' -.TH XSERVER 1 __xorgversion__ -.SH NAME -Xserver \- X Window System display server -.SH SYNOPSIS -.B X -[option ...] -.SH DESCRIPTION -.I X -is the generic name for the X Window System display server. It is -frequently a link or a copy of the appropriate server binary for -driving the most frequently used server on a given machine. -.SH "STARTING THE SERVER" -The X server is usually started from the X Display Manager program -\fIxdm\fP(1) or a similar display manager program. -This utility is run from the system boot files and takes care of keeping -the server running, prompting for usernames and passwords, and starting up -the user sessions. -.PP -Installations that run more than one window system may need to use the -\fIxinit\fP(1) utility instead of a display manager. However, \fIxinit\fP is -to be considered a tool for building startup scripts and is not -intended for use by end users. Site administrators are \fBstrongly\fP -urged to use a display manager, or build other interfaces for novice users. -.PP -The X server may also be started directly by the user, though this -method is usually reserved for testing and is not recommended for -normal operation. On some platforms, the user must have special -permission to start the X server, often because access to certain -devices (e.g. \fI/dev/mouse\fP) is restricted. -.PP -When the X server starts up, it typically takes over the display. If -you are running on a workstation whose console is the display, you may -not be able to log into the console while the server is running. -.SH OPTIONS -Many X servers have device-specific command line options. See the manual -pages for the individual servers for more details; a list of -server-specific manual pages is provided in the SEE ALSO section below. -.PP -All of the X servers accept the command line options described below. -Some X servers may have alternative ways of providing the parameters -described here, but the values provided via the command line options -should override values specified via other mechanisms. -.TP 8 -.B :\fIdisplaynumber\fP -The X server runs as the given \fIdisplaynumber\fP, which by default is 0. -If multiple X servers are to run simultaneously on a host, each must have -a unique display number. See the DISPLAY -NAMES section of the \fIX\fP(__miscmansuffix__) manual page to learn how to -specify which display number clients should try to use. -.TP 8 -.B \-a \fInumber\fP -sets pointer acceleration (i.e. the ratio of how much is reported to how much -the user actually moved the pointer). -.TP 8 -.B \-ac -disables host-based access control mechanisms. Enables access by any host, -and permits any host to modify the access control list. -Use with extreme caution. -This option exists primarily for running test suites remotely. -.TP 8 -.B \-audit \fIlevel\fP -sets the audit trail level. The default level is 1, meaning only connection -rejections are reported. Level 2 additionally reports all successful -connections and disconnects. Level 4 enables messages from the -SECURITY extension, if present, including generation and revocation of -authorizations and violations of the security policy. -Level 0 turns off the audit trail. -Audit lines are sent as standard error output. -.TP 8 -.B \-auth \fIauthorization-file\fP -specifies a file which contains a collection of authorization records used -to authenticate access. See also the \fIxdm\fP(1) and -\fIXsecurity\fP(__miscmansuffix__) manual pages. -.TP 8 -.B bc -disables certain kinds of error checking, for bug compatibility with -previous releases (e.g., to work around bugs in R2 and R3 xterms and toolkits). -Deprecated. -.TP 8 -.B \-bs -disables backing store support on all screens. -.TP 8 -.B \-br -sets the default root window to solid black instead of the standard root weave -pattern. -.TP 8 -.B \-c -turns off key-click. -.TP 8 -.B c \fIvolume\fP -sets key-click volume (allowable range: 0-100). -.TP 8 -.B \-cc \fIclass\fP -sets the visual class for the root window of color screens. -The class numbers are as specified in the X protocol. -Not obeyed by all servers. -.TP 8 -.B \-co \fIfilename\fP -sets name of RGB color database. The default is -.IR __projectroot__/lib/X11/rgb . -.ig -.TP 8 -.B \-config \fIfilename\fP -reads more options from the given file. Options in the file may be separated -by newlines if desired. If a '#' character appears on a line, all characters -between it and the next newline are ignored, providing a simple commenting -facility. The \fB\-config\fP option itself may appear in the file. -.BR NOTE : -This option is disabled when the Xserver is run with an effective uid -different from the user's real uid. -.. -.TP 8 -.B \-core -causes the server to generate a core dump on fatal errors. -.TP 8 -.B \-deferglyphs \fIwhichfonts\fP -specifies the types of fonts for which the server should attempt to use -deferred glyph loading. \fIwhichfonts\fP can be all (all fonts), -none (no fonts), or 16 (16 bit fonts only). -.TP 8 -.B \-dpi \fIresolution\fP -sets the resolution for all screens, in dots per inch. -To be used when the server cannot determine the screen size(s) from the -hardware. -.TP 8 -.B dpms -enables DPMS (display power management services), where supported. The -default state is platform and configuration specific. -.TP 8 -.B \-dpms -disables DPMS (display power management services). The default state -is platform and configuration specific. -.TP 8 -.B \-f \fIvolume\fP -sets feep (bell) volume (allowable range: 0-100). -.TP 8 -.B \-fc \fIcursorFont\fP -sets default cursor font. -.TP 8 -.B \-fn \fIfont\fP -sets the default font. -.TP 8 -.B \-fp \fIfontPath\fP -sets the search path for fonts. This path is a comma separated list -of directories which the X server searches for font databases. -See the FONTS section of this manual page for more information and the default -list. -.TP 8 -.B \-help -prints a usage message. -.TP 8 -.B \-I -causes all remaining command line arguments to be ignored. -.TP 8 -.B \-maxbigreqsize \fIsize\fP -sets the maxmium big request to -.I size -MB. -.TP 8 -.B \-nolisten \fItrans-type\fP -disables a transport type. For example, TCP/IP connections can be disabled -with -.BR "\-nolisten tcp" . -This option may be issued multiple times to disable listening to different -transport types. -.TP 8 -.B \-noreset -prevents a server reset when the last client connection is closed. This -overrides a previous -.B \-terminate -command line option. -.TP 8 -.B \-p \fIminutes\fP -sets screen-saver pattern cycle time in minutes. -.TP 8 -.B \-pn -permits the server to continue running if it fails to establish all of -its well-known sockets (connection points for clients), but -establishes at least one. This option is set by default. -.TP 8 -.B \-nopn -causes the server to exit if it fails to establish all of its well-known -sockets (connection points for clients). -.TP 8 -.B \-r -turns off auto-repeat. -.TP 8 -.B r -turns on auto-repeat. -.TP 8 -.B \-s \fIminutes\fP -sets screen-saver timeout time in minutes. -.TP 8 -.B \-su -disables save under support on all screens. -.TP 8 -.B \-t \fInumber\fP -sets pointer acceleration threshold in pixels (i.e. after how many pixels -pointer acceleration should take effect). -.TP 8 -.B \-terminate -causes the server to terminate at server reset, instead of continuing to run. -This overrides a previous -.B \-noreset -command line option. -.TP 8 -.B \-to \fIseconds\fP -sets default connection timeout in seconds. -.TP 8 -.B \-tst -disables all testing extensions (e.g., XTEST, XTrap, XTestExtension1, RECORD). -.TP 8 -.B tty\fIxx\fP -ignored, for servers started the ancient way (from init). -.TP 8 -.B v -sets video-off screen-saver preference. -.TP 8 -.B \-v -sets video-on screen-saver preference. -.TP 8 -.B \-wm -forces the default backing-store of all windows to be WhenMapped. This -is a backdoor way of getting backing-store to apply to all windows. -Although all mapped windows will have backing store, the backing store -attribute value reported by the server for a window will be the last -value established by a client. If it has never been set by a client, -the server will report the default value, NotUseful. This behavior is -required by the X protocol, which allows the server to exceed the -client's backing store expectations but does not provide a way to tell -the client that it is doing so. -.TP 8 -.B \-x \fIextension\fP -loads the specified extension at init. -This is a no-op for most implementations. -.TP 8 -.B [+-]xinerama -enables(+) or disables(-) the XINERAMA extension. The default state is -platform and configuration specific. -.SH SERVER DEPENDENT OPTIONS -Some X servers accept the following options: -.TP 8 -.B \-ld \fIkilobytes\fP -sets the data space limit of the server to the specified number of kilobytes. -A value of zero makes the data size as large as possible. The default value -of \-1 leaves the data space limit unchanged. -.TP 8 -.B \-lf \fIfiles\fP -sets the number-of-open-files limit of the server to the specified number. -A value of zero makes the limit as large as possible. The default value -of \-1 leaves the limit unchanged. -.TP 8 -.B \-ls \fIkilobytes\fP -sets the stack space limit of the server to the specified number of kilobytes. -A value of zero makes the stack size as large as possible. The default value -of \-1 leaves the stack space limit unchanged. -.TP 8 -.B \-logo -turns on the X Window System logo display in the screen-saver. -There is currently no way to change this from a client. -.TP 8 -.B nologo -turns off the X Window System logo display in the screen-saver. -There is currently no way to change this from a client. -.TP 8 -.B \-render -.BR default | mono | gray | color -sets the color allocation policy that will be used by the render extension. -.RS 8 -.TP 8 -.I default -selects the default policy defined for the display depth of the X -server. -.TP 8 -.I mono -don't use any color cell. -.TP 8 -.I gray -use a gray map of 13 color cells for the X render extension. -.TP 8 -.I color -use a color cube of at most 4*4*4 colors (that is 64 color cells). -.RE -.TP 8 -.B \-dumbSched -disables smart scheduling on platforms that support the smart scheduler. -.TP -.B \-schedInterval \fIinterval\fP -sets the smart scheduler's scheduling interval to -.I interval -milliseconds. -.SH XDMCP OPTIONS -X servers that support XDMCP have the following options. -See the \fIX Display Manager Control Protocol\fP specification for more -information. -.TP 8 -.B \-query \fIhostname\fP -enables XDMCP and sends Query packets to the specified -.IR hostname . -.TP 8 -.B \-broadcast -enable XDMCP and broadcasts BroadcastQuery packets to the network. The -first responding display manager will be chosen for the session. -.TP 8 -.B \-multicast [\fIaddress\fP [\fIhop count\fP]] -Enable XDMCP and multicast BroadcastQuery packets to the network. -The first responding display manager is chosen for the session. If an -address is specified, the multicast is sent to that address. If no -address is specified, the multicast is sent to the default XDMCP IPv6 -multicast group. If a hop count is specified, it is used as the maximum -hop count for the multicast. If no hop count is specified, the multicast -is set to a maximum of 1 hop, to prevent the multicast from being routed -beyond the local network. -.TP 8 -.B \-indirect \fIhostname\fP -enables XDMCP and send IndirectQuery packets to the specified -.IR hostname . -.TP 8 -.B \-port \fIport-number\fP -uses the specified \fIport-number\fP for XDMCP packets, instead of the -default. This option must be specified before any \-query, \-broadcast, -\-multicast, or \-indirect options. -.TP 8 -.B \-from \fIlocal-address\fP -specifies the local address to connect from (useful if the connecting host -has multiple network interfaces). The \fIlocal-address\fP may be expressed -in any form acceptable to the host platform's \fIgethostbyname\fP(3) -implementation. -.TP 8 -.B \-once -causes the server to terminate (rather than reset) when the XDMCP session -ends. -.TP 8 -.B \-class \fIdisplay-class\fP -XDMCP has an additional display qualifier used in resource lookup for -display-specific options. This option sets that value, by default it -is "MIT-Unspecified" (not a very useful value). -.TP 8 -.B \-cookie \fIxdm-auth-bits\fP -When testing XDM-AUTHENTICATION-1, a private key is shared between the -server and the manager. This option sets the value of that private -data (not that it is very private, being on the command line!). -.TP 8 -.B \-displayID \fIdisplay-id\fP -Yet another XDMCP specific value, this one allows the display manager to -identify each display so that it can locate the shared key. -.SH XKEYBOARD OPTIONS -X servers that support the XKEYBOARD (a.k.a. \*qXKB\*q) extension accept the -following options. All layout files specified on the command line must be -located in the XKB base directory or a subdirectory, and specified as the -relative path from the XKB base directory. The default XKB base directory is -.IR __projectroot__/lib/X11/xkb . -.TP 8 -.B [+-]kb -enables(+) or disables(-) the XKEYBOARD extension. -.TP 8 -.BR [+-]accessx " [ \fItimeout\fP [ \fItimeout_mask\fP [ \fIfeedback\fP [ \fIoptions_mask\fP ] ] ] ]" -enables(+) or disables(-) AccessX key sequences. -.TP 8 -.B \-xkbdir \fIdirectory\fP -base directory for keyboard layout files. This option is not available -for setuid X servers (i.e., when the X server's real and effective uids -are different). -.TP 8 -.B \-ar1 \fImilliseconds\fP -sets the autorepeat delay (length of time in milliseconds that a key must -be depressed before autorepeat starts). -.TP 8 -.B \-ar2 \fImilliseconds\fP -sets the autorepeat interval (length of time in milliseconds that should -elapse between autorepeat-generated keystrokes). -.TP 8 -.B \-noloadxkb -disables loading of an XKB keymap description on server startup. -.TP 8 -.B \-xkbdb \fIfilename\fP -uses \fIfilename\fP for default keyboard keymaps. -.TP 8 -.B \-xkbmap \fIfilename\fP -loads keyboard description in \fIfilename\fP on server startup. -.SH SECURITY EXTENSION OPTIONS -X servers that support the SECURITY extension accept the following option: -.TP 8 -.B \-sp \fIfilename\fP -causes the server to attempt to read and interpret filename as a security -policy file with the format described below. The file is read at server -startup and reread at each server reset. -.PP -The syntax of the security policy file is as follows. -Notation: "*" means zero or more occurrences of the preceding element, -and "+" means one or more occurrences. To interpret <foo/bar>, ignore -the text after the /; it is used to distinguish between instances of -<foo> in the next section. -.PP -.nf -<policy file> ::= <version line> <other line>* - -<version line> ::= <string/v> '\en' - -<other line > ::= <comment> | <access rule> | <site policy> | <blank line> - -<comment> ::= # <not newline>* '\en' - -<blank line> ::= <space> '\en' - -<site policy> ::= sitepolicy <string/sp> '\en' - -<access rule> ::= property <property/ar> <window> <perms> '\en' - -<property> ::= <string> - -<window> ::= any | root | <required property> - -<required property> ::= <property/rp> | <property with value> - -<property with value> ::= <property/rpv> = <string/rv> - -<perms> ::= [ <operation> | <action> | <space> ]* - -<operation> ::= r | w | d - -<action> ::= a | i | e - -<string> ::= <dbl quoted string> | <single quoted string> | <unqouted string> - -<dbl quoted string> ::= <space> " <not dqoute>* " <space> - -<single quoted string> ::= <space> ' <not squote>* ' <space> - -<unquoted string> ::= <space> <not space>+ <space> - -<space> ::= [ ' ' | '\et' ]* - -Character sets: - -<not newline> ::= any character except '\en' -<not dqoute> ::= any character except " -<not squote> ::= any character except ' -<not space> ::= any character except those in <space> -.fi -.PP -The semantics associated with the above syntax are as follows. -.PP -<version line>, the first line in the file, specifies the file format -version. If the server does not recognize the version <string/v>, it -ignores the rest of the file. The version string for the file format -described here is "version-1" . -.PP -Once past the <version line>, lines that do not match the above syntax -are ignored. -.PP -<comment> lines are ignored. -.PP -<sitepolicy> lines are currently ignored. They are intended to -specify the site policies used by the XC-QUERY-SECURITY-1 -authorization method. -.PP -<access rule> lines specify how the server should react to untrusted -client requests that affect the X Window property named <property/ar>. -The rest of this section describes the interpretation of an -<access rule>. -.PP -For an <access rule> to apply to a given instance of <property/ar>, -<property/ar> must be on a window that is in the set of windows -specified by <window>. If <window> is any, the rule applies to -<property/ar> on any window. If <window> is root, the rule applies to -<property/ar> only on root windows. -.PP -If <window> is <required property>, the following apply. If <required -property> is a <property/rp>, the rule applies when the window also -has that <property/rp>, regardless of its value. If <required -property> is a <property with value>, <property/rpv> must also have -the value specified by <string/rv>. In this case, the property must -have type STRING and format 8, and should contain one or more -null-terminated strings. If any of the strings match <string/rv>, the -rule applies. -.PP -The definition of string matching is simple case-sensitive string -comparison with one elaboration: the occurrence of the character '*' in -<string/rv> is a wildcard meaning "any string." A <string/rv> can -contain multiple wildcards anywhere in the string. For example, "x*" -matches strings that begin with x, "*x" matches strings that end with -x, "*x*" matches strings containing x, and "x*y*" matches strings that -start with x and subsequently contain y. -.PP -There may be multiple <access rule> lines for a given <property/ar>. -The rules are tested in the order that they appear in the file. The -first rule that applies is used. -.PP -<perms> specify operations that untrusted clients may attempt, and -the actions that the server should take in response to those operations. -.PP -<operation> can be r (read), w (write), or d (delete). The following -table shows how X Protocol property requests map to these operations -in The Open Group server implementation. -.PP -.nf -GetProperty r, or r and d if delete = True -ChangeProperty w -RotateProperties r and w -DeleteProperty d -ListProperties none, untrusted clients can always list all properties -.fi -.PP -<action> can be a (allow), i (ignore), or e (error). Allow means -execute the request as if it had been issued by a trusted client. -Ignore means treat the request as a no-op. In the case of -GetProperty, ignore means return an empty property value if the -property exists, regardless of its actual value. Error means do not -execute the request and return a BadAtom error with the atom set to -the property name. Error is the default action for all properties, -including those not listed in the security policy file. -.PP -An <action> applies to all <operation>s that follow it, until the next -<action> is encountered. Thus, irwad means ignore read and write, -allow delete. -.PP -GetProperty and RotateProperties may do multiple operations (r and d, -or r and w). If different actions apply to the operations, the most -severe action is applied to the whole request; there is no partial -request execution. The severity ordering is: allow < ignore < error. -Thus, if the <perms> for a property are ired (ignore read, error -delete), and an untrusted client attempts GetProperty on that property -with delete = True, an error is returned, but the property value is -not. Similarly, if any of the properties in a RotateProperties do not -allow both read and write, an error is returned without changing any -property values. -.PP -Here is an example security policy file. -.PP -.ta 3i 4i -.nf -version-1 - -XCOMM Allow reading of application resources, but not writing. -property RESOURCE_MANAGER root ar iw -property SCREEN_RESOURCES root ar iw - -XCOMM Ignore attempts to use cut buffers. Giving errors causes apps to crash, -XCOMM and allowing access may give away too much information. -property CUT_BUFFER0 root irw -property CUT_BUFFER1 root irw -property CUT_BUFFER2 root irw -property CUT_BUFFER3 root irw -property CUT_BUFFER4 root irw -property CUT_BUFFER5 root irw -property CUT_BUFFER6 root irw -property CUT_BUFFER7 root irw - -XCOMM If you are using Motif, you probably want these. -property _MOTIF_DEFAULT_BINDINGS root ar iw -property _MOTIF_DRAG_WINDOW root ar iw -property _MOTIF_DRAG_TARGETS any ar iw -property _MOTIF_DRAG_ATOMS any ar iw -property _MOTIF_DRAG_ATOM_PAIRS any ar iw - -XCOMM The next two rules let xwininfo -tree work when untrusted. -property WM_NAME any ar - -XCOMM Allow read of WM_CLASS, but only for windows with WM_NAME. -XCOMM This might be more restrictive than necessary, but demonstrates -XCOMM the <required property> facility, and is also an attempt to -XCOMM say "top level windows only." -property WM_CLASS WM_NAME ar - -XCOMM These next three let xlsclients work untrusted. Think carefully -XCOMM before including these; giving away the client machine name and command -XCOMM may be exposing too much. -property WM_STATE WM_NAME ar -property WM_CLIENT_MACHINE WM_NAME ar -property WM_COMMAND WM_NAME ar - -XCOMM To let untrusted clients use the standard colormaps created by -XCOMM xstdcmap, include these lines. -property RGB_DEFAULT_MAP root ar -property RGB_BEST_MAP root ar -property RGB_RED_MAP root ar -property RGB_GREEN_MAP root ar -property RGB_BLUE_MAP root ar -property RGB_GRAY_MAP root ar - -XCOMM To let untrusted clients use the color management database created -XCOMM by xcmsdb, include these lines. -property XDCCC_LINEAR_RGB_CORRECTION root ar -property XDCCC_LINEAR_RGB_MATRICES root ar -property XDCCC_GRAY_SCREENWHITEPOINT root ar -property XDCCC_GRAY_CORRECTION root ar - -XCOMM To let untrusted clients use the overlay visuals that many vendors -XCOMM support, include this line. -property SERVER_OVERLAY_VISUALS root ar - -XCOMM Dumb examples to show other capabilities. - -XCOMM oddball property names and explicit specification of error conditions -property "property with spaces" 'property with "' aw er ed - -XCOMM Allow deletion of Woo-Hoo if window also has property OhBoy with value -XCOMM ending in "son". Reads and writes will cause an error. -property Woo-Hoo OhBoy = "*son" ad - -.fi -.SH "NETWORK CONNECTIONS" -The X server supports client connections via a platform-dependent subset of -the following transport types: TCP\/IP, Unix Domain sockets, DECnet, -and several varieties of SVR4 local connections. See the DISPLAY -NAMES section of the \fIX\fP(__miscmansuffix__) manual page to learn how to -specify which transport type clients should try to use. -.SH GRANTING ACCESS -The X server implements a platform-dependent subset of the following -authorization protocols: MIT-MAGIC-COOKIE-1, XDM-AUTHORIZATION-1, -XDM-AUTHORIZATION-2, SUN-DES-1, and MIT-KERBEROS-5. See the -\fIXsecurity\fP(__miscmansuffix__) manual page for information on the -operation of these protocols. -.PP -Authorization data required by the above protocols is passed to the -server in a private file named with the \fB\-auth\fP command line -option. Each time the server is about to accept the first connection -after a reset (or when the server is starting), it reads this file. -If this file contains any authorization records, the local host is not -automatically allowed access to the server, and only clients which -send one of the authorization records contained in the file in the -connection setup information will be allowed access. See the -\fIXau\fP manual page for a description of the binary format of this -file. See \fIxauth\fP(1) for maintenance of this file, and distribution -of its contents to remote hosts. -.PP -The X server also uses a host-based access control list for deciding -whether or not to accept connections from clients on a particular machine. -If no other authorization mechanism is being used, -this list initially consists of the host on which the server is running as -well as any machines listed in the file \fI/etc/X\fBn\fI.hosts\fR, where -\fBn\fP is the display number of the server. Each line of the file should -contain either an Internet hostname (e.g. expo.lcs.mit.edu) or a DECnet -hostname in double colon format (e.g. hydra::) or a complete name in the format -\fIfamily\fP:\fIname\fP as described in the \fIxhost\fP(1) manual page. -There should be no leading or trailing spaces on any lines. For example: -.sp -.in +8 -.nf -joesworkstation -corporate.company.com -star:: -inet:bigcpu -local: -.fi -.in -8 -.PP -Users can add or remove hosts from this list and enable or disable access -control using the \fIxhost\fP command from the same machine as the server. -.PP -If the X FireWall Proxy (\fIxfwp\fP) is being used without a sitepolicy, -host-based authorization must be turned on for clients to be able to -connect to the X server via the \fIxfwp\fP. If \fIxfwp\fP is run without -a configuration file and thus no sitepolicy is defined, if \fIxfwp\fP -is using an X server where xhost + has been run to turn off host-based -authorization checks, when a client tries to connect to this X server -via \fIxfwp\fP, the X server will deny the connection. See \fIxfwp\fP(1) -for more information about this proxy. -.PP -The X protocol intrinsically does not have any notion of window operation -permissions or place any restrictions on what a client can do; if a program can -connect to a display, it has full run of the screen. -X servers that support the SECURITY extension fare better because clients -can be designated untrusted via the authorization they use to connect; see -the \fIxauth\fP(1) manual page for details. Restrictions are imposed -on untrusted clients that curtail the mischief they can do. See the SECURITY -extension specification for a complete list of these restrictions. -.PP -Sites that have better -authentication and authorization systems might wish to make -use of the hooks in the libraries and the server to provide additional -security models. -.SH SIGNALS -The X server attaches special meaning to the following signals: -.TP 8 -.I SIGHUP -This signal causes the server to close all existing connections, free all -resources, and restore all defaults. It is sent by the display manager -whenever the main user's main application (usually an \fIxterm\fP or window -manager) exits to force the server to clean up and prepare for the next -user. -.TP 8 -.I SIGTERM -This signal causes the server to exit cleanly. -.TP 8 -.I SIGUSR1 -This signal is used quite differently from either of the above. When the -server starts, it checks to see if it has inherited SIGUSR1 as SIG_IGN -instead of the usual SIG_DFL. In this case, the server sends a SIGUSR1 to -its parent process after it has set up the various connection schemes. -\fIXdm\fP uses this feature to recognize when connecting to the server -is possible. -.SH FONTS -The X server -can obtain fonts from directories and/or from font servers. -The list of directories and font servers -the X server uses when trying to open a font is controlled -by the \fIfont path\fP. -.LP -The default font path is -__default_font_path__ . -.LP -The font path can be set with the \fB\-fp\fP option or by \fIxset\fP(1) -after the server has started. -.SH FILES -.TP 30 -.I /etc/X\fBn\fP.hosts -Initial access control list for display number \fBn\fP -.TP 30 -.IR __projectroot__/lib/X11/fonts/misc , __projectroot__/lib/X11/fonts/75dpi , __projectroot__/lib/X11/fonts/100dpi -Bitmap font directories -.TP 30 -.IR __projectroot__/lib/X11/fonts/TTF , __projectroot__/lib/X11/fonts/Type1 -Outline font directories -.TP 30 -.I __projectroot__/lib/X11/rgb.txt -Color database -.TP 30 -.I /tmp/.X11-unix/X\fBn\fP -Unix domain socket for display number \fBn\fP -.TP 30 -.IR /tmp/rcX\fBn\fP -Kerberos 5 replay cache for display number \fBn\fP -.TP 30 -.I /usr/adm/X\fBn\fPmsgs -Error log file for display number \fBn\fP if run from \fIinit\fP(__adminmansuffix__) -.TP 30 -.I __projectroot__/lib/X11/xdm/xdm-errors -Default error log file if the server is run from \fIxdm\fP(1) -.SH "SEE ALSO" -General information: \fIX\fP(__miscmansuffix__) -.PP -Protocols: -.I "X Window System Protocol," -.I "The X Font Service Protocol," -.I "X Display Manager Control Protocol" -.PP -Fonts: \fIbdftopcf\fP(1), \fImkfontdir\fP(1), \fImkfontscale\fP(1), -\fIxfs\fP(1), \fIxlsfonts\fP(1), \fIxfontsel\fP(1), \fIxfd\fP(1), -.I "X Logical Font Description Conventions" -.PP -Security: \fIXsecurity\fP(__miscmansuffix__), \fIxauth\fP(1), \fIXau\fP(1), -\fIxdm\fP(1), \fIxhost\fP(1), \fIxfwp\fP(1), -.I "Security Extension Specification" -.PP -Starting the server: \fIxdm\fP(1), \fIxinit\fP(1) -.PP -Controlling the server once started: \fIxset\fP(1), \fIxsetroot\fP(1), -\fIxhost\fP(1) -.PP -Server-specific man pages: -\fIXdec\fP(1), \fIXmacII\fP(1), \fIXsun\fP(1), \fIXnest\fP(1), -\fIXvfb\fP(1), \fIXFree86\fP(1), \fIXDarwin\fP(1). -.PP -Server internal documentation: -.I "Definition of the Porting Layer for the X v11 Sample Server" -.SH AUTHORS -The sample server was originally written by Susan Angebranndt, Raymond -Drewry, Philip Karlton, and Todd Newman, from Digital Equipment -Corporation, with support from a large cast. It has since been -extensively rewritten by Keith Packard and Bob Scheifler, from MIT. -Dave Wiggins took over post-R5 and made substantial improvements. |