| 194 |
- |
1 |
;; See `man 5 sesman.ini` for details
|
|
|
2 |
|
|
|
3 |
[Globals]
|
|
|
4 |
ListenAddress=127.0.0.1
|
|
|
5 |
ListenPort=3350
|
|
|
6 |
EnableUserWindowManager=true
|
|
|
7 |
; Give in relative path to user's home directory
|
|
|
8 |
UserWindowManager=startwm.sh
|
|
|
9 |
; Give in full path or relative path to /etc/xrdp
|
|
|
10 |
DefaultWindowManager=startwm-bash.sh
|
|
|
11 |
; Give in full path or relative path to /etc/xrdp
|
|
|
12 |
ReconnectScript=reconnectwm.sh
|
|
|
13 |
|
|
|
14 |
[Security]
|
|
|
15 |
AllowRootLogin=true
|
|
|
16 |
MaxLoginRetry=4
|
|
|
17 |
TerminalServerUsers=tsusers
|
|
|
18 |
TerminalServerAdmins=tsadmins
|
|
|
19 |
; When AlwaysGroupCheck=false access will be permitted
|
|
|
20 |
; if the group TerminalServerUsers is not defined.
|
|
|
21 |
AlwaysGroupCheck=false
|
| 209 |
- |
22 |
; When RestrictOutboundClipboard=all clipboard from the
|
| 194 |
- |
23 |
; server is not pushed to the client.
|
| 209 |
- |
24 |
; In addition, you can control text/file/image transfer restrictions
|
|
|
25 |
; respectively. It also accepts comma separated list such as text,file,image.
|
|
|
26 |
; To keep compatibility, some aliases are also available:
|
|
|
27 |
; true: an alias of all
|
|
|
28 |
; false: an alias of none
|
|
|
29 |
; yes: an alias of all
|
|
|
30 |
RestrictOutboundClipboard=none
|
|
|
31 |
; When RestrictInboundClipboard=all clipboard from the
|
|
|
32 |
; client is not pushed to the server.
|
|
|
33 |
; In addition, you can control text/file/image transfer restrictions
|
|
|
34 |
; respectively. It also accepts comma separated list such as text,file,image.
|
|
|
35 |
; To keep compatibility, some aliases are also available:
|
|
|
36 |
; true: an alias of all
|
|
|
37 |
; false: an alias of none
|
|
|
38 |
; yes: an alias of all
|
|
|
39 |
RestrictInboundClipboard=none
|
| 194 |
- |
40 |
|
|
|
41 |
[Sessions]
|
|
|
42 |
;; X11DisplayOffset - x11 display number offset
|
|
|
43 |
; Type: integer
|
|
|
44 |
; Default: 10
|
|
|
45 |
X11DisplayOffset=10
|
|
|
46 |
|
|
|
47 |
;; MaxSessions - maximum number of connections to an xrdp server
|
|
|
48 |
; Type: integer
|
|
|
49 |
; Default: 0
|
|
|
50 |
MaxSessions=50
|
|
|
51 |
|
|
|
52 |
;; KillDisconnected - kill disconnected sessions
|
|
|
53 |
; Type: boolean
|
|
|
54 |
; Default: false
|
| 197 |
- |
55 |
; if 1, true, or yes, every session will be killed within DisconnectedTimeLimit
|
|
|
56 |
; seconds after the user disconnects
|
| 194 |
- |
57 |
KillDisconnected=false
|
|
|
58 |
|
| 197 |
- |
59 |
;; DisconnectedTimeLimit (seconds) - wait before kill disconnected sessions
|
| 194 |
- |
60 |
; Type: integer
|
|
|
61 |
; Default: 0
|
| 197 |
- |
62 |
; if KillDisconnected is set to false, this value is ignored
|
| 194 |
- |
63 |
DisconnectedTimeLimit=0
|
|
|
64 |
|
| 197 |
- |
65 |
;; IdleTimeLimit (seconds) - wait before disconnect idle sessions
|
| 194 |
- |
66 |
; Type: integer
|
|
|
67 |
; Default: 0
|
|
|
68 |
; Set to 0 to disable idle disconnection.
|
|
|
69 |
IdleTimeLimit=0
|
|
|
70 |
|
|
|
71 |
;; Policy - session allocation policy
|
|
|
72 |
; Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ]
|
|
|
73 |
; "Default" session per <User,BitPerPixel>
|
|
|
74 |
; "UBD" session per <User,BitPerPixel,DisplaySize>
|
|
|
75 |
; "UBI" session per <User,BitPerPixel,IPAddr>
|
|
|
76 |
; "UBC" session per <User,BitPerPixel,Connection>
|
|
|
77 |
; "UBDI" session per <User,BitPerPixel,DisplaySize,IPAddr>
|
|
|
78 |
; "UBDC" session per <User,BitPerPixel,DisplaySize,Connection>
|
|
|
79 |
Policy=Default
|
|
|
80 |
|
|
|
81 |
[Logging]
|
| 197 |
- |
82 |
; Note: Log levels can be any of: core, error, warning, info, debug, or trace
|
| 194 |
- |
83 |
LogFile=xrdp-sesman.log
|
| 197 |
- |
84 |
LogLevel=INFO
|
|
|
85 |
EnableSyslog=true
|
|
|
86 |
#SyslogLevel=INFO
|
|
|
87 |
#EnableConsole=false
|
|
|
88 |
#ConsoleLevel=INFO
|
|
|
89 |
#EnableProcessId=false
|
| 194 |
- |
90 |
|
| 197 |
- |
91 |
[LoggingPerLogger]
|
| 204 |
- |
92 |
; Note: per logger configuration is only used if xrdp is built with
|
|
|
93 |
; --enable-devel-logging
|
| 197 |
- |
94 |
#sesman.c=INFO
|
|
|
95 |
#main()=INFO
|
|
|
96 |
|
| 194 |
- |
97 |
;
|
|
|
98 |
; Session definitions - startup command-line parameters for each session type
|
|
|
99 |
;
|
|
|
100 |
|
|
|
101 |
[Xorg]
|
|
|
102 |
; Specify the path of non-suid Xorg executable. It might differ depending
|
|
|
103 |
; on your distribution and version. Find out the appropreate path for your
|
|
|
104 |
; environment. The typical path is known as follows:
|
|
|
105 |
;
|
|
|
106 |
; Fedora 26 or later : param=/usr/libexec/Xorg
|
|
|
107 |
; Debian 9 or later : param=/usr/lib/xorg/Xorg
|
|
|
108 |
; Ubuntu 16.04 or later : param=/usr/lib/xorg/Xorg
|
|
|
109 |
; Arch Linux : param=/usr/lib/Xorg
|
|
|
110 |
; CentOS 7 : param=/usr/bin/Xorg or param=Xorg
|
|
|
111 |
; CentOS 8 : param=/usr/libexec/Xorg
|
|
|
112 |
;
|
| 197 |
- |
113 |
param=/usr/libexec/Xorg
|
| 194 |
- |
114 |
; Leave the rest paramaters as-is unless you understand what will happen.
|
|
|
115 |
param=-config
|
|
|
116 |
param=xrdp/xorg.conf
|
|
|
117 |
param=-noreset
|
|
|
118 |
param=-nolisten
|
|
|
119 |
param=tcp
|
|
|
120 |
param=-logfile
|
|
|
121 |
param=.xorgxrdp.%s.log
|
|
|
122 |
|
|
|
123 |
[Xvnc]
|
|
|
124 |
param=Xvnc
|
|
|
125 |
param=-bs
|
|
|
126 |
param=-nolisten
|
|
|
127 |
param=tcp
|
|
|
128 |
param=-localhost
|
|
|
129 |
param=-dpi
|
|
|
130 |
param=96
|
|
|
131 |
|
|
|
132 |
[Chansrv]
|
| 197 |
- |
133 |
; drive redirection
|
|
|
134 |
; See sesman.ini(5) for the format of this parameter
|
|
|
135 |
#FuseMountName=/run/user/%u/thinclient_drives
|
|
|
136 |
#FuseMountName=/media/thinclient_drives/%U/thinclient_drives
|
| 194 |
- |
137 |
FuseMountName=thinclient_drives
|
|
|
138 |
; this value allows only the user to acess their own mapped drives.
|
|
|
139 |
; Make this more permissive (e.g. 022) if required.
|
|
|
140 |
FileUmask=077
|
| 197 |
- |
141 |
; Can be used to disable FUSE functionality - see sesman.ini(5)
|
|
|
142 |
#EnableFuseMount=false
|
| 208 |
- |
143 |
; Uncomment this line only if you are using GNOME 3 versions 3.29.92
|
|
|
144 |
; and up, and you wish to cut-paste files between Nautilus and Windows. Do
|
|
|
145 |
; not use this setting for GNOME 4, or other file managers
|
|
|
146 |
#UseNautilus3FlistFormat=true
|
| 194 |
- |
147 |
|
| 197 |
- |
148 |
[ChansrvLogging]
|
|
|
149 |
; Note: one log file is created per display and the LogFile config value
|
|
|
150 |
; is ignored. The channel server log file names follow the naming convention:
|
|
|
151 |
; xrdp-chansrv.${DISPLAY}.log
|
|
|
152 |
;
|
|
|
153 |
; Note: Log levels can be any of: core, error, warning, info, debug, or trace
|
|
|
154 |
LogLevel=INFO
|
|
|
155 |
EnableSyslog=true
|
|
|
156 |
#SyslogLevel=INFO
|
|
|
157 |
#EnableConsole=false
|
|
|
158 |
#ConsoleLevel=INFO
|
|
|
159 |
#EnableProcessId=false
|
|
|
160 |
|
|
|
161 |
[ChansrvLoggingPerLogger]
|
| 204 |
- |
162 |
; Note: per logger configuration is only used if xrdp is built with
|
|
|
163 |
; --enable-devel-logging
|
| 197 |
- |
164 |
#chansrv.c=INFO
|
|
|
165 |
#main()=INFO
|
|
|
166 |
|
| 194 |
- |
167 |
[SessionVariables]
|
|
|
168 |
PULSE_SCRIPT=/etc/xrdp/pulse/default.pa
|