sesman.ini(5) Configuration file for sesman(8)

DESCRIPTION

This is the man page for sesman.ini, sesman(8) configuration file. It is composed by a number of sections, each one composed by a section name, enclosed by square brackets, folowed by a list of <parameter>=<value> lines.

sesman.ini supports the following sections:

[Globals] - sesman global configuration section,

[Logging] - logging subsystem parameters

[Security] - Access control parameters

[Sessions] - Session management parameters

All options and values (except for file names and paths) are case insensitive, and are described in detail below.

For any of the following parameter, if it's specified more than one time the last entry encountered will be used.

NOTE: if any of these options is specified outside its section, it will be ignored.

GLOBALS

The options to be specified in the [globals] section are the following:

ListenAddress=ip address
Specifies sesman listening address. Default is 0.0.0.0 (all interfaces)

ListenPort=port number
Specifies sesman listening port. Default is 3350

EnableUserWindowManager=[0|1]
If set to 1, true or yes this option enables user specific window manager, that is, anyone can define it's own script executed by sesman when starting a new session, specified by UserWindowManager

UserWindowManager=startwm.sh
This option specifies the script run by sesman when starting a session and per-user window manager is enabled.
The path is relative to user's HOME directory

DefaultWindowManager=${SESMAN_BIN_DIR}/startwm.sh
This contains full path to the default window manager startup script used by sesman to start a session

LOGGING

The following parameters can be used in the [logging] section:

LogFile=${SESMAN_LOG_DIR}/sesman.log
This options contains the path to logfile. It can be either absolute or relative, and the default is ${SESMAN_LOG_DIR}/sesman.log

LogLevel=level
This option can have one of the following values:

CORE or 0 - Log only core messages. these messages are _always_ logged, regardless the logging level selected.

ERROR or 1 - Log only error messages

WARNING, WARN or 2 - Logs warnings and error messages

INFO or 3 - Logs errors, warnings and informational messages

DEBUG or 4 - Log everything. If sesman is compiled in debug mode, this options will output many more low-level message, useful for developers

EnableSyslog=[0|1]
If set to 1, true or yes this option enables logging to syslog. Otherwise syslog is disabled.

SyslogLevel=level
This option sets the logging level for syslog. It can have the same values of LogLevel. If SyslogLevel is greater than LogLevel, its value is lowered to that of LogLevel.

SESSIONS

The following parameters can be used in the [Sessions] section:

X11DisplayOffset=<number>
Specifies the first X display number available for sesman(8). This prevents sesman from interfering with real X11 servers. The default is 10.

MaxSessions=<number>
Sets the maximum number of simultaneous session on terminal server.
If unset or set to 0, unlimited session are allowed.

KillDisconnected=[0|1]
If set to 1, true or yes, every session will be killed within 60 seconds when the user disconnects.

IdleTimeLimit=<number>
Sets the the time limit before an idle session is disconnected.
If set to 0, automatic disconnection is disabled.
-this option is currently ignored!-

DisconnectedTimeLimit=<number>
Sets the time(in seconds) limit before a disconnected session is killed.
If set to 0, automatic killing is disabled.

Policy=[Default|UBD|UBI|UBC|UBDI|UBDC]
Session allocation policy. By Default, a new session is created for the combination <User,BitPerPixel> when using Xrdp, and for the combination <User,BitPerPixel,DisplaySize> when using Xvnc. This behaviour can be changed by setting session policy to:


UBD - session per <User,BitPerPixel,DisplaySize>
UBI - session per <User,BitPerPixel,IPAddr>
UBC - session per <User,BitPerPixel,Connection>
UBDI - session per <User,BitPerPixel,DisplaySize,IPAddr>
UBDC - session per <User,BitPerPixel,DisplaySize,Connection>


Note that the criteria <User,BitPerPixel> can not be turned off and <DisplaySize> will always be checkt when for Xvnc connections.

SECURITY

The following parameters can be used in the [Sessions] section:

AllowRootLogin=[0|1]
If set to 1, true or yes enables root login on the terminal server

MaxLoginRetry=[0|1]
The number of login attempts that are allowed on terminal server. If set to 0, unlimited attempts are allowed. The default value for this field is 3.

TerminalServerUsers=tsusers
Only the users belonging to the group tsusers are allowed to login on terminal server.
If unset or set to an invalid or non-existent group, login for all users is enabled.

TerminalServerAdmins=tsadmins
Sets the group which a user shall belong to have session management rights.
-this option is currently ignored!-

EXAMPLES

This is an example sesman.ini:

[Globals]
ListenAddress=127.0.0.1
ListenPort=3350
EnableUserWindowManager=1
UserWindowManager=startwm.sh
DefaultWindowManager=startwm.sh
[Logging]
LogFile=/usr/local/xrdp/sesman.log
LogLevel=DEBUG
EnableSyslog=0
SyslogLevel=DEBUG
[Sessions]
MaxSessions=10
KillDisconnected=0
IdleTimeLimit=0
DisconnectedTimeLimit=0
[Security]
AllowRootLogin=1
MaxLoginRetry=3
TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins

FILES

${SESMAN_CFG_DIR}/sesman.ini