1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
|
.\"
.TH "sesman.ini" "5" "0.1.0" "xrdp team" ""
.SH "NAME"
\fBsesman.ini\fR \- Configuration file for \fBsesman\fR(8)
.SH "DESCRIPTION"
This is the man page for \fBsesman.ini\fR, \fBsesman\fR(8) configuration file.
It is composed by a number of sections, each one composed by a section name, enclosed by square brackets, folowed by a list of \fI<parameter>\fR=\fI<value>\fR lines.
\fBsesman.ini\fR supports the following sections:
.TP
\fB[Globals]\fR \- sesman global configuration section,
.TP
\fB[Logging]\fR \- logging subsystem parameters
.TP
\fB[Security]\fR \- Access control parameters
.TP
\fB[Sessions]\fR \- Session management parameters
.LP
All options and values (except for file names and paths) are case insensitive, and are described in detail below.
.LP
For any of the following parameter, if it's specified more than one time the last entry encountered will be used.
\fBNOTE\fR: if any of these options is specified outside its section, it will be \fIignored\fR.
.SH "GLOBALS"
The options to be specified in the \fB[globals]\fR section are the following:
.TP
\fBListenAddress\fR=\fIip address\fR
Specifies sesman listening address. Default is 0.0.0.0 (all interfaces)
.TP
\fBListenPort\fR=\fIport number\fR
Specifies sesman listening port. Default is 3350
.TP
\fBEnableUserWindowManager\fR=\fI[0|1]\fR
If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables user specific window manager, that is, anyone can define it's own script executed by sesman when starting a new session, specified by \fBUserWindowManager\fR
.TP
\fBUserWindowManager\fR=\fIstartwm.sh\fR
This option specifies the script run by sesman when starting a session and per\-user window manager is enabled.
.br
The path is relative to user's HOME directory
.TP
\fBDefaultWindowManager\fR=\fI${SESMAN_BIN_DIR}/startwm.sh\fR
This contains full path to the default window manager startup script used by sesman to start a session
.SH "LOGGING"
The following parameters can be used in the \fB[logging]\fR section:
.TP
\fBLogFile\fR=\fI${SESMAN_LOG_DIR}/sesman.log\fR
This options contains the path to logfile. It can be either absolute or relative, and the default is \fI${SESMAN_LOG_DIR}/sesman.log\fR
.TP
\fBLogLevel\fR=\fIlevel\fR
This option can have one of the following values:
\fBCORE\fR or \fB0\fR \- Log only core messages. these messages are _always_ logged, regardless the logging level selected.
\fBERROR\fR or \fB1\fR \- Log only error messages
\fBWARNING\fR, \fBWARN\fR or \fB2\fR \- Logs warnings and error messages
\fBINFO\fR or \fB3\fR \- Logs errors, warnings and informational messages
\fBDEBUG\fR or \fB4\fR \- Log everything. If \fBsesman\fR is compiled in debug mode, this options will output many more low\-level message, useful for developers
.TP
\fBEnableSyslog\fR=\fI[0|1]\fR
If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables logging to syslog. Otherwise syslog is disabled.
.TP
\fBSyslogLevel\fR=\fIlevel\fR
This option sets the logging level for syslog. It can have the same values of \fBLogLevel\fR. If \fBSyslogLevel\fR is greater than \fBLogLevel\fR, its value is lowered to that of \fBLogLevel\fR.
.SH "SESSIONS"
The following parameters can be used in the \fB[Sessions]\fR section:
.TP
\fBX11DisplayOffset\fR=\fI<number>\fR
Specifies the first X display number available for \fBsesman\fP(8). This prevents sesman from interfering with real X11 servers. The default is 10.
.TP
\fBMaxSessions\fR=\fI<number>\fR
Sets the maximum number of simultaneous session on terminal server.
.br
If unset or set to \fI0\fR, unlimited session are allowed.
.TP
\fBKillDisconnected\fR=\fI[0|1]\fR
If set to \fB1\fR, \fBtrue\fR or \fByes\fR, every session will be killed within 60 seconds when the user disconnects.
.br
.TP
\fBIdleTimeLimit\fR=\fI<number>\fR
Sets the the time limit before an idle session is disconnected.
.br
If set to \fI0\fR, automatic disconnection is disabled.
.br
\fI\-this option is currently ignored!\-\fR
.TP
\fBDisconnectedTimeLimit\fR=\fI<number>\fR
Sets the time(in seconds) limit before a disconnected session is killed.
.br
If set to \fI0\fR, automatic killing is disabled.
.br
.TP
\fBPolicy\fR=\fI[Default|UBD|UBI|UBC|UBDI|UBDC]\fR
Session allocation policy. By Default, a new session is created
for the combination <User,BitPerPixel> when using Xrdp, and
for the combination <User,BitPerPixel,DisplaySize> when using Xvnc.
This behaviour can be changed by setting session policy to:
.br
.br
\fBUBD\fR - session per <User,BitPerPixel,DisplaySize>
.br
\fBUBI\fR - session per <User,BitPerPixel,IPAddr>
.br
\fBUBC\fR - session per <User,BitPerPixel,Connection>
.br
\fBUBDI\fR - session per <User,BitPerPixel,DisplaySize,IPAddr>
.br
\fBUBDC\fR - session per <User,BitPerPixel,DisplaySize,Connection>
.br
.br
Note that the criteria <User,BitPerPixel> can not be turned off
and <DisplaySize> will always be checkt when for Xvnc connections.
.br
.SH "SECURITY"
The following parameters can be used in the \fB[Sessions]\fR section:
.TP
\fBAllowRootLogin\fR=\fI[0|1]\fR
If set to \fB1\fR, \fBtrue\fR or \fByes\fR enables root login on the terminal server
.TP
\fBMaxLoginRetry\fR=\fI[0|1]\fR
The number of login attempts that are allowed on terminal server. If set to \fI0\fR, unlimited attempts are allowed. The default value for this field is \fI3\fR.
.TP
\fBTerminalServerUsers\fR=\fItsusers\fR
Only the users belonging to the group \fItsusers\fR are allowed to login on terminal server.
.br
If unset or set to an invalid or non\-existent group, login for all users is enabled.
.TP
\fBTerminalServerAdmins\fR=\fItsadmins\fR
Sets the group which a user shall belong to have session management rights.
.br
\fI\-this option is currently ignored!\-\fR
.SH "EXAMPLES"
This is an example \fBsesman.ini\fR:
.nf
[Globals]
ListenAddress=127.0.0.1
ListenPort=3350
EnableUserWindowManager=1
UserWindowManager=startwm.sh
DefaultWindowManager=startwm.sh
[Logging]
LogFile=/usr/local/xrdp/sesman.log
LogLevel=DEBUG
EnableSyslog=0
SyslogLevel=DEBUG
[Sessions]
MaxSessions=10
KillDisconnected=0
IdleTimeLimit=0
DisconnectedTimeLimit=0
[Security]
AllowRootLogin=1
MaxLoginRetry=3
TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins
.fi
.SH "FILES"
${SESMAN_CFG_DIR}/sesman.ini
.SH "SEE ALSO"
.BR sesman (8),
.BR sesrun (8),
.BR xrdp (8),
.BR xrdp.ini (5)
for more info on \fBxrdp\fR see http://xrdp.sf.net
|