XSERVER

NAME

SYNOPSIS

DESCRIPTION

STARTING THE SERVER

Installations that run more than one window system may need to use the xinit(1) utility instead of a display manager. However, xinit is to be considered a tool for building startup scripts and is not intended for use by end users. Site administrators are strongly urged to use a display manager, or build other interfaces for novice users.

The X server may also be started directly by the user, though this method is usually reserved for testing and is not recommended for normal operation. On some platforms, the user must have special permission to start the X server, often because access to certain devices (e.g. /dev/mouse) is restricted. Where applicable, the X server notifies systemd when it is ready to process requests.

When the X server starts up, it typically takes over the display. If you are running on a workstation whose console is the display, you may not be able to log into the console while the server is running.  

OPTIONS

All of the X servers accept the command line options described below. Some X servers may have alternative ways of providing the parameters described here, but the values provided via the command line options should override values specified via other mechanisms.

:displaynumber

The X server runs as the given displaynumber, which by default is 0. If multiple X servers are to run simultaneously on a host, each must have a unique display number. See the DISPLAY NAMES section of the X(7) manual page to learn how to specify which display number clients should try to use.

-a number

sets pointer acceleration (i.e. the ratio of how much is reported to how much the user actually moved the pointer).

-ac

disables host-based access control mechanisms. Enables access by any host, and permits any host to modify the access control list. Use with extreme caution. This option exists primarily for running test suites remotely.

-audit level

sets the audit trail level. The default level is 1, meaning only connection rejections are reported. Level 2 additionally reports all successful connections and disconnects. Level 4 enables messages from the SECURITY extension, if present, including generation and revocation of authorizations and violations of the security policy. Level 0 turns off the audit trail. Audit lines are sent as standard error output.

-auth authorization-file

specifies a file which contains a collection of authorization records used to authenticate access. See also the xdm(1) and Xsecurity(7) manual pages.

-background none

Asks the driver not to clear the background on startup, if the driver supports that. May be useful for smooth transition with eg. fbdev driver. For security reasons this is not the default as the screen contents might show a previous user session.

-br

sets the default root window to solid black instead of the standard root weave pattern. This is the default unless -retro or -wr is specified.

-bs

disables backing store support on all screens.

-c

turns off key-click.

c volume

sets key-click volume (allowable range: 0-100).

-cc class

sets the visual class for the root window of color screens. The class numbers are as specified in the X protocol. Not obeyed by all servers.

-core

causes the server to generate a core dump on fatal errors.

-displayfd fd

specifies a file descriptor in the launching process. Rather than specify a display number, the X server will attempt to listen on successively higher display numbers, and upon finding a free one, will write the display number back on this file descriptor as a newline-terminated string. The -pn option is ignored when using -displayfd.

-deferglyphs whichfonts

specifies the types of fonts for which the server should attempt to use deferred glyph loading. whichfonts can be all (all fonts), none (no fonts), or 16 (16 bit fonts only).

-dpi resolution

sets the resolution for all screens, in dots per inch. To be used when the server cannot determine the screen size(s) from the hardware.

dpms

enables DPMS (display power management services), where supported. The default state is platform and configuration specific.

-dpms

disables DPMS (display power management services). The default state is platform and configuration specific.

-extensionextensionName

disables named extension. If an unknown extension name is specified, a list of accepted extension names is printed.

+extensionextensionName

enables named extension. If an unknown extension name is specified, a list of accepted extension names is printed.

-f volume

sets beep (bell) volume (allowable range: 0-100).

-fakescreenfps ps

sets fake presenter screen default fps (allowable range: 1-600).

-fp fontPath

sets the search path for fonts. This path is a comma separated list of directories which the X server searches for font databases. See the FONTS section of this manual page for more information and the default list.

-help

prints a usage message.

-I

causes all remaining command line arguments to be ignored.

-iglx

Prohibit creating indirect GLX contexts. Indirect GLX is of limited use, since it lacks support for many modern OpenGL features and extensions; it's slower than direct contexts; and it opens a large attack surface for protocol parsing errors. This is the default unless +iglx is specified.

+iglx

Allow creating indirect GLX contexts.

-maxbigreqsize size

sets the maximum big request to size MB.

-nocursor

disable the display of the pointer cursor.

-nolisten trans-type

disables a transport type. For example, TCP/IP connections can be disabled with -nolisten tcp. This option may be issued multiple times to disable listening to different transport types. Supported transport types are platform dependent, but commonly include:

tcp TCP over IPv4 or IPv6
inet TCP over IPv4 only
inet6 TCP over IPv6 only
unix UNIX Domain Sockets
local Platform preferred local connection method

-listen trans-type

enables a transport type. For example, TCP/IP connections can be enabled with -listen tcp. This option may be issued multiple times to enable listening to different transport types.

-noreset

prevents a server reset when the last client connection is closed. This overrides a previous -terminate command line option.

-p minutes

sets screen-saver pattern cycle time in minutes.

-pn

permits the server to continue running if it fails to establish all of its well-known sockets (connection points for clients), but establishes at least one. This option is set by default.

-nopn

causes the server to exit if it fails to establish all of its well-known sockets (connection points for clients).

-r

turns off auto-repeat.

r

turns on auto-repeat.

-retro

starts the server with the classic stipple and cursor visible. The default is to start with a black root window, and to suppress display of the cursor until the first time an application calls XDefineCursor(). For kdrive servers, this implies -zap.

-s minutes

sets screen-saver timeout time in minutes.

-su

disables save under support on all screens.

-seat seat

seat to run on. Takes a string identifying a seat in a platform specific syntax. On platforms which support this feature this may be used to limit the server to expose only a specific subset of devices connected to the system.

-t number

sets pointer acceleration threshold in pixels (i.e. after how many pixels pointer acceleration should take effect).

-terminate [delay]

causes the server to terminate at server reset, instead of continuing to run. This overrides a previous -noreset command line option. If a delay in seconds is specified, the server waits for at least the delay. At the end of this grace period if no client is connected, the server terminates immediately.

-tst

disables all testing extensions (e.g., XTEST, XTrap, XTestExtension1, RECORD).

ttyxx

ignored, for servers started the ancient way (from init).

v

sets video-off screen-saver preference.

-v

sets video-on screen-saver preference.

-wr

sets the default root window to solid white instead of the standard root weave pattern.

-x extension

loads the specified extension at init. This is a no-op for most implementations.

[+-]xinerama

enables(+) or disables(-) the XINERAMA extension. The default state is platform and configuration specific.

SERVER DEPENDENT OPTIONS

-ld kilobytes

sets the data space limit of the server to the specified number of kilobytes. A value of zero makes the data size as large as possible. The default value of -1 leaves the data space limit unchanged.

-lf files

sets the number-of-open-files limit of the server to the specified number. A value of zero makes the limit as large as possible. The default value of -1 leaves the limit unchanged.

-ls kilobytes

sets the stack space limit of the server to the specified number of kilobytes. A value of zero makes the stack size as large as possible. The default value of -1 leaves the stack space limit unchanged.

-maxclients

64|128|256|512 Set the maximum number of clients allowed to connect to the X server. Acceptable values are 64, 128, 256 or 512.

-render

default|mono|gray|color sets the color allocation policy that will be used by the render extension.

default

selects the default policy defined for the display depth of the X server.

mono

don't use any color cell.

gray

use a gray map of 13 color cells for the X render extension.

color

use a color cube of at most 4*4*4 colors (that is 64 color cells).

-dumbSched

disables smart scheduling on platforms that support the smart scheduler.

-schedInterval interval

sets the smart scheduler's scheduling interval to interval milliseconds.

XDMCP OPTIONS

-query hostname

enables XDMCP and sends Query packets to the specified hostname.

-broadcast

enable XDMCP and broadcasts BroadcastQuery packets to the network. The first responding display manager will be chosen for the session.

-multicast [address [hop count]]

Enable XDMCP and multicast BroadcastQuery packets to the network. The first responding display manager is chosen for the session. If an address is specified, the multicast is sent to that address. If no address is specified, the multicast is sent to the default XDMCP IPv6 multicast group. If a hop count is specified, it is used as the maximum hop count for the multicast. If no hop count is specified, the multicast is set to a maximum of 1 hop, to prevent the multicast from being routed beyond the local network.

-indirect hostname

enables XDMCP and send IndirectQuery packets to the specified hostname.

-port port-number

uses the specified port-number for XDMCP packets, instead of the default. This option must be specified before any -query, -broadcast, -multicast, or -indirect options.

-from local-address

specifies the local address to connect from (useful if the connecting host has multiple network interfaces). The local-address may be expressed in any form acceptable to the host platform's gethostbyname(3) implementation.

-once

causes the server to terminate (rather than reset) when the XDMCP session ends.

-class display-class

XDMCP has an additional display qualifier used in resource lookup for display-specific options. This option sets that value, by default it is "MIT-unspecified" (not a very useful value).

-cookie xdm-auth-bits

When testing XDM-AUTHENTICATION-1, a private key is shared between the server and the manager. This option sets the value of that private data (not that it is very private, being on the command line!).

-displayID display-id

Yet another XDMCP specific value, this one allows the display manager to identify each display so that it can locate the shared key.

XKEYBOARD OPTIONS

[+-]accessx [ timeout [ timeout_mask [ feedback [ options_mask ] ] ] ]

enables(+) or disables(-) AccessX key sequences.

-xkbdir directory

base directory for keyboard layout files. This option is not available for setuid X servers (i.e., when the X server's real and effective uids are different).

-ardelay milliseconds

sets the autorepeat delay (length of time in milliseconds that a key must be depressed before autorepeat starts).

-arinterval milliseconds

sets the autorepeat interval (length of time in milliseconds that should elapse between autorepeat-generated keystrokes).

-xkbmap filename

loads keyboard description in filename on server startup.

NETWORK CONNECTIONS

GRANTING ACCESS

Authorization data required by the above protocols is passed to the server in a private file named with the -auth command line option. Each time the server is about to accept the first connection after a reset (or when the server is starting), it reads this file. If this file contains any authorization records, the local host is not automatically allowed access to the server, and only clients which send one of the authorization records contained in the file in the connection setup information will be allowed access. See the Xau manual page for a description of the binary format of this file. See xauth(1) for maintenance of this file, and distribution of its contents to remote hosts.

The X server also uses a host-based access control list for deciding whether or not to accept connections from clients on a particular machine. If no other authorization mechanism is being used, this list initially consists of the host on which the server is running as well as any machines listed in the file /etc/Xn.hosts, where n is the display number of the server. Each line of the file should contain either an Internet hostname (e.g. expo.lcs.mit.edu) or a complete name in the format family:name as described in the xhost(1) manual page. There should be no leading or trailing spaces on any lines. For example:

joesworkstation
corporate.company.com
inet:bigcpu
local:

Users can add or remove hosts from this list and enable or disable access control using the xhost command from the same machine as the server.

If the X FireWall Proxy (xfwp) is being used without a sitepolicy, host-based authorization must be turned on for clients to be able to connect to the X server via the xfwp. If xfwp is run without a configuration file and thus no sitepolicy is defined, if xfwp is using an X server where xhost + has been run to turn off host-based authorization checks, when a client tries to connect to this X server via xfwp, the X server will deny the connection. See xfwp(1) for more information about this proxy.

The X protocol intrinsically does not have any notion of window operation permissions or place any restrictions on what a client can do; if a program can connect to a display, it has full run of the screen. X servers that support the SECURITY extension fare better because clients can be designated untrusted via the authorization they use to connect; see the xauth(1) manual page for details. Restrictions are imposed on untrusted clients that curtail the mischief they can do. See the SECURITY extension specification for a complete list of these restrictions.

Sites that have better authentication and authorization systems might wish to make use of the hooks in the libraries and the server to provide additional security models.  

SIGNALS

SIGHUP

This signal causes the server to close all existing connections, free all resources, and restore all defaults. It is sent by the display manager whenever the main user's main application (usually an xterm or window manager) exits to force the server to clean up and prepare for the next user.

SIGTERM

This signal causes the server to exit cleanly.

SIGUSR1

This signal is used quite differently from either of the above. When the server starts, it checks to see if it has inherited SIGUSR1 as SIG_IGN instead of the usual SIG_DFL. In this case, the server sends a SIGUSR1 to its parent process after it has set up the various connection schemes. Xdm uses this feature to recognize when connecting to the server is possible.

FONTS

The default font path is catalogue:/etc/X11/fontpath.d,built-ins .

A special kind of directory can be specified using the catalogue: prefix. Directories specified this way can contain symlinks pointing to the real font directories. See the FONTPATH.D section for details.

The font path can be set with the -fp option or by xset(1) after the server has started.  

FONTPATH.D

The symlink can be suffixed by attributes such as 'unscaled', which will be passed through to the underlying fontfile FPE. The only exception is the newly introduced 'pri' attribute, which will be used for ordering the font paths specified by the symlinks.

An example configuration:

    75dpi:unscaled:pri=20 -> /usr/share/X11/fonts/75dpi
    ghostscript:pri=60 -> /usr/share/fonts/default/ghostscript
    misc:unscaled:pri=10 -> /usr/share/X11/fonts/misc
    type1:pri=40 -> /usr/share/X11/fonts/Type1
    type1:pri=50 -> /usr/share/fonts/default/Type1

This will add /usr/share/X11/fonts/misc as the first FPE with the attribute N'39'unscaled', second FPE will be /usr/share/X11/fonts/75dpi, also with the attribute 'unscaled' etc. This is functionally equivalent to setting the following font path:

    /usr/share/X11/fonts/misc:unscaled,
    /usr/share/X11/fonts/75dpi:unscaled,
    /usr/share/X11/fonts/Type1,
    /usr/share/fonts/default/Type1,
    /usr/share/fonts/default/ghostscript

FILES

/etc/Xn.hosts

Initial access control list for display number n

/usr/share/fonts/X11/misc,/usr/share/fonts/X11/75dpi,/usr/share/fonts/X11/100dpi

Bitmap font directories

/usr/share/fonts/X11/TTF,/usr/share/fonts/X11/Type1

Outline font directories

/tmp/.X11-unix/Xn

Unix domain socket for display number n

/usr/lib/X11/xdm/xdm-errors

Default error log file if the server is run from xdm(1)

SEE ALSO

Protocols: X Window System Protocol, The X Font Service Protocol, X Display Manager Control Protocol

Fonts: bdftopcf(1), mkfontdir(1), mkfontscale(1), xfs(1), xlsfonts(1), xfontsel(1), xfd(1), X Logical Font Description Conventions

Keyboards: xkeyboard-config(7)

Security: Xsecurity(7), xauth(1), Xau(1), xdm(1), xhost(1), xfwp(1), Security Extension Specification

Starting the server: startx(1), xdm(1), xinit(1)

Controlling the server once started: xset(1), xsetroot(1), xhost(1), xinput(1), xrandr(1)

Server-specific man pages: Xorg(1), Xephyr(1), Xnest(1), Xvfb(1), Xquartz(1), XWin(1).

Server internal documentation: Definition of the Porting Layer for the X v11 Sample Server  

AUTHORS

Index

NAME

SYNOPSIS

DESCRIPTION

STARTING THE SERVER

OPTIONS

SERVER DEPENDENT OPTIONS

XDMCP OPTIONS

XKEYBOARD OPTIONS

NETWORK CONNECTIONS

GRANTING ACCESS

SIGNALS

FONTS

FONTPATH.D

FILES

SEE ALSO

AUTHORS