Loading
Running vncserver on Fedora Core 10 with gdm
Fedora Core 10 introduces several new features, and as with all new releases, several new frustrations. In this how-to, I cover the steps needed to get vncserver up and running, so you can connect to your GNOME-based desktop.
First, Core 10 is more secure out of the box than any prior version of the Fedora operating system. How secure? It installs both iptables and SELinux by default, and it does not give you the option not to install them or turn them off initially. If you are unfamiliar with these, especially SELinux, you should read up on them. It has been ten years since I last worked with SELinux, so I need to get back to the books...er...wikis.
Second, vncserver does not install by default, nor do the twm or xterm applications that the default configuration of vncserver uses.
So, first, install the package(s). I did a simple yum install vncserver xterm twm.
Then, run vncserver (for the initial connection, I always take the defaults just to make sure it installed correctly):
[admin@core ~]$ vncserver
You will require a password to access your desktops.
Password:
Verify:
xauth: creating new authority file /home/admin/.Xauthority
New 'core.lab.foo.bar:1 (admin)' desktop is core.lab.foo.bar:1
Creating default startup script /home/admin/.vnc/xstartup
Starting applications specified in /home/admin/.vnc/xstartup
Log file is /home/admin/.vnc/core.lab.foo.bar:1.log
If you look in the .vnc directory, you'll find the xstartup script. In my case, it contains the following:
[admin@core .vnc]$ cat xstartup
#!/bin/sh
vncconfig -iconic &
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &
Fire up your VNC viewer (I use Real VNC on my Windows machines) and…oops, cannot connect—remember that point about the firewalls? You need to add the ports to your iptables:
iptables -A INPUT -p tcp --destination-port 5901 --source x.x.x.x/xx -j ACCEPT
(where the xxx.xxx.xxx.xxx/xx is the CIDR address range to allow, so 192.168.0.0/24, for example). Now I can connect, but the twm is not the most enlightening window manager in the toolbox, especially since I spent time installing all those really cool widgets and games into GNOME (and KDE, your choice—I use both equally well).
In the old days, it was a simple matter of commenting out the xterm and twm & and replacing them with gnome-sessions & (or gdm &, more recently). If you do that, well, you get some interesting errors:
[admin@core .vnc]$ cat core.lab.foo.bar:1.log
Xvnc Free Edition 4.1.3
Copyright (C) 2002-2008 RealVNC Ltd.
See http://www.realvnc.com for information on VNC.
Underlying X server release 10503000,
Wed Feb 25 08:52:53 2009
vncext: VNC extension running!
vncext: Listening for VNC connections on port 5901
vncext: created VNC server for screen 0
** (gdm-binary:3164): WARNING **: Failed to acquire org.gnome.DisplayManager: Connection ":1.47" is not allowed to own the service "org.gnome.DisplayManager" due to security policies in the configuration file
** (gdm-binary:3164): WARNING **: Could not acquire name; bailing out
And, if you connect, you get a lovely gray screen and the xterm window—not exactly what you were expecting.
Now, perhaps I have been setting it up wrong all these years, but if you follow the directions in xstartup and uncomment the lines for normal desktop:
[admin@core .vnc]$ cat xstartup
#!/bin/sh
vncconfig -iconic &
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER #<-- uncomment
exec /etc/X11/xinit/xinitrc #<-- uncomment
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
#twm &
you are up and running in no time (although you still might get a few X-related display errors in the log files).
______________________
David Lane, KG4GIY is a member of Linux Journal's Editorial Advisory Panel and the Control Op for Linux Journal's Virtual Ham Shack
White Paper
Fabric-Based Computing Enables Optimized Hyperscale Data Centers
Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- New Products
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Home, My Backup Data Center
- What's the tweeting protocol?
- New Products
- Readers' Choice Awards
- RSS Feeds
- Dart: a New Web Programming Experience
- Reply to comment | Linux Journal
11 hours 30 min ago - Reply to comment | Linux Journal
14 hours 3 min ago - Reply to comment | Linux Journal
15 hours 20 min ago - great post
15 hours 55 min ago - Google Docs
16 hours 18 min ago - Reply to comment | Linux Journal
21 hours 6 min ago - Reply to comment | Linux Journal
21 hours 53 min ago - Web Hosting IQ
23 hours 27 min ago - Thanks for taking the time to
1 day 1 hour ago - Linux is good
1 day 3 hours ago
Enter to Win an Adafruit Prototyping Pi Plate Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Prototyping Pi Plate Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- Next winner announced on 5-21-13!
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.
Developer Poll
Comments
Awesome!
Thank you SO MUCH for spamming my internet with the one millionth article instructing me on how to do something that fedora pretty much does automatically. Now what I want to do is let students at my school use a windows vnc client to logon on to THEIR OWN account. Why is it that not *one* of you linux blow-hards has figured out how to do this?
Don't tell me about ltsp - they have no clue! No the answer is not at Fedora's forums - they have no clue! The answer is most definitely not to be found by googling - Why do I keep reading about imaginary files on my system like /etc/X11/gdm.conf if I'm using the same OS as the author? I even found one clown claiming to have combined ltsp, vnc logons and Fedora 10 only to find his install guide involves overwriting an ALREADY WORKING dhcp and network setup with an imaginary network card that clients can't actually connect to, as such.
Now I know you get what you pay for and all that so I guess I'm going to have to choose between the students paying microsoft for the privilege of using dysfunctional software or me paying for your hubris with my own job.
What would you choose?
'Your' internet? Blow-hards?
'Your' internet? Blow-hards? Are you an AOL user? But I digress. If what you want is 'terminal services' from Linux, then the LTSP is the most mature offering in the FOSS realm, despite your misgivings. If overwriting an 'already working' networking setup is unpalatable to you, and you don't have spare hardware, run a Xen virtual host (Xen kernels available in|built-in to Fedora since Core 3 IIRC) - or even download the free VMWare Server product for Linux and run a virtual machine in there. Run multiple virtual machines on an internal virtual mini LAN on either one of the above solutions. Experiment inside this 'sandbox' until you get it right.
Linux isn't about canned solutions, it's about customization and freedom to do things the way *you* want|need them done. If that means learning a bit about the underlying OS (try the 'man' command), and you aren't comfortable with that, then go pay the M$ tax. Or, even better, if you are damned and determined to pay for a canned solution, get Macs. You allude to being an educational institution, and thus are eligible for Apple's education discounts. Mac OSX Server since 10.4 has had canned solutions for what you want: VNC terminal services, point-and-click interface for setup and accounts, integration with Windows AD domains, etc., etc.
Stop whining about a lack of documentation. These 'how tos' are written by people who implemented their own solution. If you were anything like a real (UNIX) Systems Administrator, you would figure it out yourself and then enlighten the rest of us with a thoughtful article.
comments
fedora seems good to use with. i think it will be a great revolution in coming future..
comments
i have not used this fedora till now. but i know it will perform better whenever will be used....
This one is not easily
This one is not easily understandable by the non developers. But quite an interesting one site for use. Continue giving such an information.
Convoluted I know
Yes, this one was a bit tricky (and the web site is being flaky and not showing the formatting which doesn't help - we are working on that).
This is one of those cases where I spent a bit of time on a couple of other sites compiling the solution into one place. If you use VNC especially as an old time user, it makes perfect sense (at least it should...). If I can be clearer or answer something specific, post a follow up.
David Lane, KG4GIY is a member of Linux Journal's Editorial Advisory Panel and the Control Op for Linux Journal's Virtual Ham Shack
It's Fedora and not Fedora
It's Fedora and not Fedora Core since Fedora 7 (Fedora Extras was merge with Fedora Core).
> SELinux, so I need to get back to the books...er...wikis.
A good help^W book : http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/
O'Reilly too.
Thanks for the pointer. I have the O'Reilly book from the dark ages too.
David Lane, KG4GIY is a member of Linux Journal's Editorial Advisory Panel and the Control Op for Linux Journal's Virtual Ham Shack
what about gdm?
Running vncserver as a user will get you a gnome desktop login, but it doesn't present you with the actual GDM login manager at all. Is there an easy way to get the actual login screen so that any user can log in via vnc?
VNC is not RDP
Remember that VNC has its own security model, and functionally by-passes the login screen because it assumes you have already entered your "strong" password when you launched the vncserver the first time.
If you are used to the RDP protocol, it is essentially acting as a terminal client and presenting you with the login etc. VNC doesn't do that. It will prompt you with the password to YOUR desktop, not a general sever login.
For terminal access, I believe you need the Linux Terminal Project...
David Lane, KG4GIY is a member of Linux Journal's Editorial Advisory Panel and the Control Op for Linux Journal's Virtual Ham Shack