| -a Number
| Specifies the acceleration multiplier for mouse movement. For
example, a value of 5 causes the cursor to move five times as fast as the
mouse. The default is 4 pixels; any value specified must be a
positive value greater than 0.
|
| -auth
FileName
| Specifies to X the file from which to read the MIT (Massachusetts
Institute of Technology) magic cookie.
|
| -bc
| Turns off backward compatibility with Enhanced X-Windows version
1.1.
|
| +bc
| Turns on backward compatibility with Enhanced X-Windows version
1.1. This is the default.
|
| -bp Color
| Specifies a black pixel color for the display. The default is
display dependent.
|
| -bs
| Enables backing store support on all screens. Backing store
support is disabled by default.
|
| -c Volume
| Specifies key click volume.
|
| -cc
VisualType[:Display]
|
|
| Specifies the type of visual to use for the root window of the screen
specified by the display name. Not all visual types are available on
all adapters at all depths. The :Display
parameter is optional, but useful when using the multihead option. The
:Display parameter is the name of the display as
shown in the lsdisp command. If no display number or name is
supplied, the specified visual is selected for all screens.
To specify the visual type and depth
for the default visual, use the -cc and -d flags,
respectively.
Values for the VisualType
parameter are specified as a string or a number as follows:
String Numeric equivalent
StaticGray 0
GrayScale 1
StaticColor 2
PseudoColor 3
TrueColor 4
DirectColor 5
|
| -co File
| Sets the name of the red, green, and blue (RGB) color database.
This is the default flag for the color database.
|
| -D File
| Specifies the full path name of the color definition database
file. The default is /usr/lib/X11/rgb.
|
| -d
Depth[:Display]
| Specifies the root depth for the screen specified by the display
name. Not all visual types will be available on all adapters at all
depths.
The
:Display parameter is optional, but useful when
using the multihead option and must correspond to the values passed with the
-P flag. The :Display parameter
is the name of the display as shown in the lsdisp command.
In the absence of the :Display parameter, the
specified depth is selected for all the selected displays in the multihead
option, as specified in the -P flag.
|
| -f Number
| Specifies the beep volume. The default is -1 or medium. The
supported values are as follows:
Value Setting
0 Off
1-33 Low
-1 or 34-66 Medium
67-100 High
|
| -fc Font
| Specifies the cursor font for cursor glyphs and cursor masks. The
default depends on the operating system and the display.
|
| -fn Font
| Specifies the default text font. The default depends on the
operating system and the display.
|
| -fp Font
| Specifies the font path.
|
| -I
| Causes all remaining command line arguments to be ignored.
(Uppercase i)
|
| -help
| Prints a usage message.
|
| -layer
#[:Display]
| Specifies that the default visual should be in the # (number
sign) layer. The :Display parameter is the
name of the display as shown in the lsdisp command.
Specifying this flag for an adapter that does not have overlays, or has less
than 8 bits of overlay, has no effect. Specifying this flag with a
# higher than the number of supported layers results in the default
visual residing in the default layer of the screen (as if no -layer
flag had been used).
|
| -logo
| Turns on the X Window System logo display in the screen saver.
There is currently no way to change this from a client.
|
| -n :Number
| Specifies the connection number. Valid values for the
Number parameter are 0 to 255. The default is the next
available number. The Number parameter is used by programs
to communicate with a specific X server. For example, the
command:
X -n :18
specifies that communication to the
activated X server takes place by unix:18 or by
Hostname:18.
|
| -nobs
| Disables backing store support on all screens. This is the
default.
|
| nologo
| Turns off the X Window System logo display in the screen saver.
There is currently no way to change this from a client.
|
| -once
| Instructs the server to exit after the first session ends.
Normally, the server starts sessions automatically.
|
| -PRowColumn Display
| Specifies the physical positioning of the displays in a multihead
configuration. The Row parameter indicates the row in which
the display is located. The Column parameter indicates the
column in which the display is located.
The Display parameter is the
device name of the display as shown in the first column of output from the
Isdisp command. The first
-PRowColumn Display occurrence on the command
line describes screen 0 to the X server, the second describes screen 1, and so
on.
The -P flag is for use with
multiple head support.
|
| -pbuffer
level [ :display name |
:display number ]
|
|
| Specifies the pbuffer memory allocation level for the screen
specified by :display. This flag is only useful when
used in conjunction with the GLX extension.
The level parameter indicates the relative amount of frame
buffer memory to be reserved for pbuffers. Specified values must be in
the range of [0..2]. A value of 0 indicates that no
memory should be reserved for pbuffers. A value of 1 indicates that a
low amount of memory should be reserved. A value of 2 indicates that a
high amount of memory should be reserved. Not all adapters support
pbuffers. For those that do, not all screen configurations support
pbuffers. The actual amount of frame buffer memory reserved for
pbuffers is device dependent, and may be influenced by other factors, such as
screen resolution or default pixel depth.
The :display parameter is optional, but useful when using
the multihead option. The :display parameter is the
name of the display as shown in the lsdisp command. If no
display number or name is supplied, the specified
pbuffer width is selected for all screens.
|
| -p Number
| Specifies the time interval, in minutes, between changes of the X Window
System logo position. This flag is used with the -s (screen
saver timeout) flag to control the blanking of the screen.
|
| -r
| Disables autorepeat. The default is autorepeat enabled.
|
| r
| Turns on autorepeat.
|
| -s Number
| Specifies the number of minutes to wait before blanking the
screen. The default is 10 minutes. If this value is set to 0,
the screen-saver is disabled.
|
| -secIP
[PermissionCode]
| Sets local access control on the internet socket. The
PermissionCode is 3 octal digits which can set read, write, and
execute bits. If no PermissionCode is specified after a
security flag, then permission is defaulted to 0 for that socket.
|
| -secLocal
[PermissionCode]
| Sets access control on the unix socket. The
PermissionCode is 3 octal digits which can set read, write, and
execute bits. If no PermissionCode is specified after a
security flag, then permission is defaulted to 0 for that socket.
|
| -secSMT
[PermissionCode]
| Sets access control on the shared memory transport socket. The
PermissionCode is 3 octal digits which can set read, write, and
execute bits. If no PermissionCode is specified after a
security flag, then permission is defaulted to 0 for that socket.
|
| -stereo
[:Display]
| Configures the graphics adapter for optimum stereo support for the screen
specified by Display.
Supported screens will configure the adapter to provide the best available
support for stereo. This may decrease other resources such as texture
memory. The actual amount of memory affected is device dependent, and
may be influenced by other factors, such as screen resolution or default pixel
depth.
The Display parameter is optional, but useful when using the
multihead option. The Display parameter is the name of the
display as shown in the lsdisp command. If no display number
or name is supplied, the -stereo flag pertains to all supported
screens.
Non supported screens will ignore the -stereo flag.
|
| -su
| Disables save under support on all screens.
|
| -T
| Disables the Ctrl-Alt-Backspace key sequence that, by default, ends the
AIXwindows session and all windows opened from it.
|
| -t Number
| Specifies the mouse threshold. The default is 2 pixels.
Acceleration takes effect only if the mouse is moved beyond the mouse
threshold in one time interval and only applies to the amount beyond the
threshold.
|
| -to Number
| Specifies the number of minutes to elapse between connection
checks. The default is 60 minutes. A specified value must be
greater than 0.
|
| -v
| Specifies that the display be replaced with the current background color
after the time specified by the -s flag expires. By default,
if the -v flag is not used, the entire display is painted with the
background tile after the time specified by the -s flag
expires.
|
| -wm
| Forces the default backing store of all windows to have the
WhenMapped value. This is a convenient way of applying
backing store to all windows.
|
| -wp Color
| Specifies a white pixel display color. The default depends on the
display.
|
| -wrap
| Specifies the behavior of the mouse when its hotspot reaches the left or
right border or the top or bottom of any root window. If this flag is
set and the hotspot of the mouse reaches the left border of the leftmost root
window, the mouse is automatically positioned at the right border of the
rightmost root window at the same y position.
Conversely, if this flag is set
and the hotspot of the mouse reaches the right border of the rightmost root
window, the mouse is automatically positioned at the left border of the
leftmost root window at the same y position. If this flag is not set,
the mouse stops at the left or right border of any root window.
If this flag is set and the
hotspot of the mouse reaches the top border of the topmost root window, the
mouse is positioned at the bottom border of the bottommost root window at the
same x position.
Conversely, if this flag is set
and the hotspot of the mouse reaches the bottom border of the bottommost root
window, the mouse is positioned at the top border of the topmost root window
at the same x position.
The -wrap flag is for use
with multiple head support.
|
| -wrapx
| Specifies the behavior of the mouse when its hotspot reaches the left or
right border of any root window. If this flag is set and the hotspot of
the mouse reaches the left border of the leftmost root window, the mouse is
positioned at the right border of the rightmost root window at the same y
position. Conversely, if this flag is set and the hotspot of the mouse
reaches the right border of the rightmost root window, the mouse is positioned
at the left border of the leftmost root window at the same y position.
If this flag is not set, the mouse stops at the left or right border of any
root window.
The -wrapx flag is for use
with multiple head support.
|
| -wrapy
| Specifies the behavior of the mouse when its hotspot reaches the top or
bottom border of any root window. If this flag is set and the hotspot
of the mouse reaches the top border of the topmost root window, the mouse is
positioned at the bottom border of the bottommost root window at the same x
position. Conversely, if this flag is set and the hotspot of the mouse
reaches the bottom border of the bottommost root window, the mouse is
positioned at the top border of the topmost root window at the same x
position. If this flag is not set, the mouse stops at the top or bottom
border of any root window.
The -wrapy flag is for use
with multiple head support.
|
| -x
ExtensionName
| Specifies that the extension name should be loaded when the server is
initialized. This is particularly useful for large extensions, such as
the Display PostScript Level 2 (dps). This flag can be
specified more than once with multiple extension names.
|
| -query
HostName
| Enables Enhanced X-Windows Display Manager Control Protocol
(XDMCP) and sends a Query packet to the specified
host.
The -query flag is for use
with XDMCP.
|
| -broadcast
| Enables XDMCP and broadcasts BroadcastQuery packets
to the network. The first responding display manager is chosen for the
session.
The -broadcast flag is for
use with XDMCP.
|
| -indirect
HostName
| Enables XDMCP and sends IndirectQuery packets to
the specified host.
The -indirect flag is for
use with XDMCP.
|
| -port
PortNumber
| Specifies an alternative port number for XDMCP. This
flag must be specified before any -query, -broadcast, or
-indirect flags. Normally, the server starts sessions one
after another. This flag causes the server to exit after the first
session ends.
The -port flag is for use
with XDMCP.
|
| -class
DisplayClass
| Sets the value for an additional display qualifier used by
XDMCP in resource lookup for display-specific options.
The -class flag is for use
with XDMCP.
|
| -cookie
XDMAuthenticationBits
| Specifies a private key to be shared between the server and the manager
when testing XDM-AUTHENTICATION-1.
The -cookie flag is for use
with XDMCP.
|
| -displayID
DisplayID
| Allows the display manager to identify each display so that it can locate
the shared key specified by the -cookie flag.
The -displayID flag is for
use with XDMCP.
|
| -sp FileName
| Causes the server to attempt to read and interpret FileName as
a security policy file with the format described below. The file is
read at server startup and reread at each server reset.
The syntax of the security policy file is as follows.
Notation: "*" means zero or more occurrences of the preceding element,
and "+" means one or more occurrences. To interpret
foo/bar, ignore the text after the /; it
is used to distinguish between instances of foo in the next
section.
policy file ::= version line other line*
version line ::= string/v '\n'
other line ::= comment | access rule | site policy | blank line
comment ::= # not newline* '\n'
blank line ::= space '\n'
site policy ::= sitepolicy string/sp '\n'
access rule ::= property property/ar window perms '\n'
property ::= string
window ::= any | root | required property
required property ::= property/rp | property with value
property with value ::= property/rpv = string/rv
perms ::= [ operation | action | space ]*
operation ::= r | w | d
action ::= a | i | e
string ::= dbl quoted string | single quoted string | unqouted string
dbl quoted string ::= space " not dqoute* " space
single quoted string ::= space ' not squote* ' space
unquoted string ::= space not space+ space
space ::= [ ' ' | '\t' ]*
Character sets:
not newline ::= any character except '\n'
not dqoute ::= any character except "
not squote ::= any character except '
not space ::= any character except those in space
|
|
|
The semantics associated with the above syntax are as follows.
- version line
- The first line in the file, specifies the file format version. If
the server does not recognize the version string/v, it
ignores the rest of the file. The version string for the file format
described here is version-1.
Once past the version line, lines that do not match the above
syntax are ignored.
- comment
- Lines are ignored.
- sitepolicy
- Lines are currently ignored. They are intended to specify the site
policies used by the XC-QUERY-SECURITY-1 authorization method.
- access rule
- Lines specify how the server should react to untrusted client requests
that affect the X Window property named
property/ar. The rest of this section describes
the interpretation of an access rule.
For an access rule to apply to a given instance of
property/ar, property/ar must be
on a window that is in the set of windows specified by
window. If window is any, the rule
applies to property/ar on any window. If
window is root, the rule applies to
property/ar only on root windows.
If window is required property, the following
apply. If required property is a
property/rp, the rule applies when the window also has
that property/rp, regardless of its value. If
required property is a property with value,
property/rpv must also have the value specified by
string/rv. In this case, the property must have
type STRING and format 8, and should contain one or more null- terminated
strings. If any of the strings match string/rv,
the rule applies.
The definition of string matching is simple case-sensitive string
comparison with one elaboration: the occurrence of the character
'*' in string/rv is a wildcard meaning "any
string." A string/rv can contain multiple
wildcards anywhere in the string. For example, x* matches
strings that begin with x, *x matches strings that end
with x, *x* matches strings containing x, and
x*y* matches strings that start with x and subsequently
contain y.
There may be multiple access rule lines for a given
property/ar. The rules are tested in the order
that they appear in the file. The first rule that applies is
used.
|
|
|
- perms
- Specify operations that untrusted clients may attempt, and the actions
that the server should take in response to those operations.
- operation
- Can be r (read), w (write), or d
(delete). The following table shows how X Protocol property requests
map to these operations in the X Consortium server implementation.
- GetProperty
- r, or r and d if delete = True
- ChangeProperty
- w
- RotateProperties
- r and w
- DeleteProperty
- d
- ListProperties
- none, untrusted clients can always list all properties
- action
- Can be a (allow), i (ignore), or e
(error).
- Allow
- Executes the request as if it had been issued by a trusted client.
- Ignore
- Treats the request as a no-op. In the case of GetProperty, ignore
means return an empty property value if the property exists, regardless of its
actual value.
- Error
- means do not execute the request and return a BadAtom error
with the atom set to the property name. Error is the default
action for all properties, including those not listed in the security policy
file.
An action applies to all operations that follow it,
until the next action> is encountered. Thus,
irwad means ignore read and write, allow delete.
GetProperty and RotateProperties may do multiple operations (r
and d, or r and w). If different
actions apply to the operations, the most severe action is applied to the
whole request; there is no partial request execution. The severity
ordering is: allow < ignore < error. Thus, if the
perms for a property are ired (ignore read, error
delete), and an untrusted client attempts GetProperty on that property with
delete = True, an error is returned, but the property value is
not. Similarly, if any of the properties in a RotateProperties do not
allow both read and write, an error is returned without changing any property
values.
Here is an example security policy file.
|
|
-
-
version-1
# Allow reading of application resources, but not writing.
property RESOURCE_MANAGER root ar iw
property SCREEN_RESOURCES root ar iw
# Ignore attempts to use cut buffers. Giving errors causes apps to crash,
# and allowing access may give away too much information.
property CUT_BUFFER0 root irw
property CUT_BUFFER1 root irw
property CUT_BUFFER2 root irw
property CUT_BUFFER3 root irw
property CUT_BUFFER4 root irw
property CUT_BUFFER5 root irw
property CUT_BUFFER6 root irw
property CUT_BUFFER7 root irw
# If you are using Motif, you probably want these.
property _MOTIF_DEFAULT_BINDINGS rootar iw
property _MOTIF_DRAG_WINDOW root ar iw
property _MOTIF_DRAG_TARGETS any ar iw
property _MOTIF_DRAG_ATOMS any ar iw
property _MOTIF_DRAG_ATOM_PAIRS any ar iw
# The next two rules let xwininfo -tree work when untrusted.
property WM_NAME any ar
|
|
-
-
# Allow read of WM_CLASS, but only for windows with WM_NAME.
# This might be more restrictive than necessary, but demonstrates
# the required property facility, and is also an attempt to
# say "top level windows only."
property WM_CLASS WM_NAME ar
# These next three let xlsclients work untrusted. Think carefully
# before including these; giving away the client machine name and command
# may be exposing too much.
property WM_STATE WM_NAME ar
property WM_CLIENT_MACHINE WM_NAME ar
property WM_COMMAND WM_NAME ar
# To let untrusted clients use the standard colormaps created by
# xstdcmap, include these lines.
property RGB_DEFAULT_MAP root ar
property RGB_BEST_MAP root ar
property RGB_RED_MAP root ar
property RGB_GREEN_MAP root ar
property RGB_BLUE_MAP root ar
property RGB_GRAY_MAP root ar
# To let untrusted clients use the color management database created
# by xcmsdb, include these lines.
property XDCCC_LINEAR_RGB_CORRECTION rootar
property XDCCC_LINEAR_RGB_MATRICES rootar
property XDCCC_GRAY_SCREENWHITEPOINT rootar
property XDCCC_GRAY_CORRECTION rootar
# oddball property names and explicit specification of error conditions
property "property with spaces" 'property with "'aw er ed
# Allow deletion of Woo-Hoo if window also has property OhBoy with value
# ending in "son". Reads and writes will cause an error.
property Woo-Hoo OhBoy = "*son"ad
|