DESCRIPTION
This is the man page for sesman.ini, sesman(8) configuration file. It is composed by a number of sections, each one composed by a section name, enclosed by square brackets, folowed by a list of <parameter>=<value> lines.sesman.ini supports the following sections:
- [Globals] - sesman global configuration section,
-
- [Logging] - logging subsystem parameters
-
- [Security] - Access control parameters
-
- [Sessions] - Session management parameters
-
All options and values (except for file names and paths) are case insensitive, and are described in detail below.
For any of the following parameter, if it's specified more than one time the last entry encountered will be used.
NOTE: if any of these options is specified outside its section, it will be ignored.
GLOBALS
The options to be specified in the [globals] section are the following:
- ListenAddress=ip address
-
Specifies sesman listening address. Default is 0.0.0.0 (all interfaces)
- ListenPort=port number
-
Specifies sesman listening port. Default is 3350
- EnableUserWindowManager=[0|1]
-
If set to 1, true or yes this option enables user specific window manager, that is, anyone can define it's own script executed by sesman when starting a new session, specified by UserWindowManager
- UserWindowManager=startwm.sh
-
This option specifies the script run by sesman when starting a session and per-user window manager is enabled.
The path is relative to user's HOME directory - DefaultWindowManager=${SESMAN_BIN_DIR}/startwm.sh
-
This contains full path to the default window manager startup script used by sesman to start a session
LOGGING
The following parameters can be used in the [logging] section:
- LogFile=${SESMAN_LOG_DIR}/sesman.log
-
This options contains the path to logfile. It can be either absolute or relative, and the default is ${SESMAN_LOG_DIR}/sesman.log
- LogLevel=level
-
This option can have one of the following values:
CORE or 0 - Log only core messages. these messages are _always_ logged, regardless the logging level selected.
ERROR or 1 - Log only error messages
WARNING, WARN or 2 - Logs warnings and error messages
INFO or 3 - Logs errors, warnings and informational messages
DEBUG or 4 - Log everything. If sesman is compiled in debug mode, this options will output many more low-level message, useful for developers
- EnableSyslog=[0|1]
-
If set to 1, true or yes this option enables logging to syslog. Otherwise syslog is disabled.
- SyslogLevel=level
-
This option sets the logging level for syslog. It can have the same values of LogLevel. If SyslogLevel is greater than LogLevel, its value is lowered to that of LogLevel.
SESSIONS
The following parameters can be used in the [Sessions] section:
- X11DisplayOffset=<number>
-
Specifies the first X display number available for sesman(8). This prevents sesman from interfering with real X11 servers. The default is 10.
- MaxSessions=<number>
-
Sets the maximum number of simultaneous session on terminal server.
If unset or set to 0, unlimited session are allowed. - KillDisconnected=[0|1]
-
If set to 1, true or yes, every session will be killed within 60 seconds when the user disconnects.
- IdleTimeLimit=<number>
-
Sets the the time limit before an idle session is disconnected.
If set to 0, automatic disconnection is disabled.
-this option is currently ignored!- - DisconnectedTimeLimit=<number>
-
Sets the time(in seconds) limit before a disconnected session is killed.
If set to 0, automatic killing is disabled.
- Policy=[Default|UBD|UBI|UBC|UBDI|UBDC]
-
Session allocation policy. By Default, a new session is created
for the combination <User,BitPerPixel> when using Xrdp, and
for the combination <User,BitPerPixel,DisplaySize> when using Xvnc.
This behaviour can be changed by setting session policy to:
UBD - session per <User,BitPerPixel,DisplaySize>
UBI - session per <User,BitPerPixel,IPAddr>
UBC - session per <User,BitPerPixel,Connection>
UBDI - session per <User,BitPerPixel,DisplaySize,IPAddr>
UBDC - session per <User,BitPerPixel,DisplaySize,Connection>
Note that the criteria <User,BitPerPixel> can not be turned off and <DisplaySize> will always be checkt when for Xvnc connections.
SECURITY
The following parameters can be used in the [Sessions] section:
- AllowRootLogin=[0|1]
-
If set to 1, true or yes enables root login on the terminal server
- MaxLoginRetry=[0|1]
-
The number of login attempts that are allowed on terminal server. If set to 0, unlimited attempts are allowed. The default value for this field is 3.
- TerminalServerUsers=tsusers
-
Only the users belonging to the group tsusers are allowed to login on terminal server.
If unset or set to an invalid or non-existent group, login for all users is enabled. - TerminalServerAdmins=tsadmins
-
Sets the group which a user shall belong to have session management rights.
-this option is currently ignored!-
EXAMPLES
This is an example sesman.ini:
[Globals] ListenAddress=127.0.0.1 ListenPort=3350 EnableUserWindowManager=1 UserWindowManager=startwm.sh DefaultWindowManager=startwm.sh [Logging] LogFile=/usr/local/xrdp/sesman.log LogLevel=DEBUG EnableSyslog=0 SyslogLevel=DEBUG [Sessions] MaxSessions=10 KillDisconnected=0 IdleTimeLimit=0 DisconnectedTimeLimit=0 [Security] AllowRootLogin=1 MaxLoginRetry=3 TerminalServerUsers=tsusers TerminalServerAdmins=tsadmins
FILES
${SESMAN_CFG_DIR}/sesman.ini