# TightVNC using xinetd: is xdm needed?

## Havin_it

Hello,

I've installed tightvnc on my headless server as a way of accessing the occasional X app via a web browser (using the experimental SSH Java applet). I'm pleased with the results so far - it is much faster than SSH X forwarding over the WAN, and being able to disconnect/reconnect to X apps is great - but I'd rather not have it running all the time, so I'm trying to get it working with xinetd. For my window-manager I'm using Fluxbox, though this was a random choice and I'm open to other suggestions that are lightweight but a little more functional than twm  :Wink: 

I looked at the post in Tips + Tricks forum (and similar on gentoo-wiki) about tightvnc + xinetd, but they both seem to rely on having xdm running; trading one running service for another seems pointless.

I tried my own setup using the arguments used by the vnc initscript to configure xinetd, like so:

/etc/services

```
vnc 5900/tcp
```

/etc/xinetd/vnc

```
service vnc

{

    socket_type = stream

    server = /usr/bin/Xvnc

    server_args = -inetd :0 -desktop X -auth /home/robin/.Xauthority -geometry 1024x768 -depth 24 -rfbwait 120000 -rfbauth /home/robin/.vnc/passwd -rfbport 5900 -fp /usr/share/fonts/misc/,/usr/share/fonts/Type1/ -co /usr/share/X11/rgb

    protocol = tcp

    user = robin

    wait = no

    disable = no

}
```

However when I try to connect this way, the applet reports "Network error: remote side closed connection" and my daemon.log shows that the process exited immediately with status 1.

I assume there is a reason for this because I'm going about this in a way that's not suggested elsewhere (that I can see). Or should it work?

My ideal scenario would be that nothing (except xinetd) is running when vnc is not in use, *except* when I have cause to disconnect from a session but leave apps running.  (I'm quite fuzzy on this point, but I'd assumed the difference would be logging out from the desktop as opposed to hitting Disconnect in the vnc viewer).

I'm already suspecting that the above is asking too much, but if I'm wrong I'd like to know about it. Failing that, what do the forumites suggest would be the most resource-efficient approach?

Thanks in advance.

----------

## Havin_it

A slight change: I established that the argument ":0" has to go first, so changed the /etc/xinetd.d/vnc file accordingly. The result now is that when I login, Xvnc stays running, but fluxbox doesn't start: I just get a weave-pattern root window and X cursor. This seems to indicate that ~/.vnc/xstartup file is never executed/read.

BTW the xstartup file only consists of the following:

```
#!/bin/sh

/usr/bin/startfluxbox &
```

----------

## wildbug

 *Havin_it wrote:*   

> A slight change: I established that the argument ":0" has to go first, so changed the /etc/xinetd.d/vnc file accordingly. The result now is that when I login, Xvnc stays running, but fluxbox doesn't start: I just get a weave-pattern root window and X cursor. This seems to indicate that ~/.vnc/xstartup file is never executed/read.

 

~/.vnc/xstartup isn't read with vnc via inetd/xinetd.  You might try ~/.xinitrc.  I've been working on a headless box with a similar setup, but I'm using TigerVNC (net-misc/tigervnc), so I'm not sure how different they are.  

Here's my /etc/xinetd.d/vncserver file:

```
service vncserver

{

   protocol     = tcp

   socket_type  = stream

   wait         = no

   user         = nobody

   server       = /usr/bin/Xvnc

   server_args  = -inetd -query localhost -once -geometry 1920x1200 -depth 24 -SecurityTypes=None

}
```

I'm using gdm (/etc/init.d/xdm), which is a little different than you want, but I like it for my multi-user environment so users can get a nice, graphical username/password dialog (-securitytypes=none passes authentication off to gdm).  In this configuration the session starts when a user connects and will end when either the viewer is closed or the user logs out.  Any number of users can connect to the same port (i.e., myserver:50).  Another way to configure this is to give each user a specific port on the server.  Using this method allows disconnecting and reconnecting to the same session (by closing the vncviewer and opening a new one).  IIRC this is controlled by the wait=yes parameter to xinetd, instructing the process to wait until the server (Xvnc) exits.

You might look into the "--no-console" option to gdm also, which runs gdm without running a local console, but I'm not sure how to add it to the Gentoo startup script (/etc/conf.d/xdm?).

----------

## Havin_it

Hi wildbug, thanks for the suggestions. I've actually switched to TigerVNC myself now -- for the xrandr support so I can resize the desktop on-the-fly on different client screen sizes. Maybe you can answer this about it: what's the purpose of the xorgmodule USE-flag? There's not much organised documentation for this, so I'm unclear.

I'll have a play around with these options and see what makes most sense for my use-case.  Since I'm making my own web page to host the applet with some cookie-based config, I thought I could use PHP to add controls for stopping/starting tigervnc and/or xdm as needed. I'll post back when I've got a little further.

Sidenote: The TightVNC+SSH java viewer works fine with TigerVNC too, just for the record. The only slight bug I found is that if you have the applet open in a window, the window doesn't resize to match the desktop when you connect, but that's not the worst.

----------

## wildbug

It looks like the xorgmodule USE flag controls the existence of the vnc xorg module (/usr/lib/xorg/modules/extensions/libvnc.so).  I'm not sure what functionality that buys you, but it's loaded when X starts, according to my /var/log/Xorg.0.log.

----------

## Havin_it

Not having great success with the setup you suggested  :Sad:  It seems whatever I do, I can't get a connection if I have "wait = yes" in the xinetd config. I've tried it exactly as you have it above, as in the Xvnc manpage (only just noticed that bit at the bottom lol), all manner of different server_args, but always when I change to "wait = yes", it results in this (from /var/log/daemon.log)

```
Mar 13 21:20:00 brazil xinetd[29054]: FAIL: vnc address from=<no address>

Mar 13 21:20:00 brazil xinetd[28975]: EXIT: vnc status=0 pid=29054 duration=0(sec)

Mar 13 21:20:00 brazil xinetd[28975]: START: vnc pid=29055 from=<no address>

Mar 13 21:20:00 brazil xinetd[29055]: FAIL: vnc address from=<no address>

Mar 13 21:20:00 brazil xinetd[28975]: EXIT: vnc status=0 pid=29055 duration=0(sec)

(...lots of lines like above...)

Mar 13 21:20:00 brazil xinetd[28975]: Deactivating service vnc due to excessive incoming connections.  Restarting in 10 seconds.

Mar 13 21:20:00 brazil xinetd[28975]: FAIL: vnc connections per second from=<no address>
```

I notice a lot of people in these forums and elsewhere with this same problem, and I've tried most of their configs for good measure, but no solutions are mentioned. Disappointing ... it sounded like the perfect setup for me.

----------

## wildbug

(Big, fat disclaimer:  I've never actually had a "wait=yes" setup; I've just read about it while researching Xvnc/xinetd.)

For persistent sessions, I think you need to have a passwordFile=/home/USER/.vnc/passwd line argument to Xvnc.  That also implies that you'll be using the VNC password rather than the UNIX password/GDM-style login.

Okay, I just a did a quick test, adding another service to xinetd for persistent VNC logins.  It did work, although I had a GDM-style login following the VNC password prompt, probably because I didn't reconfigure xdm/gdm.  But I was able to log in, then close the vncviewer, and login again to pick up where I left off.  Here's what worked:

```
# cat /etc/xinetd.d/vncpersistent 

service vncpersistent

{

   protocol        = tcp

   socket_type     = stream

   wait            = yes

   user            = nobody

   server          = /usr/bin/Xvnc

   server_args     = -inetd -query localhost -geometry 1366x768 -depth 24 -once passwordFile=/home/test2/.vnc/passwd

}

# tail -n1 /etc/services

vncpersistent   5951/tcp         # TigerVNC/Xvnc login (persistent)

```

Set the user's VNC password using the vncpasswd program first.

----------

## Havin_it

I swear I tried that line -- I'm not joking when I say I tried every combo under the sun -- but I will check again, maybe the order is significant.

One of the references I found suggested that it was a problem with xinetd and threaded server processes. Can I ask, do you have USE=nptl set for tigervnc?

Meantime, I tried running both xdm and tigervnc initscripts, the latter with VNC_OPTS="-query localhost securitytypes=none" (as I'm going through ssh already, the vnc auth is redundant). This isn't exactly what I had in mind, but it does mean I can shut down and restart my fluxbox session from the comfort of the viewer, or reconnect an active session if I prefer. I guess having just xdm and Xvnc running when idle is no worse memory-wise than just Xvnc and fluxbox, though obviously just xinetd would be better still.

----------

## wildbug

 *Havin_it wrote:*   

> Can I ask, do you have USE=nptl set for tigervnc?

 

Yes; "nptl opengl server xorgmodule" are all set.  Have you been using the tigervnc init script?  I didn't realize it had one; isn't that redundant if you're using xinetd?  And you're pointing your vncviewer to the correct screen/port?  I.e., if your port is defined as 5951 in /etc/services, you're going to yourserver:51, right?  Maybe if you have redundant servers (xinetd & /etc/conf.d/tigervnc) trying to serve requests on the same port, you have a conflict.

You probably don't need xdm/gdm running unless you want the GUI login (or OpenGL).

----------

## Havin_it

Sorry, to clarify: I'm now using tigervnc and xdm initscripts as an alternative to xinetd + Xvnc as that wasn't working with wait = yes.

I guess it's pretty much a toss-up among the two (working) options: Use just the tigervnc initscript and I have to keep fluxbox running even when I'm not engaged in a session (because I can't bring it back if I exit it, not without going in and restarting tigervnc); use xdm as well, and I can quit fluxbox and log back in, but it does mean xdm is running constantly.

I reckon the latter is probably a little bit more efficient, though there's probably very little difference really.

----------

## Havin_it

I'd quite like to file a bug on the xinetd issue, but I found a similar one on b.g.o from a while ago and it just got kicked upstream so not sure if it's worth it.

What I would like to try is comparing your setup as close as I can to see what else I have different. Would you be willing to post (or PM) your make.conf and package.use?

----------

## wildbug

/etc/portage/package.use

```
media-gfx/gimp              exif smp

media-gfx/imagemagick       q8 X jpeg tiff jpeg2k png fpx doc xml fftw hdri -openmp

media-libs/vips             imagemagick exif fftw jpeg png threads tiff

media-libs/openjpeg         tools

sys-power/nut               hal usb cgi

sys-fs/udev                 extras

sci-libs/hdf                szip

# Kerberos

net-misc/openssh            hpn kerberos

net-fs/nfs-utils            kerberos

net-fs/samba                ads kerberos ldap

sys-auth/pambase            consolekit

sys-auth/consolekit         policykit

# Gnome

gnome-base/gvfs             gdu

sys-block/parted            device-mapper

net-misc/tigervnc           server

gnome-base/gdm              remote

media-libs/sdl-mixer        mikmod vorbis

x11-misc/pcmanfm            debug
```

/etc/portage/package.keywords

```
# System

sys-kernel/gentoo-sources       ~amd64

sys-kernel/linux-headers        ~amd64

sys-devel/gcc                   ~amd64

net-misc/dhcpcd                 ~amd64

sys-apps/flashrom               ~amd64

x11-drivers/nvidia-drivers      ~amd64

media-video/nvidia-settings     ~amd64

# Imaging

media-libs/vips                 ~amd64

media-gfx/imagemagick           ~amd64

media-libs/tiff                 ~amd64

# Other

app-benchmarks/bonnie++         ~amd64

sys-power/nut                   ~amd64

x11-misc/pcmanfm                ~amd64

x11-libs/libfm                  ~amd64
```

/etc/xinetd.d/vncserver

```
service vncserver

{

    protocol        = tcp

    socket_type     = stream

    wait            = no

    user            = nobody

    server          = /usr/bin/Xvnc

    server_args     = -inetd -query localhost -once -geometry 1366x768 -depth 24 -SecurityTypes=None

}
```

/etc/X11/gdm/custom.conf

```
[daemon]

RemoteGreeter=/usr/libexec/gdmgreeter

DefaultSession=LXDE.desktop

[security]

#DisallowTCP=false

[xdmcp]

Enable=true

DisplaysPerHost=16

[gui]

[greeter]

[chooser]

[debug]

[servers]

[server-Standard]

name=Standard server

command=/usr/bin/X -audit 0

chooser=false

handled=true

flexible=true

priority=0
```

/etc/make.conf

```
# See http://developer.amd.com/documentation/articles/pages/Compiler-FlagDrivenPerformanceGains.aspx

# CFLAGS="-march=native -O2 -pipe"

CFLAGS="-mtune=amdfam10 -O3 -fomit-frame-pointer -funroll-all-loops -fpeel-loops -ftree-vectorize -pipe"

CXXFLAGS="${CFLAGS}"

CHOST="x86_64-pc-linux-gnu"

VIDEO_CARDS="nvidia"

MAKEOPTS="-j50"

FEATURES="parallel-fetch ccache splitdebug"

PORTDIR_OVERLAY="/usr/local/portage"

CCACHE_DIR="/var/ccache"

CCACHE_SIZE="8G"

# CPU (this might be redundant as I think there are hard-masked)

USE="mmx sse sse2 sse3 sse4a 3dnow 3dnowext"

# System

USE="$USE threads openmp dbus hal"

# X

USE="$USE truetype X new-login xorg xscreensaver xv xcomposite opengl aiglx xinerama cairo"

# Image formats

USE="$USE jpeg gif tiff png svg pdf"

# Misc

USE="$USE fftw"

GENTOO_MIRRORS="http://gentoo.osuosl.org/ http://gentoo.mirrors.tds.net/gentoo http://gentoo.netnitco.net http://distro.ibiblio.org/pub/linux/distributions/gentoo/"
```

#rc-update

```
            bootmisc | boot

             checkfs | boot

           checkroot | boot

               clock | boot

         consolefont | boot

          consolekit |      default

                dbus |      default

                hald |      default

            hostname | boot

             keymaps | boot

               local |      default nonetwork

          localmount | boot

             modules | boot

            net.eth0 |      default

              net.lo | boot

            netmount |      default

                ntpd | boot

           rmnologin | boot

                sshd |      default

      udev-postmount |      default

             urandom | boot

                 xdm |      default
```

If you want anything else, just ask.

----------

