RedHat and VNC server xinetd and init.d

James B. White jimbo "at" csh.com.au
Mon Mar 21 22:19:00 2005


I got this very kindly from Paul Putkowski "off list" It works well,
however you get a new session each time you connect.
I have subsequently also written up a script in to place in init.d. So I
have both sessions that are started on Boot into runlevel 3,4, & 5, and
sessions that can be started by xinetd.

The sessions from init.d startup are logged in as the user who starts
them in the init.d script (root or an su fred) - each user can have his
own session. But if he logs it off - it needs a manual service restart.
If you disconnect, the session remains to be reconnected to. Each time
you connect or reconnect you have to enter the vnc password.
The sessions that start via xinetd present a logon screen each time you
connect, but do not require a vnc password. If you disconnect or Logoff,
the session dies. As with any inetd type interface, each port you
connect to can support as many sessions or users as you like. Remember
as someone so painstakingly reminded me, the tcp session is made unique
not by the destination IP and port, but by the combination of source IP,
source Port, Destination IP and Destination Port. As the Outgoing port
on vncviewer is variable and random I suspect, the only caveat possibly
to the unlimited sessions would be multiple users from behind a NAT
firewall, and of course system resources, particularly memory in which
to do some X screen mapping.
Xinetd sessions take no resources to speak of when NOT being used.
Init.d sessions take full resources all the time 

I Have added my attempt at a init.d script below, however I am not a
linux type, this is redhat ent 3 RHEL3 I am using, and it is a first
draft and clumsy no doubt.
As well, many of the steps in Pauls list below are required for an
init.d implementation as they impact on running multiple X sessions.


James B. White
C.S.H. Consultants Pty Ltd
Phone....:+61(0)3 97151033
Fax......:+61(0)3 97151400
Mobile...:+61(0)418 558 184

James, here's a copy of what I've sent out in the past.... the
SecurityTypes argument is specific to RealVNC, not TightVNC. If you are
looking at installing either flavor, be sure to make sure the other is
not already there.... 

rpm -qa | grep -i vnc

Also, some distro's don't seem to need the service defined the
/etc/services...

If you have any problems, type back...

Paul

You may want to include only a couple of resolutions and color depths.

When you have done the following, 
vncviewer xxx.xxx.xxx.xxx:5972 to get a session of 1024 x 768 x 24. If
everything is cool, you will get a logon screen (after you supply the
"VNC" password.)

 
Don't dwell on this section: the meat is 1-8.

There is nothing sacred about the "service names"  or the port numbers,
as long as you don't use a something that's already assigned. 
I use only a couple of different services, generally one for 1024x768x24
and one for 800x600x24. 
Note that using this method, more than one vncviewer can connect to the
SAME tcp port number and get their own session...Linux in run-level 5 is
a multi-user GUI system. If sessions abend, you can delete the session
lock keys in /tmp (eg. /tmp/.X1.lock) 
Be sure xinetd is running. Use the command "service xinetd status " 
If xinetd is not running, make it run in levels 3 and 5 by using
"redhat-config-services" 
There is a variation on this implementation (as with the "vanilla"
implementation) which allows users on a web-browser the same access,
without the need to install vncviewer on each client. 
The drawback of this xinetd method is that when you break the
connection, rerunning vncviewer starts a new session. (There are ways to
make this method "keep" a connection when it's broken, but I haven't
needed to do that...it would also let a new connection hop onto one of
my "old" root sessions, for example-not good) 
After you make these config changes, I'd suggest you do "shutdown -r
now" 
 
The following was revised from
 http://www.sourcecodecorner.com/articles/vnc/linux.asp

"This article was originally submitted by Jeff Vincent. The article has
been updated with contributions by other members of the VNC mailing
list, hosted by AT&T."

In operation, when you start the viewer to the server's IP address, 
a.      the port you specify is looked-up in /etc/services
b.      kernel services determines that xinetd should handle your
request so it's passed-off
c.      xinetd looks for the service name in it's configuration files.
This starts with /etc/xinetd.conf. at the end of that file is an
"include" that makes xinetd look at all of the files and folders in the
xinetd.d folder. In these configuration examples, the only differences
from one port to another is the virtual screen resolution and color
depth. 
d.      When xinetd finds the service name it calls the "server" and
passes the "server_args"


1) Install VNC
          a) if installed to directory other than /usr/local/bin, edit
the vnc paths in the 'vncserver.*' files (the ones used in the page
below). (OR THE XVNC executables.) REDHAT 9.0 --- Xvnc is in USR/BIN not
USR/LOCAL/BIN as shown below. Remember Xvnc <> XVNC <> xvnc. Use big X,
little vnc or else.

2) edit 'xdm-config' and comment out the line '!
DisplayManager.requestPort: 0' (should be the last line)
          a) RedHat 6.2, 7.1, 7.2 - '/etc/X11/xdm/xdm-config'

3) edit 'kdmrc' and enable XDMCP on port 177 (if kde is new enough) 
          a) RedHat 7.2 - '/etc/kde/kdm/kdmrc' 
          b) If running Gnome as your desktop, start gdmconfig, select
Expert Mode, ensure that Enable XDMCP is checked. (You must be logged in
as root) Note that remote login for root must be enabled in the
"Security" tab here if you want it.

4) edit Xaccess and uncomment the line '*        #any host can get a
login window' 
          a) RedHat 6.2, 7.1, 7.2 -' /etc/X11/xdm/Xaccess' (The line
should actually start with an asterisk. Alternatively, you can list host
names and/or IP addresses/ranges. If your use host names, they should
exist in /etc/hosts.)

5) append following (or appropriate subset) to 'services' 
          a) Linux - '/etc/services'  (NOTE: the gap between the
color-depth and the port number MUST be a tab.)

# # VNC Servers  
#
vnc-640x480x8 5950/tcp
vnc-800x600x8 5951/tcp
vnc-1024x768x8 5952/tcp
vnc-1280x1024x8 5953/tcp
vnc-1600x1200x8 5954/tcp

vnc-640x480x16 5960/tcp
vnc-800x600x16 5961/tcp
vnc-1024x768x16 5962/tcp
vnc-1280x1024x16 5963/tcp
vnc-1600x1200x16 5964/tcp

vnc-640x480x24 5970/tcp
vnc-800x600x24 5971/tcp
vnc-1024x768x24 5972/tcp
vnc-1280x1024x24 5973/tcp
vnc-1600x1200x24 5974/tcp

vnc-640x480x32 5980/tcp
vnc-800x600x32 5981/tcp
vnc-1024x768x32 5982/tcp
vnc-1280x1024x32 5983/tcp
vnc-1600x1200x32 5984/tcp


6) xinetd - add the following (or  an appropriate subset) in a new file
VNCSERVER in '/etc/xinetd.d'  The original instructions seemed to tell
you to create a file called xinetd.vncserver. If you did this, xinetd
did not pay attention to it since it will ignore file names containing
periods... I fought with that issue.

(If you're using VNC 4 or some TightVNC distributions, you will also
need to add to the "server_args" as shown in the first example:
"-SecurityTypes None" Dash and capitalization and spacing are important.
For versions prior to RealVNC 4 Do NOT include the SecurityTypes
argument.) 

Note that the "local/" below is wrong for RH9 and etc. since Xvnc is in
/usr/local/      I have a tendency to type /user/local/ and that REALLY
doesn't work.

Look at man xinetd.conf

and investigate the 'only_from' parameter. It will allow you to accept
requests from specific IP addresses (like your home network, or from
your office's gateway... this would be better than using Xaccess above.
Only_from works with ALL xinetd services.

service vnc-640x480x8
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry 640x480
-depth 8 -SecurityTypes None
}

service vnc-800x600x8
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry 800x600
-depth 8
}

service vnc-1024x768x8
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry 1024x768
-depth 8
}

service vnc-1280x1024x8
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry
1280x1024 -depth 8
}

service vnc-1600x1200x8
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry
1600x1200 -depth 8
}

service vnc-640x480x16
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry 640x480
-depth 16
}

service vnc-800x600x16
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry 800x600
-depth 16
}

service vnc-1024x768x16
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry 1024x768
-depth 16
}

service vnc-1280x1024x16
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry
1280x1024 -depth 16
}

service vnc-1600x1200x16
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry
1600x1200 -depth 16
}

service vnc-640x480x24
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry 640x480
-depth 24
}

service vnc-800x600x24
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry 800x600
-depth 24
}

service vnc-1024x768x24
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry 1024x768
-depth 24
}

service vnc-1280x1024x24
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry
1280x1024 -depth 24 
          # port = 5973
}

service vnc-1600x1200x24
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry
1600x1200 -depth 24
}

service vnc-640x480x32
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry 640x480
-depth 32
}

service vnc-800x600x32
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry 800x600
-depth 32
}

service vnc-1024x768x32
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry 1024x768
-depth 32
}

service vnc-1280x1024x32
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry
1280x1024 -depth 32
}

service vnc-1600x1200x32
{
          protocol = tcp
          socket_type = stream
          wait = no
          user = nobody
          server = /usr/local/bin/Xvnc
          server_args = -inetd -query localhost -once -geometry
1600x1200 -depth 32
}

 

7) reboot (or restart inetd/xinetd and xdm or equivalent) 
          a) xdm i) Running KDM, to restart, killall kdm
                      ii) Running GDM, to restart, killall gdm
          b) xinet i) RedHat 7.1/7.2 - '/etc/init.d/xinet restart'

8) edit /etc/xinetd.conf. if there is a line 

interface =127.0.0.1

comment it by adding a pound-sign (#) in front. If this line is present,
it allows xinetd services ONLY on the local machine.... Not cool.


You can also define non-standard screen sizes. It is not limited to your
graphics card. This needs to be done in both the above files.


Debugging your connection to VNC.

1. If you find you cannot connect, this could be a few things. Ensure
that the path in your inetd.conf and xinetd.d point to the same place as
your actual vnc executables.

2. See if your Xvnc is running. From a remote machine, telnet to the
machine hosting VNC, using the full port number you have defined in your
services file. In this case, an example would be port 5951. (This would
test the VNC for 800x600x8). If no response, you may not be on the same
subnet, or you have a firewall in the way. The normal response would be
rubbish, but it proves that you have an open port to connect to.

3. Test if your XDMCP is running. This uses port 177, but uses UDP, so
telnet will not work against it. You can use something like nmap
http://www.insecure.org/nmap/ to test this port. The command line would
be:

nmap -sU -p 177 hostname (change the hostname to suit your system).

You can also use nmap to test your regular vnc ports. If not running,
check part 3 of the configuration instructions.
         

From: p putkowski Sent: Tuesday, August 03, 2004 6:12 AM

================================================================
Jims Efforts

You need to run vncserver from the $ prompt when logged in as the user
to set the password up
The init.d stuff on Redhat is a little different.

Here is the script (in my 1280x1024 screen, 1260x880 is great as it
leaves the task bar clear

 

[root "at" kiboko root]# cat /etc/init.d/startvnc
#!/bin/sh
#   Linux chkconfig stuff:
#
#   chkconfig: 345 90 10
#   description: Startup/shutdown script for the VNC Servers
#
# Source function library.
if [ -f /etc/init.d/functions ] ; then
        . /etc/init.d/functions
elif [ -f /etc/rc.d/init.d/functions ] ; then
        . /etc/rc.d/init.d/functions
else
        exit 0
fi

DAEMON=startvnc
prog=startvnc
HOME=/root ;export HOME
case $1 in
        start)
                vncserver :1 -geometry 1260x880 -depth 24
                vncserver :2 -geometry 1260x880 -depth 24
                su jimbo -c "vncserver :5 -geometry 1260x880 -depth 24"
        ;;
        stop)
                vncserver -kill :1
                vncserver -kill :2
                su jimbo -c "vncserver -kill :5"
        ;;
        restart)
                vncserver -kill :1
                vncserver :1 -geometry 1260x880 -depth 24

                vncserver -kill :2
                vncserver :2 -geometry 1260x880 -depth 24
                su jimbo -c "vncserver -kill :5"
                su jimbo -c "vncserver :5 -geometry 1260x880 -depth 24"
        ;;
        status)
                #status $DAEMON
        ;;
        *)
        echo "Usage: $DAEMON {start|stop|restart|status}"
        exit 1
esac
exit $RETVAL


[root "at" kiboko .vnc]# cat xstartup
#!/bin/sh
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
#vncconfig -iconic &
#xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
#twm & (this works too)
gnome-session &

 
This is not all correct linux of course, but as a first draft it works.
Also after this, in init.d run chkconfig -add startvnc

This reads the comments at the top and places the correct links in the
rc3-4-5.d dirs. You can also use the redhat Server/Services applet, but
only after a chkconfig has been run on it correctly, or it has the
correct comments 
#   chkconfig: 345 90 10
#   description: Startup/shutdown script for the VNC Servers
e.g. chkconfig: 345 90 10  345, run in levels 3 4 and 5, 90, start with
prioity 90 (toward end of startup of run level) 10 end toward beginning
of change to a non run level e.g. level 6

These sessions run well and stay logged in, they do require a password
to start/restart the client however.

James B. White
C.S.H. Consultants Pty Ltd
Phone....:+61(0)3 97151033
Fax......:+61(0)3 97151400
Mobile...:+61(0)418 558 184