Install TigerVNC

[root@trex-161 ~]# yum install xterm xorg-x11-xinit
[root@trex-161 ~]# yum -y install tigervnc tigervnc-server
[root@trex-161 ~]# systemctl disable firewalld.service
[root@trex-161 ~]# systemctl stop firewalld.service
[root@trex-161 ~]# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service
[root@trex-161 ~]# vncpasswd
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
A view-only password is not used

Enable TigerVNC – Way1

ps: follow content of ”vncserver@.service“ had changed

[root@trex-161 ~]# vim /etc/systemd/system/vncserver@:1.service 
ExecStart=/sbin/runuser -l root -c "/usr/bin/vncserver %i -geometry 1024x768"
PIDFile=/home/root/.vnc/%H%i.pid

[root@frank rc.d]# chmod 777 rc.local
[root@frank rc.d]# vim rc.local 
/sbin/runuser -l root -c /usr/bin/vncserver :1

Enable TigerVNC – Way2

Run vncserver and auto create “xstartup”:

[root@trex-161 ~]# vncserver

You will require a password to access your desktops.

Password:
Verify:
Would you like to enter a view-only password (y/n)? n
A view-only password is not used
xauth:  file /root/.Xauthority does not exist

New 'trex-161:1 (root)' desktop is trex-161:1

Creating default startup script /root/.vnc/xstartup
Creating default config /root/.vnc/config
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/trex-161:1.log

Replace “xstartup” content with follow:

#!/bin/sh

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
  [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
  vncconfig -iconic &
  dbus-launch --exit-with-session gnome-session &

Keep the original file content of ”/etc/systemd/system/vncserver@:1.service“, just replace “user”:

[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=simple

# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver_wrapper root %i
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

Enable and start vncserver by systemctl:

[root@trex-161 ~]# systemctl daemon-reload
[root@trex-161 ~]# systemctl enable vncserver@:1.service
Created symlink from /etc/systemd/system/multi-user.target.wants/vncserver@:1.service to /etc/systemd/system/vncserver@:1.service.
[root@trex-161 ~]#
[root@trex-161 ~]# systemctl start vncserver@:1.service

Check vnc status:

[root@trex-161 ~]# ps -ef | grep vnc
root     10814     1  0 02:50 pts/0    00:00:00 /usr/bin/Xvnc :1 -auth /root/.Xauthority -desktop trex-161:1 (root) -fp catalogue:/etc/X11/fontpath.d -geometry 1024x768 -pn -rfbauth /root/.vnc/passwd -rfbport 5901 -rfbwait 30000
root     10825     1  0 02:50 pts/0    00:00:00 /bin/sh /root/.vnc/xstartup
root     13158  6681  0 02:58 pts/0    00:00:00 grep --color=auto vnc
[root@trex-161 ~]# 
[root@trex-161 ~]# netstat -an | grep :590
tcp        0      0 0.0.0.0:5901            0.0.0.0:*               LISTEN  
tcp6       0      0 :::5901                 :::*                    LISTEN   

Check status by systemctl, that maybe report failed, that mean already running as :1, you need to kill the old vnc process first, then start:

[root@trex-161 ~]# systemctl status vncserver@1.service
● vncserver@1.service - Remote desktop service (VNC)
   Loaded: loaded (/usr/lib/systemd/system/vncserver@.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[root@trex-161 ~]# systemctl status vncserver@:1.service
● vncserver@:1.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2021-08-31 02:58:20 CST; 50min ago
  Process: 13051 ExecStart=/usr/bin/vncserver_wrapper root %i (code=exited, status=2)
  Process: 13044 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 13051 (code=exited, status=2)

Aug 31 02:58:20 trex-161 systemd[1]: Starting Remote desktop service (VNC)...
Aug 31 02:58:20 trex-161 systemd[1]: Started Remote desktop service (VNC).
Aug 31 02:58:20 trex-161 vncserver_wrapper[13051]: A VNC server is already running as :1
Aug 31 02:58:20 trex-161 vncserver_wrapper[13051]: FATAL: 'runuser -l root' failed!
Aug 31 02:58:20 trex-161 systemd[1]: vncserver@:1.service: main process exited, code=exited, status=2...UMENT
Aug 31 02:58:20 trex-161 systemd[1]: Unit vncserver@:1.service entered failed state.
Aug 31 02:58:20 trex-161 systemd[1]: vncserver@:1.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

Some time, that maybe report follow alarm:

[root@trex-161 ~]# systemctl status vncserver@1.service
● vncserver@1.service - Remote desktop service (VNC)
   Loaded: loaded (/usr/lib/systemd/system/vncserver@.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2021-09-07 03:07:04 CST; 7min ago
  Process: 8837 ExecStart=/usr/bin/vncserver_wrapper <USER> %i (code=exited, status=2)
  Process: 8831 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 8837 (code=exited, status=2)

Sep 07 03:07:04 trex-161 systemd[1]: Starting Remote desktop service (VNC)...
Sep 07 03:07:04 trex-161 systemd[1]: Started Remote desktop service (VNC).
Sep 07 03:07:04 trex-161 vncserver_wrapper[8837]: runuser: user <USER> does not exist
Sep 07 03:07:04 trex-161 vncserver_wrapper[8837]: FATAL: 'runuser -l <USER>' failed!
Sep 07 03:07:04 trex-161 systemd[1]: vncserver@1.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Sep 07 03:07:04 trex-161 systemd[1]: Unit vncserver@1.service entered failed state.
Sep 07 03:07:04 trex-161 systemd[1]: vncserver@1.service failed.

You need to delete garbage file by follow cmd first, then start again:

[root@trex-161 ~]# cd /tmp
[root@trex-161 tmp]# rm -rf .X*
[root@trex-161 tmp]# 
[root@trex-161 tmp]# systemctl start vncserver@:1.service
[root@trex-161 tmp]# systemctl status vncserver@:1.service
● vncserver@:1.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2021-09-07 03:18:02 CST; 5s ago
  Process: 9488 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 9492 (vncserver_wrapp)
   CGroup: /system.slice/system-vncserver.slice/vncserver@:1.service
           ├─ 9492 /bin/sh /usr/bin/vncserver_wrapper root :1
           └─10123 sleep 0.1

Sep 07 03:18:02 trex-161 systemd[1]: Starting Remote desktop service (VNC)...
Sep 07 03:18:02 trex-161 systemd[1]: Started Remote desktop service (VNC).
Sep 07 03:18:05 trex-161 vncserver_wrapper[9492]: New 'trex-161:1 (root)' desktop is trex-161:1
Sep 07 03:18:05 trex-161 vncserver_wrapper[9492]: Starting applications specified in /root/.vnc/xstartup
Sep 07 03:18:05 trex-161 vncserver_wrapper[9492]: Log file is /root/.vnc/trex-161:1.log

Multi-user VNC Server – 2021.8 Updated

Set up another user who have limited privilege, only access own home directory:

[root@trex-161 ~]# useradd -d /home/frank -m frank
[root@trex-161 ~]# passwd frank
[root@trex-161 ~]# chown frank -R /home/frank
[root@trex-161 ~]# su - frank
[frank@trex-161 ~]$ cd /opt
[frank@trex-161 opt]$ mkdir test
mkdir: cannot create directory ‘test’: Permission denied
[frank@trex-161 opt]$ cd ~
[frank@trex-161 ~]$ mkdir test
[frank@trex-161 ~]$ rm -rf test

Copy 2nd vncserver profile for user “frank”:

[frank@trex-161 ~]$ vncpasswd
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
A view-only password is not used
[frank@trex-161 ~]$ 
[root@trex-161 ~]# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:2.service
[root@trex-161 ~]# more /etc/systemd/system/vncserver@:2.service

[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=simple

# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver_wrapper frank %i
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

Create “xstartup” and replace content for “frank”:

[frank@trex-161 ~]$ vncserver
xauth:  file /home/frank/.Xauthority does not exist

New 'trex-161:2 (frank)' desktop is trex-161:2

Creating default startup script /home/frank/.vnc/xstartup
Creating default config /home/frank/.vnc/config
Starting applications specified in /home/frank/.vnc/xstartup
Log file is /home/frank/.vnc/trex-161:2.log

[frank@trex-161 ~]$ more .vnc/xstartup 
#!/bin/sh

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
  [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
  vncconfig -iconic &
  dbus-launch --exit-with-session gnome-session &

Enable and start vncserver by systemctl:

[root@trex-161 ~]# systemctl daemon-reload
[root@trex-161 ~]# systemctl enable vncserver@:2.service
Created symlink from /etc/systemd/system/multi-user.target.wants/vncserver@:2.service to /etc/systemd/system/vncserver@:2.service.
[root@trex-161 ~]# 
[root@trex-161 ~]# systemctl start vncserver@:2.service
[root@trex-161 ~]# ps -ef | grep vnc
root     10814     1  0 02:50 pts/0    00:00:00 /usr/bin/Xvnc :1 -auth /root/.Xauthority -desktop trex-161:1 (root) -fp catalogue:/etc/X11/fontpath.d -geometry 1024x768 -pn -rfbauth /root/.vnc/passwd -rfbport 5901 -rfbwait 30000
root     10825     1  0 02:50 pts/0    00:00:00 /bin/sh /root/.vnc/xstartup
frank    11742     1  0 02:55 pts/0    00:00:00 /bin/Xvnc :2 -auth /home/frank/.Xauthority -desktop trex-161:2 (frank) -fp catalogue:/etc/X11/fontpath.d -geometry 1024x768 -pn -rfbauth /home/frank/.vnc/passwd -rfbport 5902 -rfbwait 30000
frank    11753     1  0 02:55 pts/0    00:00:00 /bin/sh /home/frank/.vnc/xstartup
root     13158  6681  0 02:58 pts/0    00:00:00 grep --color=auto vnc
[root@trex-161 ~]# 
[root@trex-161 ~]# netstat -an | grep  :590
tcp        0      0 0.0.0.0:5901            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:5902            0.0.0.0:*               LISTEN     
tcp6       0      0 :::5901                 :::*                    LISTEN     
tcp6       0      0 :::5902                 :::*                    LISTEN     

Checking VNC for “root” and “frank” at same time:

Wrong JPEG library version – 2021.9 Updated

Server is Centos 7.9, after deployed tigervnc server by above procedure, vnc success enable:

[root@trex-core opt]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@trex-core ~]# systemctl status vncserver@:1.service 
● vncserver@:1.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2021-09-12 00:58:43 EDT; 43s ago
  Process: 2516 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 2547 (vncserver_wrapp)
   CGroup: /system.slice/system-vncserver.slice/vncserver@:1.service
           ├─2547 /bin/sh /usr/bin/vncserver_wrapper root :1
           └─4833 sleep 5

Sep 12 00:58:42 trex-core systemd[1]: Starting Remote desktop service (VNC)...
Sep 12 00:58:43 trex-core systemd[1]: Started Remote desktop service (VNC).
Sep 12 00:58:46 trex-core vncserver_wrapper[2547]: New 'trex-core:1 (root)' desktop is trex-core:1
Sep 12 00:58:46 trex-core vncserver_wrapper[2547]: Starting applications specified in /root/.vnc/xstartup
Sep 12 00:58:46 trex-core vncserver_wrapper[2547]: Log file is /root/.vnc/trex-core:1.log
Sep 12 00:58:51 trex-core vncserver_wrapper[2547]: 'vncserver :1' has PID 2757, waiting until it exits ...

But have follow alarms by TigerVNC Viewer 1.11.90/win:

“Exception on worker thread: Wrong JPEG library version: library is 90, caller expects 62”

Easy fixed by disable “JPEG compression”; If must enable the function on client, need to downgrade jpegsrc version, can reference the link: https://ccie.lol/knowledge-base/linux-centos-install-graphicsmagick/, but I didn’t try.

Change VNC Port – 2021.6 Updated

Due to only have 8080 port can be accessed on CentOS, so need to change default port 5900. (tigervnc-1.8.0-22.el7.x86_64)

Follow info before modified:

[root@localhost ~]# grep "59" /usr/bin/vncserver -n
21:#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
188:$vncPort = 5900 + $displayNumber;
500:# n is taken if something is listening on the VNC server port (5900+n) or the
519:# (5900+n) or the X server port (6000+n).
536:    if (!bind(S, pack('S n x12', $AF_INET, 5900 + $n))) {

Follow info after modified:

[root@localhost ~]# grep "80" /usr/bin/vncserver -n
188:$vncPort = 8078 + $displayNumber;
536:    if (!bind(S, pack('S n x12', $AF_INET, 8078 + $n))) {

After restart:

[root@localhost ~]# netstat -ntpl|grep vnc
tcp        0      0 0.0.0.0:5802            0.0.0.0:*               LISTEN      2992/Xvnc
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      2992/Xvnc
tcp        0      0 0.0.0.0:6002            0.0.0.0:*               LISTEN      2992/Xvnc
tcp6       0      0 :::5802                 :::*                    LISTEN      2992/Xvnc
tcp6       0      0 :::8080                 :::*                    LISTEN      2992/Xvnc
tcp6       0      0 :::6002                 :::*                    LISTEN      2992/Xvnc

Reference

• Multi-user VNC setup on RHEL 7.5

本文出自 Frank's Blog