Index of Section 5 Manual Pages
| Interix / SUA | Xserver.5 | Interix / SUA |
Xserver(5) Xserver(5)
XSERVER
NAME
Xserver - X Window System display server
SYNOPSIS
X [option ...]
DESCRIPTION
X is the generic name for the X Window System display server. It is
frequently a link or a copy of the appropriate server binary for driving
the most frequently used server on a given machine.
STARTING THE SERVER
The X server is usually started from the X Display Manager program
xdm(1X11R6). This utility is run from the system boot files and takes care
of keeping the server running, prompting for usernames and passwords, and
starting up the user sessions.
Installations that run more than one window system may need to use the
xinit(1X11R6) utility instead of xdm. However, xinit is to be considered a
tool for building startup scripts and is not intended for use by end
users. Site administrators are strongly urged to use xdm, or build other
interfaces for novice users.
The X server may also be started directly by the user, though this method
is usually reserved for testing and is not recommended for normal
operation. On some platforms, the user must have special permission to
start the X server, often because access to certain devices (e.g. /dev/
mouse) is restricted.
When the X server starts up, it typically takes over the display. If you
are running on a workstation whose console is the display, you may not be
able to log into the console while the server is running.
OPTIONS
All of the X servers accept the following command line options:
:displaynumber
the X server runs as the given displaynumber, which by default is 0.
If multiple X servers are to run simultaneously on a host, each must
have a unique display number. See the DISPLAY NAMES section of the
X(5X11R5) manual page to learn how to specify which display number
clients should try to use.
-anumber
sets pointer acceleration (i.e. the ratio of how much is reported to
how much the user actually moved the pointer).
-ac
disables host-based access control mechanisms. Enables access by any
host, and permits any host to modify the access control list. Use with
extreme caution. This option exists primarily for running test suites
remotely.
-auditlevel
Sets the audit trail level. The default level is 1, meaning only
connection rejections are reported. Level 2 additionally reports all
successful connections and disconnects. Level 4 enables messages from
the SECURITY extension, if present, including generation and
revocation of authorizations and violations of the security policy.
Level 0 turns off the audit trail. Audit lines are sent as standard
error output.
-authauthorization-file
Specifies a file which contains a collection of authorization records
used to authenticate access. See also the xdm and Xsecurity manual
pages.
bc
disables certain kinds of error checking, for bug compatibility with
previous releases (e.g., to work around bugs in R2 and R3 xterms and
toolkits). Deprecated.
-bs
disables backing store support on all screens.
-c
turns off key-click.
cvolume
sets key-click volume (allowable range: 0-100).
-ccclass
sets the visual class for the root window of color screens. The class
numbers are as specified in the X protocol. Not obeyed by all servers.
-cofilename
sets name of RGB color database. The default is /lib/X11/rgb,
where refers to the root of the X11 install tree.
-configfilename
reads more options from the given file. Options in the file may be
separated by newlines if desired. If a '#' character appears on a
line, all characters between it and the next newline are ignored,
providing a simple commenting facility. The -config option itself may
appear in the file.
-core
causes the server to generate a core dump on fatal errors.
-dpiresolution
sets the resolution of the screen, in dots per inch. To be used when
the server cannot determine the screen size from the hardware.
-deferglyphswhichfonts
specifies the types of fonts for which the server should attempt to
use deferred glyph loading. whichfonts can be all (all fonts), none
(no fonts), or 16 (16 bit fonts only).
-fvolume
sets feep (bell) volume (allowable range: 0-100).
-fccursorFont
sets default cursor font.
-fnfont
sets the default font.
-fpfontPath
sets the search path for fonts. This path is a comma separated list of
directories which the X server searches for font databases.
-help
prints a usage message.
-I
causes all remaining command line arguments to be ignored.
-kb
disables the XKEYBOARD extension if present.
-pminutes
sets screen-saver pattern cycle time in minutes.
-pn
permits the server to continue running if it fails to establish all of
its well-known sockets (connection points for clients), but
establishes at least one.
-r
turns off auto-repeat.
r
turns on auto-repeat.
-sminutes
sets screen-saver timeout time in minutes.
-su
disables save under support on all screens.
-tnumber
sets pointer acceleration threshold in pixels (i.e. after how many
pixels pointer acceleration should take effect).
-terminate
causes the server to terminate at server reset, instead of continuing
to run.
-toseconds
sets default connection timeout in seconds.
-tst
disables all testing extensions (e.g., XTEST, XTrap, XTestExtension1,
RECORD).
ttyxx
ignored, for servers started the ancient way (from init).
v
sets video-off screen-saver preference.
-v
sets video-on screen-saver preference.
-wm
forces the default backing-store of all windows to be WhenMapped. This
is a backdoor way of getting backing-store to apply to all windows.
Although all mapped windows will have backing store, the backing store
attribute value reported by the server for a window will be the last
value established by a client. If it has never been set by a client,
the server will report the default value, NotUseful. This behavior is
required by the X protocol, which allows the server to exceed the
client's backing store expectations but does not provide a way to tell
the client that it is doing so.
-xextension
loads the specified extension at init. This is a no-op for most
implementations.
[+-]xinerama
enable(+) or disable(-) XINERAMA extension. Default is disabled.
SERVER DEPENDENT OPTIONS
Some X servers accept the following options:
-ldkilobytes
sets the data space limit of the server to the specified number of
kilobytes. A value of zero makes the data size as large as possible.
The default value of -1 leaves the data space limit unchanged.
-lffiles
sets the number-of-open-files limit of the server to the specified
number. A value of zero makes the limit as large as possible. The
default value of -1 leaves the limit unchanged.
-lskilobytes
sets the stack space limit of the server to the specified number of
kilobytes. A value of zero makes the stack size as large as possible.
The default value of -1 leaves the stack space limit unchanged.
-logo
turns on the X Window System logo display in the screen-saver. There
is currently no way to change this from a client.
nologo
turns off the X Window System logo display in the screen-saver. There
is currently no way to change this from a client.
XDMCP OPTIONS
X servers that support XDMCP have the following options. See the X Display
Manager Control Protocol specification for more information.
-queryhost-name
Enable XDMCP and send Query packets to the specified host.
-broadcast
Enable XDMCP and broadcast BroadcastQuery packets to the network. The
first responding display manager will be chosen for the session.
-indirecthost-name
Enable XDMCP and send IndirectQuery packets to the specified host.
-portport-num
Use an alternate port number for XDMCP packets. Must be specified
before any -query, -broadcast or -indirect options.
-classdisplay-class
XDMCP has an additional display qualifier used in resource lookup for
display-specific options. This option sets that value, by default it
is "MIT-Unspecified" (not a very useful value).
-cookiexdm-auth-bits
When testing XDM-AUTHENTICATION-1, a private key is shared between the
server and the manager. This option sets the value of that private
data (not that it is very private, being on the command line!).
-displayIDdisplay-id
Yet another XDMCP specific value, this one allows the display manager
to identify each display so that it can locate the shared key.
XKEYBOARD OPTIONS
X servers that support the XKEYBOARD extension accept the following
options:
-xkbdirdirectory
base directory for keyboard layout files
-xkbmapfilename
keyboard description to load on startup
[+-]accessx
enable(+) or disable(-) AccessX key sequences
-ar1milliseconds
sets the length of time in milliseconds that a key must be depressed
before autorepeat starts
-ar2milliseconds
sets the length of time in milliseconds that should elapse between
autorepeat-generated keystrokes
Many servers also have device-specific command line options. See the
manual pages for the individual servers for more details.
SECURITY EXTENSION OPTIONS
X servers that support the SECURITY extension accept the following option:
-spfilename
causes the server to attempt to read and interpret filename as a
security policy file with the format described below. The file is read
at server startup and reread at each server reset.
The syntax of the security policy file is as follows. Notation: "*" means
zero or more occurrences of the preceding element, and "+" means one or
more occurrences. To interpret , ignore the text after the /; it
is used to distinguish between instances of in the next section.
::= *
::= '\n'
::= | | |
::= # * '\n'
::= '\n'
::= sitepolicy '\n'
::= property '\n'
::=
::= any | root |
::= |
::= =
::= [ | | ]*
::= r | w | d
::= a | i | e
::= | |
::= " * "
::= ' * '
::= +
::= [ ' ' | '\t' ]*
Character sets:
::= any character except '\n'
::= any character except "
::= any character except '
::= any character except those in
The semantics associated with the above syntax are as follows.
, the first line in the file, specifies the file format
version. If the server does not recognize the version , it
ignores the rest of the file. The version string for the file format
described here is "version-1" .
Once past the , lines that do not match the above syntax are
ignored.
lines are ignored.
lines are currently ignored. They are intended to specify the
site policies used by the XC-QUERY-SECURITY-1 authorization method.
lines specify how the server should react to untrusted
client requests that affect the X Window property named . The
rest of this section describes the interpretation of an .
For an to apply to a given instance of ,
must be on a window that is in the set of windows specified
by . If is any, the rule applies to on any
window. If is root, the rule applies to only on
root windows.
If is , the following apply. If is a , the rule applies when the window also has
that , regardless of its value. If is a
, must also have the value specified
by . In this case, the property must have type STRING and
format 8, and should contain one or more null-terminated strings. If any
of the strings match , the rule applies.
The definition of string matching is simple case-sensitive string
comparison with one elaboration: the occurence of the character '*' in
is a wildcard meaning "any string." A can contain
multiple wildcards anywhere in the string. For example, "x*" matches
strings that begin with x, "*x" matches strings that end with x, "*x*"
matches strings containing x, and "x*y*" matches strings that start with x
and subsequently contain y.
There may be multiple lines for a given . The
rules are tested in the order that they appear in the file. The first rule
that applies is used.
specify operations that untrusted clients may attempt, and the
actions that the server should take in response to those operations.
can be r (read), w (write), or d (delete). The following table
shows how X Protocol property requests map to these operations in The Open
Group server implementation.
GetProperty r, or r and d if delete = True
ChangeProperty w
RotateProperties r and w
DeleteProperty d
ListProperties none, untrusted clients can always list all properties
can be a (allow), i (ignore), or e (error). Allow means execute
the request as if it had been issued by a trusted client. Ignore means
treat the request as a no-op. In the case of GetProperty, ignore means
return an empty property value if the property exists, regardless of its
actual value. Error means do not execute the request and return a BadAtom
error with the atom set to the property name. Error is the default action
for all properties, including those not listed in the security policy
file.
An applies to all s that follow it, until the next
is encountered. Thus, irwad means ignore read and write, allow
delete.
GetProperty and RotateProperties may do multiple operations (r and d, or r
and w). If different actions apply to the operations, the most severe
action is applied to the whole request; there is no partial request
execution. The severity ordering is: allow < ignore < error. Thus, if the
for a property are ired (ignore read, error delete), and an
untrusted client attempts GetProperty on that property with delete = True,
an error is returned, but the property value is not. Similarly, if any of
the properties in a RotateProperties do not allow both read and write, an
error is returned without changing any property values.
Here is an example security policy file.
version-1
# Allow reading of application resources, but not writing.
property RESOURCE_MANAGER root ar iw
property SCREEN_RESOURCES root ar iw
# Ignore attempts to use cut buffers. Giving errors causes apps to crash,
# and allowing access may give away too much information.
property CUT_BUFFER0 root irw
property CUT_BUFFER1 root irw
property CUT_BUFFER2 root irw
property CUT_BUFFER3 root irw
property CUT_BUFFER4 root irw
property CUT_BUFFER5 root irw
property CUT_BUFFER6 root irw
property CUT_BUFFER7 root irw
# If you are using Motif, you probably want these.
property _MOTIF_DEFAULT_BINDINGS rootar iw
property _MOTIF_DRAG_WINDOW root ar iw
property _MOTIF_DRAG_TARGETS any ar iw
property _MOTIF_DRAG_ATOMS any ar iw
property _MOTIF_DRAG_ATOM_PAIRS any ar iw
# The next two rules let xwininfo -tree work when untrusted.
property WM_NAME any ar
# Allow read of WM_CLASS, but only for windows with WM_NAME.
# This might be more restrictive than necessary, but demonstrates
# the facility, and is also an attempt to
# say "top level windows only."
property WM_CLASS WM_NAME ar
# These next three let xlsclients work untrusted. Think carefully
# before including these; giving away the client machine name and command
# may be exposing too much.
property WM_STATE WM_NAME ar
property WM_CLIENT_MACHINE WM_NAME ar
property WM_COMMAND WM_NAME ar
# To let untrusted clients use the standard colormaps created by
# xstdcmap, include these lines.
property RGB_DEFAULT_MAP root ar
property RGB_BEST_MAP root ar
property RGB_RED_MAP root ar
property RGB_GREEN_MAP root ar
property RGB_BLUE_MAP root ar
property RGB_GRAY_MAP root ar
# To let untrusted clients use the color management database created
# by xcmsdb, include these lines.
property XDCCC_LINEAR_RGB_CORRECTION rootar
property XDCCC_LINEAR_RGB_MATRICES rootar
property XDCCC_GRAY_SCREENWHITEPOINT rootar
property XDCCC_GRAY_CORRECTION rootar
# To let untrusted clients use the overlay visuals that many vendors
# support, include this line.
property SERVER_OVERLAY_VISUALS rootar
# Dumb examples to show other capabilities.
# oddball property names and explicit specification of error conditions
property "property with spaces" 'property with "'aw er ed
# Allow deletion of Woo-Hoo if window also has property OhBoy with value
# ending in "son". Reads and writes will cause an error.
property Woo-Hoo OhBoy = "*son"ad
NETWORK CONNECTIONS
The X server supports client connections via a platform-dependent subset
of the following transport types: TCP/IP, Unix Domain sockets, DECnet, and
several varieties of SVR4 local connections. See the DISPLAY NAMES section
of the X(5X11R5) manual page to learn how to specify which transport type
clients should try to use.
GRANTING ACCESS
The X server implements a platform-dependent subset of the following
authorization protocols: MIT-MAGIC-COOKIE-1, XDM-AUTHORIZATION-1, SUN-DES-
1, and MIT-KERBEROS-5. See the Xsecurity manual page for information on
the operation of these protocols.
Authorization data required by the above protocols is passed to the server
in a private file named with the -auth command line option. Each time the
server is about to accept the first connection after a reset (or when the
server is starting), it reads this file. If this file contains any
authorization records, the local host is not automatically allowed access
to the server, and only clients which send one of the authorization
records contained in the file in the connection setup information will be
allowed access. See the Xau manual page for a description of the binary
format of this file. See xauth(1X11R6) for maintenance of this file, and
distribution of its contents to remote hosts.
The X server also uses a host-based access control list for deciding
whether or not to accept connections from clients on a particular machine.
If no other authorization mechanism is being used, this list initially
consists of the host on which the server is running as well as any
machines listed in the file /etc/Xn.hosts, where n is the display number
of the server. Each line of the file should contain either an Internet
hostname (e.g. expo.lcs.mit.edu) or a DECnet hostname in double colon
format (e.g. hydra::). There should be no leading or trailing spaces on
any lines. For example:
joesworkstation
corporate.company.com
star::
bigcpu::
Users can add or remove hosts from this list and enable or disable access
control using the xhost command from the same machine as the server.
If the X FireWall Proxy (xfwp) is being used without a sitepolicy, host-
based authorization must be turned on for clients to be able to connect to
the X server via the xfwp. If xfwp is run without a configuration file and
thus no sitepolicy is defined, if xfwp is using an X server where xhost +
has been run to turn off host-based authorization checks, when a client
tries to connect to this X server via xfwp, the X server will deny the
connection. See xfwp(1X11R6) for more information about this proxy.
The X protocol intrinsically does not have any notion of window operation
permissions or place any restrictions on what a client can do; if a
program can connect to a display, it has full run of the screen. X servers
that support the SECURITY extension fare better because clients can be
designated untrusted via the authorization they use to connect; see the
xauth(1X11R6) manual page for details. Restrictions are imposed on
untrusted clients that curtail the mischief they can do. See the SECURITY
extension specification for a complete list of these restrictions.
Sites that have better authentication and authorization systems might wish
to make use of the hooks in the libraries and the server to provide
additional security models.
SIGNALS
The X server attaches special meaning to the following signals:
SIGHUP
This signal causes the server to close all existing connections, free
all resources, and restore all defaults. It is sent by the display
manager whenever the main user's main application (usually an xterm or
window manager) exits to force the server to clean up and prepare for
the next user.
SIGTERM
This signal causes the server to exit cleanly.
SIGUSR1
This signal is used quite differently from either of the above. When
the server starts, it checks to see if it has inherited SIGUSR1 as
SIG_IGN instead of the usual SIG_DFL. In this case, the server sends a
SIGUSR1 to its parent process after it has set up the various
connection schemes. Xdm uses this feature to recognize when connecting
to the server is possible.
FONTS
The X server can obtain fonts from directories and/or from font servers.
The list of directories and font servers the X server uses when trying to
open a font is controlled by the font path.
The default font path is "/lib/X11/fonts/misc/, /lib/X11/
fonts/Speedo/, /lib/X11/fonts/Type1/, /lib/X11/fonts/75dpi/
, /lib/X11/fonts/100dpi/" . where refers to the root of the
X11 install tree.
The font path can be set with the -fp option or by xset(1X11R6) after the
server has started.
FILES
/lib/X11/xdm/xdm-errors
Default error log file if the server is run from xdm(1X11R6)
Note: refers to the root of the X11 install tree.
SEE ALSO
General information: X(5X11R5)
Protocols: X Window System Protocol, The X Font Service Protocol, X
Display Manager Control Protocol
Fonts: bdftopcf(1X11R6), mkfontdir(1X11R6), xfs(1X11R6), xlsfonts(1X11R6),
xfontsel, xfd(1X11R6), X Logical Font Description Conventions
Security: Xsecurity, xauth(1X11R6), Xau, xdm(1X11R6), xhost(1X11R6),
xfwp(1X11R6) Security Extension Specification
Starting the server: xdm(1X11R6), xinit(1X11R6)
Controlling the server once started: xset(1X11R6), xsetroot(1X11R6),
xhost(1X11R6)
Server internal documentation: Definition of the Porting Layer for the X
v11 Sample Server
AUTHORS
The sample server was originally written by Susan Angebranndt, Raymond
Drewry, Philip Karlton, and Todd Newman, from Digital Equipment
Corporation, with support from a large cast. It has since been extensively
rewritten by Keith Packard and Bob Scheifler, from MIT. Dave Wiggins took
over post-R5 and made substantial improvements.