xserver.man

远程桌面连接工具

<property with value> ::= <property/rpv> = <string/rv>

<perms> ::= [ <operation> | <action> | <space> ]*

<operation> ::= r | w | d

<action> ::= a | i | e

<string> ::= <dbl quoted string> | <single quoted string> | <unqouted string>

<dbl quoted string> ::= <space> " <not dqoute>* " <space>

<single quoted string> ::= <space> ' <not squote>* ' <space>

<unquoted string> ::= <space> <not space>+ <space>

<space> ::= [ ' ' | '\et' ]*

Character sets:

<not newline> ::= any character except '\en'
<not dqoute>  ::= any character except "
<not squote>  ::= any character except '
<not space>   ::= any character except those in <space>
.fi
.PP
The semantics associated with the above syntax are as follows.
.PP
<version line>, the first line in the file, specifies the file format
version.  If the server does not recognize the version <string/v>, it
ignores the rest of the file.  The version string for the file format
described here is "version-1" .
.PP
Once past the <version line>, lines that do not match the above syntax
are ignored.
.PP
<comment> lines are ignored.
.PP
<sitepolicy> lines are currently ignored.  They are intended to
specify the site policies used by the XC-QUERY-SECURITY-1
authorization method.
.PP
<access rule> lines specify how the server should react to untrusted
client requests that affect the X Window property named <property/ar>.
The rest of this section describes the interpretation of an
<access rule>.
.PP
For an <access rule> to apply to a given instance of <property/ar>,
<property/ar> must be on a window that is in the set of windows
specified by <window>.  If <window> is any, the rule applies to
<property/ar> on any window.  If <window> is root, the rule applies to
<property/ar> only on root windows.
.PP
If <window> is <required property>, the following apply.  If <required
property> is a <property/rp>, the rule applies when the window also
has that <property/rp>, regardless of its value.  If <required
property> is a <property with value>, <property/rpv> must also have
the value specified by <string/rv>.  In this case, the property must
have type STRING and format 8, and should contain one or more
null-terminated strings.  If any of the strings match <string/rv>, the
rule applies.
.PP
The definition of string matching is simple case-sensitive string
comparison with one elaboration: the occurence of the character '*' in
<string/rv> is a wildcard meaning "any string."  A <string/rv> can
contain multiple wildcards anywhere in the string.  For example, "x*"
matches strings that begin with x, "*x" matches strings that end with
x, "*x*" matches strings containing x, and "x*y*" matches strings that
start with x and subsequently contain y.
.PP
There may be multiple <access rule> lines for a given <property/ar>.
The rules are tested in the order that they appear in the file.  The
first rule that applies is used.
.PP
<perms> specify operations that untrusted clients may attempt, and
the actions that the server should take in response to those operations.
.PP
<operation> can be r (read), w (write), or d (delete).  The following
table shows how X Protocol property requests map to these operations
in the X Consortium server implementation.
.PP
.nf
GetProperty	r, or r and d if delete = True
ChangeProperty	w
RotateProperties	r and w
DeleteProperty	d
ListProperties	none, untrusted clients can always list all properties
.fi
.PP
<action> can be a (allow), i (ignore), or e (error).  Allow means
execute the request as if it had been issued by a trusted client.
Ignore means treat the request as a no-op.  In the case of
GetProperty, ignore means return an empty property value if the
property exists, regardless of its actual value.  Error means do not
execute the request and return a BadAtom error with the atom set to
the property name.  Error is the default action for all properties,
including those not listed in the security policy file.
.PP
An <action> applies to all <operation>s that follow it, until the next
<action> is encountered.  Thus, irwad  means ignore read and write,
allow delete.
.PP
GetProperty and RotateProperties may do multiple operations (r and d,
or r and w).  If different actions apply to the operations, the most
severe action is applied to the whole request; there is no partial
request execution.  The severity ordering is: allow < ignore < error.
Thus, if the <perms> for a property are ired (ignore read, error
delete), and an untrusted client attempts GetProperty on that property
with delete = True, an error is returned, but the property value is
not.  Similarly, if any of the properties in a RotateProperties do not
allow both read and write, an error is returned without changing any
property values.
.PP
Here is an example security policy file.
.PP
.ta 3i 4i
.nf
version-1 

# Allow reading of application resources, but not writing.
property RESOURCE_MANAGER	root	ar iw
property SCREEN_RESOURCES	root	ar iw

# Ignore attempts to use cut buffers.  Giving errors causes apps to crash,
# and allowing access may give away too much information.
property CUT_BUFFER0	root	irw
property CUT_BUFFER1	root	irw
property CUT_BUFFER2	root	irw
property CUT_BUFFER3	root	irw
property CUT_BUFFER4	root	irw
property CUT_BUFFER5	root	irw
property CUT_BUFFER6	root	irw
property CUT_BUFFER7	root	irw

# If you are using Motif, you probably want these.
property _MOTIF_DEFAULT_BINDINGS	root	ar iw
property _MOTIF_DRAG_WINDOW	root	ar iw
property _MOTIF_DRAG_TARGETS	any 	ar iw
property _MOTIF_DRAG_ATOMS	any 	ar iw
property _MOTIF_DRAG_ATOM_PAIRS	any 	ar iw

# The next two rules let xwininfo -tree work when untrusted.
property WM_NAME	any	ar

# Allow read of WM_CLASS, but only for windows with WM_NAME.
# This might be more restrictive than necessary, but demonstrates
# the <required property> facility, and is also an attempt to
# say "top level windows only."
property WM_CLASS	WM_NAME	ar

# These next three let xlsclients work untrusted.  Think carefully
# before including these; giving away the client machine name and command
# may be exposing too much.
property WM_STATE	WM_NAME	ar
property WM_CLIENT_MACHINE	WM_NAME	ar
property WM_COMMAND	WM_NAME	ar

# To let untrusted clients use the standard colormaps created by
# xstdcmap, include these lines.
property RGB_DEFAULT_MAP	root	ar
property RGB_BEST_MAP	root	ar
property RGB_RED_MAP	root	ar
property RGB_GREEN_MAP	root	ar
property RGB_BLUE_MAP	root	ar
property RGB_GRAY_MAP	root	ar

# To let untrusted clients use the color management database created
# by xcmsdb, include these lines.
property XDCCC_LINEAR_RGB_CORRECTION	root	ar
property XDCCC_LINEAR_RGB_MATRICES	root	ar
property XDCCC_GRAY_SCREENWHITEPOINT	root	ar
property XDCCC_GRAY_CORRECTION	root	ar

# To let untrusted clients use the overlay visuals that many vendors
# support, include this line.
property SERVER_OVERLAY_VISUALS	root	ar

# Dumb examples to show other capabilities.

# oddball property names and explicit specification of error conditions
property "property with spaces"	'property with "'	aw er ed

# Allow deletion of Woo-Hoo if window also has property OhBoy with value
# ending in "son".  Reads and writes will cause an error.
property Woo-Hoo	OhBoy = "*son"	ad

.fi
.SH "NETWORK CONNECTIONS"
The X server supports client connections via a platform-dependent subset of
the following transport types: TCP\/IP, Unix Domain sockets, DECnet,
and several varieties of SVR4 local connections.  See the DISPLAY
NAMES section of the \fIX(1)\fP manual page to learn how to specify
which transport type clients should try to use.
.SH GRANTING ACCESS
The X server implements a platform-dependent subset of the following
authorization protocols: MIT-MAGIC-COOKIE-1, XDM-AUTHORIZATION-1,
SUN-DES-1, and MIT-KERBEROS-5.  See the \fIXsecurity(1)\fP manual page
for information on the operation of these protocols.
.PP
Authorization data required by the above protocols is passed to the
server in a private file named with the \fB\-auth\fP command line
option.  Each time the server is about to accept the first connection
after a reset (or when the server is starting), it reads this file.
If this file contains any authorization records, the local host is not
automatically allowed access to the server, and only clients which
send one of the authorization records contained in the file in the
connection setup information will be allowed access.  See the
\fIXau\fP manual page for a description of the binary format of this
file.  See \fIxauth(1)\fP for maintenance of this file, and distribution
of its contents to remote hosts.
.PP
The X server also uses a host-based access control list for deciding
whether or not to accept connections from clients on a particular machine.
If no other authorization mechanism is being used,
this list initially consists of the host on which the server is running as
well as any machines listed in the file \fI/etc/X\fBn\fI.hosts\fR, where
\fBn\fP is the display number of the server.  Each line of the file should
contain either an Internet hostname (e.g. expo.lcs.mit.edu) or a DECnet
hostname in double colon format (e.g. hydra::).  There should be no leading
or trailing spaces on any lines.  For example:
.sp
.in +8
.nf 
joesworkstation
corporate.company.com
star::
bigcpu::
.fi
.in -8
.PP
Users can add or remove hosts from this list and enable or disable access
control using the \fIxhost\fP command from the same machine as the server.
.PP
The X protocol intrinsically does not have any notion of window operation
permissions or place any restrictions on what a client can do; if a program can
connect to a display, it has full run of the screen.  
X servers that support the SECURITY extension fare better because clients
can be designated untrusted via the authorization they use to connect; see
the \fIxauth(1)\fP manual page for details.  Restrictions are imposed
on untrusted clients that curtail the mischief they can do.  See the SECURITY
extension specification for a complete list of these restrictions.
.PP
Sites that have better
authentication and authorization systems might wish to make
use of the hooks in the libraries and the server to provide additional
security models.
.SH SIGNALS
The X server attaches special meaning to the following signals:
.TP 8
.I SIGHUP
This signal causes the server to close all existing connections, free all
resources, and restore all defaults.  It is sent by the display manager
whenever the main user's main application (usually an \fIxterm\fP or window
manager) exits to force the server to clean up and prepare for the next
user.
.TP 8
.I SIGTERM
This signal causes the server to exit cleanly.
.TP 8
.I SIGUSR1
This signal is used quite differently from either of the above.  When the
server starts, it checks to see if it has inherited SIGUSR1 as SIG_IGN
instead of the usual SIG_DFL.  In this case, the server sends a SIGUSR1 to
its parent process after it has set up the various connection schemes.
\fIXdm\fP uses this feature to recognize when connecting to the server
is possible.
.SH FONTS
The X server
can obtain fonts from directories and/or from font servers.
The list of directories and font servers
the X server uses when trying to open a font is controlled
by the \fIfont path\fP.  
.LP
The default font path is
"<XRoot>/lib/X11/fonts/misc/,
<XRoot>/lib/X11/fonts/Speedo/,
<XRoot>/lib/X11/fonts/Type1/,
<XRoot>/lib/X11/fonts/75dpi/,
<XRoot>/lib/X11/fonts/100dpi/" .
where <XRoot> refers to the root of the X11 install tree.
.LP
The font path can be set with the \fB\-fp\fP option or by \fIxset(1)\fP
after the server has started.
.SH FILES
.TP 30
/etc/X\fBn\fP.hosts
Initial access control list for display number \fBn\fP
.TP 30
<XRoot>/lib/X11/fonts/misc, <XRoot>/lib/X11/fonts/75dpi, <XRoot>/lib/X11/fonts/100dpi 
Bitmap font directories
.TP 30
<XRoot>/lib/X11/fonts/Speedo, <XRoot>/lib/X11/fonts/Type1
Outline font directories
.TP 30
<XRoot>/lib/X11/fonts/PEX
PEX font directories
.TP 30
<XRoot>/lib/X11/rgb.txt
Color database
.TP 30
/tmp/.X11-unix/X\fBn\fP
Unix domain socket for display number \fBn\fP
.TP 30
/tmp/rcX\fBn\fP
Kerberos 5 replay cache for display number \fBn\fP
.TP 30
/usr/adm/X\fBn\fPmsgs
Error log file for display number \fBn\fP if run from \fIinit(8)\fP
.TP 30
<XRoot>/lib/X11/xdm/xdm-errors
Default error log file if the server is run from \fIxdm(1)\fP
.LP
Note: <XRoot> refers to the root of the X11 install tree.
.SH "SEE ALSO"
General information: X(1)
.PP
Protocols:
.I "X Window System Protocol,"
.I "The X Font Service Protocol,"
.I "X Display Manager Control Protocol"
.PP
Fonts: bdftopcf(1), mkfontdir(1), xfs(1), xlsfonts(1), xfontsel(1), xfd(1),
.I "X Logical Font Description Conventions"
.PP
Security: Xsecurity(1), xauth(1), Xau(1), xdm(1), xhost(1),
.I "Security Extension Specification"
.PP
Starting the server: xdm(1), xinit(1)
.PP
Controlling the server once started: xset(1), xsetroot(1), xhost(1)
.PP
Server-specific man pages: 
Xdec(1), XmacII(1), Xsun(1), Xnest(1), Xvfb(1),
XF86_Accel(1), XF86_Mono(1), XF86_SVGA(1), XF86_VGA16(1), XFree86(1)
.PP
Server internal documentation:
.I "Definition of the Porting Layer for the X v11 Sample Server"
.SH AUTHORS
The sample server was originally written by Susan Angebranndt, Raymond
Drewry, Philip Karlton, and Todd Newman, from Digital Equipment
Corporation, with support from a large cast.  It has since been
extensively rewritten by Keith Packard and Bob Scheifler, from MIT.
Dave Wiggins took over post-R5 and made substantial improvements.