On 1/17/11 8:12 AM, Andreas Delleske wrote: > 1. I would like to have all three server instances started automatically > whenever booting the machine: How can this be accomplished? Is there a > script to start / stop / reboot the servers as root? Can the three > logins be served from one server or must there be 3 for 3 users?
The tvncservers file goes in /etc/sysconfig, not in /etc. You can start/stop the servers listed in this file by running /etc/init.d/tvncserver start or /etc/init.d/tvncserver stop as root. The VNCSERVERARGS parameters aren't currently supported, but it would be a fairly simple mod to make them work. In the meantime, you can add $geometry = "WxH"; $enableHTTP = 0; to ~/.vnc/turbovncserver.conf for each user (you might want to instead set $enableHTTP=0; in /etc/turbovncserver.conf to enforce it on a system-wide basis.) > 2. Next, I want to add the ssh tunnel: How can I block users getting > shell access BUT be able to login via VNC plus ssh tunnel? I want to > make sure that the users have their desktop but may not move code from > or to the session on the server (I know, except making screenshots) Setting the user's shell to /bin/false should prevent them from logging in interactively but still allow them to set up SSh tunnels. > 3. Looks like the option -nohttpd within /etc/tvncservers has no effect. > It seemed that setting $enableHTTP = 0 helped. See above. Our version of the init.d script doesn't currently parse the arguments array. I'll look into adding that, but use the TurboVNC server config file to set the defaults on a per-user or system-wide basis in the meantime. > 4. I thought I defined the screen ID number (:1, :2, :3) inside > /etc/tvncservers (e.g. third = :3). When starting the tvncserver for > used "third" after "first" it appears that port 5802 is opened for > "third" and not 5803 as I expected. Where did I go wrong? See above. tvncservers needs to be in /etc/sysconfig, and you need to start it from the init.d script. > 5. A word about security: As I understand, the VNC protocoll transports > only bitmap information, thus no text that might be captured on the > client machine or elsewhere. Can that be bypassed? Could an attacker > manage to read or copy, lets say, sourcecode from the server machine > when he/she only has TurboVNC access to it? The VNC protocol can transfer the contents of the clipboard between server and viewer, which would be a means by which someone could copy/paste text from the server to the viewer. There isn't currently a way to disable the clipboard transfer on the server, but I suppose there should be. > 5. I'd like the clients to use the grabKeyboard and the fullScreen > options: Where do I have to put that? Add *grabKeyboard: true *fullScreen: true to ~/Vncviewer for each user or to /usr/lib/X11/app-defaults/Vncviewer on the client machine (the latter will cause all users on the client machine to have the same defaults.) ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ VirtualGL-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/virtualgl-users
