Unix/Linux Go Back    

RedHat 9 (Linux i386) - man page for xserver (redhat section 1)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

XSERVER(1)									       XSERVER(1)

       Xserver - X Window System display server

       X [option ...]

       X  is the generic name for the X Window System display server.  It is frequently a link or
       a copy of the appropriate server binary for driving the most frequently used server  on	a
       given machine.

       The  X  server is usually started from the X Display Manager program xdm(1).  This utility
       is run from the system boot files and takes care of keeping the server running,	prompting
       for usernames and passwords, and starting up the user sessions.

       Installations  that  run  more than one window system may need to use the xinit(1) utility
       instead of xdm.	However, xinit is to be considered a tool for  building  startup  scripts
       and  is	not intended for use by end users.  Site administrators are strongly urged to use
       xdm, or build other interfaces for novice users.

       The X server may also be started directly by the  user,	though	this  method  is  usually
       reserved  for testing and is not recommended for normal operation.  On some platforms, the
       user must have special permission to start the X server, often because access  to  certain
       devices (e.g. /dev/mouse) is restricted.

       When the X server starts up, it typically takes over the display.  If you are running on a
       workstation whose console is the display, you may not be able  to  log  into  the  console
       while the server is running.

       Many  X	servers  have device-specific command line options.  See the manual pages for the
       individual servers for more details; a list of server-specific manual pages is provided in
       the SEE ALSO section below.

       All of the X servers accept the following command line options:

	       The  X server runs as the given displaynumber, which by default is 0.  If multiple
	       X servers are to run simultaneously on a host, each must  have  a  unique  display
	       number.	 See  the  DISPLAY NAMES section of the X(7x) manual page to learn how to
	       specify which display number clients should try to use.

       -a number
	       sets pointer acceleration (i.e. the ratio of how much is reported to how much  the
	       user actually moved the pointer).

       -ac     disables  host-based  access  control mechanisms.  Enables access by any host, and
	       permits any host to modify the access control list.   Use  with	extreme  caution.
	       This option exists primarily for running test suites remotely.

       -audit level
	       sets  the  audit  trail	level.	 The  default level is 1, meaning only connection
	       rejections are reported.  Level 2 additionally reports all successful  connections
	       and  disconnects.   Level  4  enables  messages	from  the  SECURITY extension, if
	       present, including generation and revocation of authorizations and  violations  of
	       the  security policy.  Level 0 turns off the audit trail.  Audit lines are sent as
	       standard error output.

       -auth authorization-file
	       specifies a file which contains a collection  of  authorization	records  used  to
	       authenticate access.  See also the xdm and Xsecurity manual pages.

       bc      disables  certain  kinds  of  error  checking, for bug compatibility with previous
	       releases (e.g., to work around bugs in R2 and R3  xterms  and  toolkits).   Depre-

       -bs     disables backing store support on all screens.

       -br     sets  the  default  root  window to solid black instead of the standard root weave

       -c      turns off key-click.

       c volume
	       sets key-click volume (allowable range: 0-100).

       -cc class
	       sets the visual class for the root window of color screens.  The class numbers are
	       as specified in the X protocol.	Not obeyed by all servers.

       -co filename
	       sets name of RGB color database.  The default is __projectroot__/lib/X11/rgb.

       -core   causes the server to generate a core dump on fatal errors.

       -dpi resolution
	       sets  the  resolution of the screen, in dots per inch.  To be used when the server
	       cannot determine the screen size from the hardware.

       -deferglyphs whichfonts
	       specifies the types of fonts for which the server should attempt to  use  deferred
	       glyph  loading.	whichfonts can be all (all fonts), none (no fonts), or 16 (16 bit
	       fonts only).

       -f volume
	       sets feep (bell) volume (allowable range: 0-100).

       -fc cursorFont
	       sets default cursor font.

       -fn font
	       sets the default font.

       -fp fontPath
	       sets the search path for fonts.	This path is a comma separated list  of  directo-
	       ries which the X server searches for font databases.

       -help   prints a usage message.

       -I      causes all remaining command line arguments to be ignored.

       -nolisten trans-type
	       disables  a  transport type.  For example, TCP/IP connections can be disabled with
	       -nolisten tcp.

	       prevents a server reset when the last client connection is closed.  This overrides
	       a previous -terminate command line option.

       -p minutes
	       sets screen-saver pattern cycle time in minutes.

       -pn     permits	the  server to continue running if it fails to establish all of its well-
	       known sockets (connection points for clients), but establishes at least one.

       -r      turns off auto-repeat.

       r       turns on auto-repeat.

       -s minutes
	       sets screen-saver timeout time in minutes.

       -su     disables save under support on all screens.

       -t number
	       sets pointer acceleration threshold in pixels (i.e. after how many pixels  pointer
	       acceleration should take effect).

	       causes  the  server  to	terminate  at server reset, instead of continuing to run.
	       This overrides a previous -noreset command line option.

       -to seconds
	       sets default connection timeout in seconds.

       -tst    disables all testing extensions (e.g., XTEST, XTrap, XTestExtension1, RECORD).

       ttyxx   ignored, for servers started the ancient way (from init).

       v       sets video-off screen-saver preference.

       -v      sets video-on screen-saver preference.

       -wm     forces the default backing-store of all windows to be WhenMapped.  This is a back-
	       door  way  of  getting backing-store to apply to all windows.  Although all mapped
	       windows will have backing store, the backing store attribute value reported by the
	       server  for  a  window  will be the last value established by a client.	If it has
	       never been set by a client, the server will report the default  value,  NotUseful.
	       This behavior is required by the X protocol, which allows the server to exceed the
	       client's backing store expectations but does not provide a way to tell the  client
	       that it is doing so.

       -x extension
	       loads the specified extension at init.  This is a no-op for most implementations.

	       enables(+) or disables(-) the XINERAMA extension.  The default state is disabled.

       Some X servers accept the following options:

       -ld kilobytes
	       sets  the  data space limit of the server to the specified number of kilobytes.	A
	       value of zero makes the data size as large as possible.	The default value  of  -1
	       leaves the data space limit unchanged.

       -lf files
	       sets  the  number-of-open-files	limit  of  the server to the specified number.	A
	       value of zero makes the limit as large as  possible.   The  default  value  of  -1
	       leaves the limit unchanged.

       -ls kilobytes
	       sets  the stack space limit of the server to the specified number of kilobytes.	A
	       value of zero makes the stack size as large as possible.  The default value of  -1
	       leaves the stack space limit unchanged.

       -logo   turns on the X Window System logo display in the screen-saver.  There is currently
	       no way to change this from a client.

       nologo  turns off the X Window System logo display in the  screen-saver.   There  is  cur-
	       rently no way to change this from a client.

       X  servers  that support XDMCP have the following options.  See the X Display Manager Con-
       trol Protocol specification for more information.

       -query hostname
	       enables XDMCP and sends Query packets to the specified hostname.

	       enable XDMCP and broadcasts BroadcastQuery packets  to  the  network.   The  first
	       responding display manager will be chosen for the session.

       -indirect hostname
	       enables XDMCP and send IndirectQuery packets to the specified hostname.

       -port port-number
	       uses  the  specified  port-number for XDMCP packets, instead of the default.  This
	       option must be specified before any -query, -broadcast or -indirect options.

       -from local-address
	       specifies the local address to connect from (useful if  the  connecting	host  has
	       multiple  network  interfaces).	 The  local-address  may be expressed in any form
	       acceptable to the host platform's gethostbyname(3) implementation.

       -once   causes the server to terminate (rather than reset) when the XDMCP session ends.

       -class display-class
	       XDMCP has an additional display qualifier used in resource lookup for display-spe-
	       cific  options.	 This  option sets that value, by default it is "MIT-Unspecified"
	       (not a very useful value).

       -cookie xdm-auth-bits
	       When testing XDM-AUTHENTICATION-1, a private key is shared between the server  and
	       the manager.  This option sets the value of that private data (not that it is very
	       private, being on the command line!).

       -displayID display-id
	       Yet another XDMCP specific value, this one allows the display manager to  identify
	       each display so that it can locate the shared key.

       X  servers  that  support  the  XKEYBOARD  (a.k.a.  'XKB')  extension accept the following

       [+-]kb  enables(+) or disables(-) the XKEYBOARD extension.

       [+-]accessx [ timeout [ timeout_mask [ feedback [ options_mask ] ] ] ]
	       enables(+) or disables(-) AccessX key sequences.

       -xkbdir directory
	       base directory for keyboard layout files.  This option is not available for setuid
	       X servers (i.e., when the X server's real and effective uids are different).

       -ar1 milliseconds
	       sets  the  autorepeat  delay  (length  of  time in milliseconds that a key must be
	       depressed before autorepeat starts).

       -ar2 milliseconds
	       sets the autorepeat interval (length of time in milliseconds  that  should  elapse
	       between autorepeat-generated keystrokes).

	       disables loading of an XKB keymap description on server startup.

       -xkbdb filename
	       uses filename for default keyboard keymaps.

       -xkbmap filename
	       loads keyboard description in filename on server startup.

       X servers that support the SECURITY extension accept the following option:

       -sp filename
	       causes  the  server to attempt to read and interpret filename as a security policy
	       file with the format described below.  The file is  read  at  server  startup  and
	       reread at each server reset.

       The  syntax  of	the security policy file is as follows.  Notation: "*" means zero or more
       occurrences of the preceding element, and "+" means one or more occurrences.  To interpret
       <foo/bar>,  ignore  the	text  after the /; it is used to distinguish between instances of
       <foo> in the next section.

       <policy file> ::= <version line> <other line>*

       <version line> ::= <string/v> '\n'

       <other line > ::= <comment> | <access rule> | <site policy> | <blank line>

       <comment> ::= # <not newline>* '\n'

       <blank line> ::= <space> '\n'

       <site policy> ::= sitepolicy <string/sp> '\n'

       <access rule> ::= property <property/ar> <window> <perms> '\n'

       <property> ::= <string>

       <window> ::= any | root | <required property>

       <required property> ::= <property/rp> | <property with value>

       <property with value> ::= <property/rpv> = <string/rv>

       <perms> ::= [ <operation> | <action> | <space> ]*

       <operation> ::= r | w | d

       <action> ::= a | i | e

       <string> ::= <dbl quoted string> | <single quoted string> | <unqouted string>

       <dbl quoted string> ::= <space> " <not dqoute>* " <space>

       <single quoted string> ::= <space> ' <not squote>* ' <space>

       <unquoted string> ::= <space> <not space>+ <space>

       <space> ::= [ ' ' | '\t' ]*

       Character sets:

       <not newline> ::= any character except '\n'
       <not dqoute>  ::= any character except "
       <not squote>  ::= any character except '
       <not space>   ::= any character except those in <space>

       The semantics associated with the above syntax are as follows.

       <version line>, the first line in the file, specifies the file  format  version.   If  the
       server  does  not  recognize the version <string/v>, it ignores the rest of the file.  The
       version string for the file format described here is "version-1" .

       Once past the <version line>, lines that do not match the above syntax are ignored.

       <comment> lines are ignored.

       <sitepolicy> lines are currently ignored.  They are intended to specify the site  policies
       used by the XC-QUERY-SECURITY-1 authorization method.

       <access	rule> lines specify how the server should react to untrusted client requests that
       affect the X Window property named <property/ar>.  The rest of this section describes  the
       interpretation of an <access rule>.

       For  an <access rule> to apply to a given instance of <property/ar>, <property/ar> must be
       on a window that is in the set of windows specified by <window>.  If <window> is any,  the
       rule  applies  to  <property/ar>  on any window.  If <window> is root, the rule applies to
       <property/ar> only on root windows.

       If <window> is <required property>, the following apply.   If  <required  property>  is	a
       <property/rp>, the rule applies when the window also has that <property/rp>, regardless of
       its value.  If <required property> is a <property with value>,  <property/rpv>  must  also
       have the value specified by <string/rv>.  In this case, the property must have type STRING
       and format 8, and should contain one or more  null-terminated  strings.	 If  any  of  the
       strings match <string/rv>, the rule applies.

       The  definition	of  string  matching  is simple case-sensitive string comparison with one
       elaboration: the occurence of the character '*' in <string/rv> is a wildcard meaning  "any
       string."   A <string/rv> can contain multiple wildcards anywhere in the string.	For exam-
       ple, "x*" matches strings that begin with x, "*x" matches strings that end with	x,  "*x*"
       matches	strings  containing  x,  and  "x*y*" matches strings that start with x and subse-
       quently contain y.

       There may be multiple <access rule> lines for a given <property/ar>.  The rules are tested
       in the order that they appear in the file.  The first rule that applies is used.

       <perms>	specify  operations  that untrusted clients may attempt, and the actions that the
       server should take in response to those operations.

       <operation> can be r (read), w (write), or d (delete).  The following table  shows  how	X
       Protocol  property  requests  map to these operations in The Open Group server implementa-

       GetProperty    r, or r and d if delete = True
       ChangeProperty w
       RotateProperties    r and w
       DeleteProperty d
       ListProperties none, untrusted clients can always list all properties

       <action> can be a (allow), i (ignore), or e (error).  Allow means execute the  request  as
       if it had been issued by a trusted client.  Ignore means treat the request as a no-op.  In
       the case of GetProperty, ignore means return an	empty  property  value	if  the  property
       exists, regardless of its actual value.	Error means do not execute the request and return
       a BadAtom error with the atom set to the property name.	Error is the default  action  for
       all properties, including those not listed in the security policy file.

       An <action> applies to all <operation>s that follow it, until the next <action> is encoun-
       tered.  Thus, irwad  means ignore read and write, allow delete.

       GetProperty and RotateProperties may do multiple operations (r and d, or  r  and  w).   If
       different  actions apply to the operations, the most severe action is applied to the whole
       request; there is no partial request execution.	The severity ordering is: allow <  ignore
       < error.  Thus, if the <perms> for a property are ired (ignore read, error delete), and an
       untrusted client attempts GetProperty on that property with delete =  True,  an	error  is
       returned,  but  the  property  value  is  not.	Similarly,  if any of the properties in a
       RotateProperties do not allow both read and write, an error is returned	without  changing
       any property values.

       Here is an example security policy file.


       # Allow reading of application resources, but not writing.
       property RESOURCE_MANAGER     root      ar iw
       property SCREEN_RESOURCES     root      ar iw

       # Ignore attempts to use cut buffers.  Giving errors causes apps to crash,
       # and allowing access may give away too much information.
       property CUT_BUFFER0	     root      irw
       property CUT_BUFFER1	     root      irw
       property CUT_BUFFER2	     root      irw
       property CUT_BUFFER3	     root      irw
       property CUT_BUFFER4	     root      irw
       property CUT_BUFFER5	     root      irw
       property CUT_BUFFER6	     root      irw
       property CUT_BUFFER7	     root      irw

       # If you are using Motif, you probably want these.
       property _MOTIF_DEFAULT_BINDINGS        rootar iw
       property _MOTIF_DRAG_WINDOW   root      ar iw
       property _MOTIF_DRAG_TARGETS  any       ar iw
       property _MOTIF_DRAG_ATOMS    any       ar iw
       property _MOTIF_DRAG_ATOM_PAIRS	       any ar iw

       # The next two rules let xwininfo -tree work when untrusted.
       property WM_NAME 	     any       ar

       # Allow read of WM_CLASS, but only for windows with WM_NAME.
       # This might be more restrictive than necessary, but demonstrates
       # the <required property> facility, and is also an attempt to
       # say "top level windows only."
       property WM_CLASS	     WM_NAME   ar

       # These next three let xlsclients work untrusted.  Think carefully
       # before including these; giving away the client machine name and command
       # may be exposing too much.
       property WM_STATE	     WM_NAME   ar
       property WM_CLIENT_MACHINE    WM_NAME   ar
       property WM_COMMAND	     WM_NAME   ar

       # To let untrusted clients use the standard colormaps created by
       # xstdcmap, include these lines.
       property RGB_DEFAULT_MAP      root      ar
       property RGB_BEST_MAP	     root      ar
       property RGB_RED_MAP	     root      ar
       property RGB_GREEN_MAP	     root      ar
       property RGB_BLUE_MAP	     root      ar
       property RGB_GRAY_MAP	     root      ar

       # To let untrusted clients use the color management database created
       # by xcmsdb, include these lines.
       property XDCCC_LINEAR_RGB_CORRECTION    rootar
       property XDCCC_LINEAR_RGB_MATRICES      rootar
       property XDCCC_GRAY_SCREENWHITEPOINT    rootar
       property XDCCC_GRAY_CORRECTION	       rootar

       # To let untrusted clients use the overlay visuals that many vendors
       # support, include this line.
       property SERVER_OVERLAY_VISUALS	       rootar

       # Dumb examples to show other capabilities.

       # oddball property names and explicit specification of error conditions
       property "property with spaces"	       'property with "'aw er ed

       # Allow deletion of Woo-Hoo if window also has property OhBoy with value
       # ending in "son".  Reads and writes will cause an error.
       property Woo-Hoo 	     OhBoy = "*son"ad

       The  X server supports client connections via a platform-dependent subset of the following
       transport types: TCPIP, Unix Domain sockets, DECnet, and several varieties of  SVR4  local
       connections.  See the DISPLAY NAMES section of the X(7x) manual page to learn how to spec-
       ify which transport type clients should try to use.

       The X server implements a platform-dependent subset of the following authorization  proto-
       cols:  MIT-MAGIC-COOKIE-1,  XDM-AUTHORIZATION-1,  SUN-DES-1,  and MIT-KERBEROS-5.  See the
       Xsecurity(7x) manual page for information on the operation of these protocols.

       Authorization data required by the above protocols is passed to the server  in  a  private
       file  named  with  the -auth command line option.  Each time the server is about to accept
       the first connection after a reset (or when the server is starting), it reads  this  file.
       If  this  file  contains  any  authorization  records, the local host is not automatically
       allowed access to the server, and only clients which send one of the authorization records
       contained in the file in the connection setup information will be allowed access.  See the
       Xau manual page for a description of the binary format of this  file.   See  xauth(1)  for
       maintenance of this file, and distribution of its contents to remote hosts.

       The  X  server  also  uses a host-based access control list for deciding whether or not to
       accept connections from clients on a particular machine.  If no other authorization mecha-
       nism  is  being used, this list initially consists of the host on which the server is run-
       ning as well as any machines listed in the file /etc/Xn.hosts, where n is the display num-
       ber of the server.  Each line of the file should contain either an Internet hostname (e.g.
       expo.lcs.mit.edu) or a DECnet hostname in  double  colon  format  (e.g.	hydra::).   There
       should be no leading or trailing spaces on any lines.  For example:


       Users  can  add	or remove hosts from this list and enable or disable access control using
       the xhost command from the same machine as the server.

       If the X FireWall Proxy (xfwp) is being used without a sitepolicy,  host-based  authoriza-
       tion must be turned on for clients to be able to connect to the X server via the xfwp.  If
       xfwp is run without a configuration file and thus no sitepolicy is  defined,  if  xfwp  is
       using  an X server where xhost + has been run to turn off host-based authorization checks,
       when a client tries to connect to this X server via xfwp, the X server will deny the  con-
       nection.  See xfwp(1) for more information about this proxy.

       The  X  protocol intrinsically does not have any notion of window operation permissions or
       place any restrictions on what a client can do; if a program can connect to a display,  it
       has  full  run  of  the screen.	X servers that support the SECURITY extension fare better
       because clients can be designated untrusted via the authorization they use to connect; see
       the  xauth(1) manual page for details.  Restrictions are imposed on untrusted clients that
       curtail the mischief they can do.  See the SECURITY extension specification for a complete
       list of these restrictions.

       Sites  that have better authentication and authorization systems might wish to make use of
       the hooks in the libraries and the server to provide additional security models.

       The X server attaches special meaning to the following signals:

       SIGHUP  This signal causes  the	server	to  close  all	existing  connections,	free  all
	       resources,  and	restore all defaults.  It is sent by the display manager whenever
	       the main user's main application (usually an xterm or  window  manager)	exits  to
	       force the server to clean up and prepare for the next user.

       SIGTERM This signal causes the server to exit cleanly.

       SIGUSR1 This  signal  is used quite differently from either of the above.  When the server
	       starts, it checks to see if it has inherited SIGUSR1 as	SIG_IGN  instead  of  the
	       usual  SIG_DFL.	 In  this  case, the server sends a SIGUSR1 to its parent process
	       after it has set up the various connection schemes.  Xdm uses this feature to rec-
	       ognize when connecting to the server is possible.

       The  X  server  can  obtain  fonts from directories and/or from font servers.  The list of
       directories and font servers the X server uses when trying to open a font is controlled by
       the font path.

       The default font path is /usr/X11R6/lib/X11/fonts/misc/, /usr/X11R6/lib/X11/fonts/Speedo/,
       /usr/X11R6/lib/X11/fonts/Type1/, 			 /usr/X11R6/lib/X11/fonts/75dpi/,
       /usr/X11R6/lib/X11/fonts/100dpi/" .

       The font path can be set with the -fp option or by xset(1) after the server has started.

       /etc/Xn.hosts		     Initial access control list for display number n

				     Bitmap font directories

				     Outline font directories

       /usr/X11R6/lib/X11/rgb.txt    Color database

       /tmp/.X11-unix/Xn	     Unix domain socket for display number n

       /tmp/rcXn		     Kerberos 5 replay cache for display number n

       /usr/adm/Xnmsgs		     Error log file for display number n if run from init(8)

				     Default error log file if the server is run from xdm(1)

       General information: X(7x)

       Protocols: X Window System Protocol, The X Font Service Protocol, X Display  Manager  Con-
       trol Protocol

       Fonts: bdftopcf(1), mkfontdir(1), xfs(1), xlsfonts(1), xfontsel(1), xfd(1), X Logical Font
       Description Conventions

       Security: Xsecurity(7x), xauth(1), Xau(1), xdm(1), xhost(1),  xfwp(1)  Security	Extension

       Starting the server: xdm(1), xinit(1)

       Controlling the server once started: xset(1), xsetroot(1), xhost(1)

       Server-specific	man  pages:  Xdec(1),  XmacII(1), Xsun(1), Xnest(1), Xvfb(1), XFree86(1),

       Server internal documentation: Definition of the Porting Layer for the X v11 Sample Server

       The sample server was originally written by  Susan  Angebranndt,  Raymond  Drewry,  Philip
       Karlton,  and  Todd  Newman, from Digital Equipment Corporation, with support from a large
       cast.  It has since been extensively rewritten by Keith Packard and  Bob  Scheifler,  from
       MIT.  Dave Wiggins took over post-R5 and made substantial improvements.

X Version 11				   Release 6.6				       XSERVER(1)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 10:25 PM.