Xf86(1)Xf86(1)NAMEXf86 - X Window System display server
SYNOPSISXf86 [option ...]
DESCRIPTIONXf86 is the name of an X Window System display server delivered by
Hewlett Packard.
OPTIONS
All of the X servers accept the following command line options:
:displaynumber
the X server runs as the given displaynumber, which by default
is 0. If multiple X servers are to run simultaneously on a
host, each must have a unique display number. See the DISPLAY
NAMES section of the X(1) manual page to learn how to specify
which display number clients should try to use.
-a number
sets pointer acceleration (i.e. the ratio of how much is
reported to how much the user actually moved the pointer).
-ac disables host-based access control mechanisms. Enables access
by any host, and permits any host to modify the access control
list. Use with extreme caution. This option exists primarily
for running test suites remotely.
-audit level
Sets the audit trail level. The default level is 1, meaning
only connection rejections are reported. Level 2 additionally
reports all successful connections and disconnects. Level 4
enables messages from the SECURITY extension, if present,
including generation and revocation of authorizations and vio‐
lations of the security policy. Level 0 turns off the audit
trail. Audit lines are sent as standard error output.
-auth authorization-file
Specifies a file which contains a collection of authorization
records used to authenticate access.
bc disables certain kinds of error checking, for bug compatibility
with previous releases (e.g., to work around bugs in R2 and R3
xterms and toolkits). Deprecated.
-bs disables backing store support on all screens.
-c turns off key-click.
c volume
sets key-click volume (allowable range: 0-100).
-cc class
sets the visual class for the root window of color screens.
The class numbers are as specified in the X protocol. Not
obeyed by all servers.
-co filename
sets name of RGB color database. The default is /etc/X11/rgb.
-core causes the server to generate a core dump on fatal errors.
-dpi resolution
sets the resolution of the screen, in dots per inch. To be
used when the server cannot determine the screen size from the
hardware.
-deferglyphs whichfonts
specifies the types of fonts for which the server should
attempt to use deferred glyph loading. whichfonts can be all
(all fonts), none (no fonts), or 16 (16 bit fonts only).
-f volume
sets beep (bell) volume (allowable range: 0-100).
-fc cursorFont
sets default cursor font.
-fn font
sets the default font.
-fp fontPath
sets the search path for fonts. This path is a comma separated
list of directories which the X server searches for font data‐
bases.
-help prints a usage message.
-I causes all remaining command line arguments to be ignored.
-kb disables the XKEYBOARD extension if present.
-nolisten trans-type
Disable a transport type. For example, TCP/IP connections can
be disabled with -nolisten tcp
-noreset
prevents a server reset when the last client connection is
closed. This overrides a previous -terminate command line
option.
-p minutes
sets screen-saver pattern cycle time in minutes.
-pn permits the server to continue running if it fails to establish
all of its well-known sockets (connection points for clients),
but establishes at least one.
-r turns off auto-repeat.
r turns on auto-repeat.
-s minutes
sets screen-saver timeout time in minutes.
-su disables save under support on all screens.
-t number
sets pointer acceleration threshold in pixels (i.e. after how
many pixels pointer acceleration should take effect).
-terminate
causes the server to terminate at server reset, instead of con‐
tinuing to run. This overrides a previous -noreset command
line option.
-to seconds
sets default connection timeout in seconds.
-tst disables all testing extensions (e.g., XTEST, XTrap, XTestEx‐
tension1, RECORD).
ttyxx ignored, for servers started the ancient way (from init).
v sets video-off screen-saver preference.
-v sets video-on screen-saver preference.
-wm forces the default backing-store of all windows to be When‐
Mapped. This is a backdoor way of getting backing-store to
apply to all windows. Although all mapped windows will have
backing store, the backing store attribute value reported by
the server for a window will be the last value established by a
client. If it has never been set by a client, the server will
report the default value, NotUseful. This behavior is required
by the X protocol, which allows the server to exceed the
client's backing store expectations but does not provide a way
to tell the client that it is doing so.
-x extension
loads the specified extension at init. This is a no-op for
most implementations.
[+-]xinerama
enable(+) or disable(-) XINERAMA extension. Default is dis‐
abled.
SERVER DEPENDENT OPTIONS
Some X servers accept the following options:
-ld kilobytes
sets the data space limit of the server to the specified number
of kilobytes. A value of zero makes the data size as large as
possible. The default value of -1 leaves the data space limit
unchanged.
-lf files
sets the number-of-open-files limit of the server to the speci‐
fied number. A value of zero makes the limit as large as pos‐
sible. The default value of -1 leaves the limit unchanged.
-ls kilobytes
sets the stack space limit of the server to the specified num‐
ber of kilobytes. A value of zero makes the stack size as
large as possible. The default value of -1 leaves the stack
space limit unchanged.
-logo turns on the X Window System logo display in the screen-saver.
There is currently no way to change this from a client.
nologo turns off the X Window System logo display in the screen-saver.
There is currently no way to change this from a client.
XDMCP OPTIONS
X servers that support XDMCP have the following options.
-query host-name
Enable XDMCP and send Query packets to the specified host.
-broadcast
Enable XDMCP and broadcast BroadcastQuery packets to the net‐
work. The first responding display manager will be chosen for
the session.
-indirect host-name
Enable XDMCP and send IndirectQuery packets to the specified
host.
-port port-num
Use an alternate port number for XDMCP packets. Must be speci‐
fied before any -query, -broadcast or -indirect options.
-once Causes the server to terminate (rather than reset) when the
XDMCP session ends.
-class display-class
XDMCP has an additional display qualifier used in resource
lookup for display-specific options. This option sets that
value, by default it is "MIT-Unspecified" (not a very useful
value).
-cookie xdm-auth-bits
When testing XDM-AUTHENTICATION-1, a private key is shared
between the server and the manager. This option sets the value
of that private data (not that it is very private, being on the
command line!).
-displayID display-id
Yet another XDMCP specific value, this one allows the display
manager to identify each display so that it can locate the
shared key.
XKEYBOARD OPTIONS
X servers that support the XKEYBOARD extension accept the following
options:
-xkbdir directory
base directory for keyboard layout files
-xkbmap filename
keyboard description to load on startup
[+-]accessx
enable(+) or disable(-) AccessX key sequences
-ar1 milliseconds
sets the length of time in milliseconds that a key must be
depressed before autorepeat starts
-ar2 milliseconds
sets the length of time in milliseconds that should elapse
between autorepeat-generated keystrokes
Many servers also have device-specific command line options. See the
manual pages for the individual servers for more details.
SECURITY EXTENSION OPTIONS
X servers that support the SECURITY extension accept the following
option:
-sp filename
causes the server to attempt to read and interpret filename as
a security policy file with the format described below. The
file is read at server startup and reread at each server reset.
The syntax of the security policy file is as follows. Notation: "*"
means zero or more occurrences of the preceding element, and "+" means
one or more occurrences. To interpret <foo/bar>, ignore the text after
the /; it is used to distinguish between instances of <foo> in the next
section.
<policy file> ::= <version line> <other line>*
<version line> ::= <string/v> '\n'
<other line > ::= <comment> | <access rule> | <site policy> | <blank line>
<comment> ::= # <not newline>* '\n'
<blank line> ::= <space> '\n'
<site policy> ::= sitepolicy <string/sp> '\n'
<access rule> ::= property <property/ar> <window> <perms> '\n'
<property> ::= <string>
<window> ::= any | root | <required property>
<required property> ::= <property/rp> | <property with value>
<property with value> ::= <property/rpv> = <string/rv>
<perms> ::= [ <operation> | <action> | <space> ]*
<operation> ::= r | w | d
<action> ::= a | i | e
<string> ::= <dbl quoted string> | <single quoted string> | <unqouted string>
<dbl quoted string> ::= <space> " <not dqoute>* " <space>
<single quoted string> ::= <space> ' <not squote>* ' <space>
<unquoted string> ::= <space> <not space>+ <space>
<space> ::= [ ' ' | '\t' ]*
Character sets:
<not newline> ::= any character except '\n'
<not dqoute> ::= any character except "
<not squote> ::= any character except '
<not space> ::= any character except those in <space>
The semantics associated with the above syntax are as follows.
<version line>, the first line in the file, specifies the file format
version. If the server does not recognize the version <string/v>, it
ignores the rest of the file. The version string for the file format
described here is "version-1" .
Once past the <version line>, lines that do not match the above syntax
are ignored.
<comment> lines are ignored.
<sitepolicy> lines are currently ignored. They are intended to specify
the site policies used by the XC-QUERY-SECURITY-1 authorization method.
<access rule> lines specify how the server should react to untrusted
client requests that affect the X Window property named <property/ar>.
The rest of this section describes the interpretation of an <access
rule>.
For an <access rule> to apply to a given instance of <property/ar>,
<property/ar> must be on a window that is in the set of windows speci‐
fied by <window>. If <window> is any, the rule applies to <prop‐
erty/ar> on any window. If <window> is root, the rule applies to
<property/ar> only on root windows.
If <window> is <required property>, the following apply. If <required
property> is a <property/rp>, the rule applies when the window also has
that <property/rp>, regardless of its value. If <required property> is
a <property with value>, <property/rpv> must also have the value speci‐
fied by <string/rv>. In this case, the property must have type STRING
and format 8, and should contain one or more null-terminated strings.
If any of the strings match <string/rv>, the rule applies.
The definition of string matching is simple case-sensitive string com‐
parison with one elaboration: the occurence of the character '*' in
<string/rv> is a wildcard meaning "any string." A <string/rv> can con‐
tain multiple wildcards anywhere in the string. For example, "x*"
matches strings that begin with x, "*x" matches strings that end with
x, "*x*" matches strings containing x, and "x*y*" matches strings that
start with x and subsequently contain y.
There may be multiple <access rule> lines for a given <property/ar>.
The rules are tested in the order that they appear in the file. The
first rule that applies is used.
<perms> specify operations that untrusted clients may attempt, and the
actions that the server should take in response to those operations.
<operation> can be r (read), w (write), or d (delete). The following
table shows how X Protocol property requests map to these operations in
The Open Group server implementation.
GetProperty r, or r and d if delete = True
ChangeProperty w
RotateProperties r and w
DeleteProperty d
ListProperties none, untrusted clients can always list all properties
<action> can be a (allow), i (ignore), or e (error). Allow means exe‐
cute the request as if it had been issued by a trusted client. Ignore
means treat the request as a no-op. In the case of GetProperty, ignore
means return an empty property value if the property exists, regardless
of its actual value. Error means do not execute the request and return
a BadAtom error with the atom set to the property name. Error is the
default action for all properties, including those not listed in the
security policy file.
An <action> applies to all <operation>s that follow it, until the next
<action> is encountered. Thus, irwad means ignore read and write,
allow delete.
GetProperty and RotateProperties may do multiple operations (r and d,
or r and w). If different actions apply to the operations, the most
severe action is applied to the whole request; there is no partial
request execution. The severity ordering is: allow < ignore < error.
Thus, if the <perms> for a property are ired (ignore read, error
delete), and an untrusted client attempts GetProperty on that property
with delete = True, an error is returned, but the property value is
not. Similarly, if any of the properties in a RotateProperties do not
allow both read and write, an error is returned without changing any
property values.
Here is an example security policy file.
version-1
XCOMM Allow reading of application resources, but not writing.
property RESOURCE_MANAGER root ar iw
property SCREEN_RESOURCES root ar iw
XCOMM Ignore attempts to use cut buffers. Giving errors causes apps to crash,
XCOMM and allowing access may give away too much information.
property CUT_BUFFER0 root irw
property CUT_BUFFER1 root irw
property CUT_BUFFER2 root irw
property CUT_BUFFER3 root irw
property CUT_BUFFER4 root irw
property CUT_BUFFER5 root irw
property CUT_BUFFER6 root irw
property CUT_BUFFER7 root irw
XCOMM If you are using Motif, you probably want these.
property _MOTIF_DEFAULT_BINDINGS rootar iw
property _MOTIF_DRAG_WINDOW root ar iw
property _MOTIF_DRAG_TARGETS any ar iw
property _MOTIF_DRAG_ATOMS any ar iw
property _MOTIF_DRAG_ATOM_PAIRS any ar iw
XCOMM The next two rules let xwininfo -tree work when untrusted.
property WM_NAME any ar
XCOMM Allow read of WM_CLASS, but only for windows with WM_NAME.
XCOMM This might be more restrictive than necessary, but demonstrates
XCOMM the <required property> facility, and is also an attempt to
XCOMM say "top level windows only."
property WM_CLASS WM_NAME ar
XCOMM These next three let xlsclients work untrusted. Think carefully
XCOMM before including these; giving away the client machine name and command
XCOMM may be exposing too much.
property WM_STATE WM_NAME ar
property WM_CLIENT_MACHINE WM_NAME ar
property WM_COMMAND WM_NAME ar
XCOMM To let untrusted clients use the standard colormaps created by
XCOMM xstdcmap, include these lines.
property RGB_DEFAULT_MAP root ar
property RGB_BEST_MAP root ar
property RGB_RED_MAP root ar
property RGB_GREEN_MAP root ar
property RGB_BLUE_MAP root ar
property RGB_GRAY_MAP root ar
XCOMM To let untrusted clients use the color management database created
XCOMM by xcmsdb, include these lines.
property XDCCC_LINEAR_RGB_CORRECTION rootar
property XDCCC_LINEAR_RGB_MATRICES rootar
property XDCCC_GRAY_SCREENWHITEPOINT rootar
property XDCCC_GRAY_CORRECTION rootar
XCOMM To let untrusted clients use the overlay visuals that many vendors
XCOMM support, include this line.
property SERVER_OVERLAY_VISUALS rootar
XCOMM Dumb examples to show other capabilities.
XCOMM oddball property names and explicit specification of error conditions
property "property with spaces" 'property with "'aw er ed
XCOMM Allow deletion of Woo-Hoo if window also has property OhBoy with value
XCOMM ending in "son". Reads and writes will cause an error.
property Woo-Hoo OhBoy = "*son"ad
NETWORK CONNECTIONS
The X server supports client connections via a platform-dependent sub‐
set of the following transport types: TCPIP, Unix Domain sockets, DEC‐
net, and several varieties of SVR4 local connections. See the DISPLAY
NAMES section of the X(1) manual page to learn how to specify which
transport type clients should try to use.
GRANTING ACCESS
The X server implements a platform-dependent subset of the following
authorization protocols: MIT-MAGIC-COOKIE-1, XDM-AUTHORIZATION-1, SUN-
DES-1, and MIT-KERBEROS-5.
Authorization data required by the above protocols is passed to the
server in a private file named with the -auth command line option.
Each time the server is about to accept the first connection after a
reset (or when the server is starting), it reads this file. If this
file contains any authorization records, the local host is not automat‐
ically allowed access to the server, and only clients which send one of
the authorization records contained in the file in the connection setup
information will be allowed access. See xauth(1) for maintenance of
this file, and distribution of its contents to remote hosts.
The X server also uses a host-based access control list for deciding
whether or not to accept connections from clients on a particular
machine. If no other authorization mechanism is being used, this list
initially consists of the host on which the server is running as well
as any machines listed in the file /etc/Xn.hosts, where n is the dis‐
play number of the server. Each line of the file should contain either
an Internet hostname (e.g. expo.lcs.mit.edu) or a DECnet hostname in
double colon format (e.g. hydra::). There should be no leading or
trailing spaces on any lines. For example:
joessys
corporate.company.com
star::
bigcpu::
Users can add or remove hosts from this list and enable or disable
access control using the xhost command from the same machine as the
server.
The X protocol intrinsically does not have any notion of window opera‐
tion permissions or place any restrictions on what a client can do; if
a program can connect to a display, it has full run of the screen. X
servers that support the SECURITY extension fare better because clients
can be designated untrusted via the authorization they use to connect;
see the xauth(1) manual page for details. Restrictions are imposed on
untrusted clients that curtail the mischief they can do. See the SECU‐
RITY extension specification for a complete list of these restrictions.
Sites that have better authentication and authorization systems might
wish to make use of the hooks in the libraries and the server to pro‐
vide additional security models.
SIGNALS
The X server attaches special meaning to the following signals:
SIGHUP This signal causes the server to close all existing connec‐
tions, free all resources, and restore all defaults. It is
sent by the display manager whenever the main user's main
application (usually an xterm or window manager) exits to force
the server to clean up and prepare for the next user.
SIGTERM This signal causes the server to exit cleanly.
SIGUSR1 This signal is used quite differently from either of the above.
When the server starts, it checks to see if it has inherited
SIGUSR1 as SIG_IGN instead of the usual SIG_DFL. In this case,
the server sends a SIGUSR1 to its parent process after it has
set up the various connection schemes. Xdm uses this feature
to recognize when connecting to the server is possible.
FONTS
The X server can obtain fonts from directories and/or from font
servers. The list of directories and font servers the X server uses
when trying to open a font is controlled by the font path.
The default font path is:
"/usr/lib/X11/fonts/hp_roman8/75dpi/,
/usr/lib/X11/fonts/iso_8859.1/75dpi/,
/usr/lib/X11/fonts/iso_8859.1/100dpi/,
/usr/lib/X11/fonts/iso_8859.2/75dpi/,
/usr/lib/X11/fonts/iso_8859.5/75dpi/,
/usr/lib/X11/fonts/iso_8859.6/75dpi/,
/usr/lib/X11/fonts/iso_8859.7/75dpi/,
/usr/lib/X11/fonts/iso_8859.8/75dpi/,
/usr/lib/X11/fonts/iso_8859.9/75dpi/,
/usr/lib/X11/fonts/iso_8859.15/75dpi/, /usr/lib/X11/fonts/hp_kana8/,
/usr/lib/X11/fonts/misc/".
The font path can be set with the -fp option or by xset(1) after the
server has started.
FILES
/etc/Xn.hosts Initial access control list for display
number n
/usr/lib/X11/fonts/misc, /usr/lib/X11/fonts/75dpi,
/usr/lib/X11/fonts/100dpi
Bitmap font directories
/etc/X11/rgb.txt Color database
/var/spool/sockets/X11/n Unix domain socket for display number n
SEE ALSO
General information: X(1)
Fonts: bdftopcf(1), mkfontdir(1), xfs(1), xlsfonts(1), xfd(1),
Security: xauth(1), xhost(1)
Starting the server: dtlogin(1), xinit(1)
Controlling the server once started: xset(1), xsetroot(1), xhost(1)
Server-specific man pages: X(1), Xserver(1), Xhp(1).
AUTHORS
The sample server was originally written by Susan Angebranndt, Raymond
Drewry, Philip Karlton, and Todd Newman, from Digital Equipment Corpo‐
ration, with support from a large cast. It has since been extensively
rewritten by Keith Packard and Bob Scheifler, from MIT. Dave Wiggins
took over post-R5 and made substantial improvements.
X Version 11 Xf86(1)
