Getting Tiger VNC to Work on Fedora 28
Created: 21 August 2018 Modified:With Fedora 28 and probably Fedora 27 there have been some changes to the recommended TigerVNC configuration. If you have an earlier version go to Getting Tiger VNC to Work on Linux. These changes occurred because the previous configuration started having problems around Fedora 26. It was running afoul of SELinux and issues with runserver. This resulted in Tiger VNC throwing odd, and unhelpful, exit errors when starting using systemd.
At the time of this writing the directions in the Fedora Documentation hasn’t been updated to reflect the changes. If you have a fresh install of Fedora you can skip the first three steps. If you have upgraded your Fedora from version 26 and earlier then we want to start by uninstalling Tiger VNC and all of its configuration files.
The first step is to stop Tiger VNC if it is running. Despite the systemd startup errors it may indeed be running. I have used Tiger VNC for several months despite the systemd startup errors. While you should be able to stop it using systemctl I found that if the startup had errors, stopping it with systemctl doesn’t work. You may need to kill the process.
Stop Tiger VNC
[chris ~]$ sudo systemctl stop vncserver@:1
[chris ~]$ ps -aef | grep vnc
chris 6443 4589 0 09:13 pts/0 00:00:00 grep --color=auto vnc
chris 27325 1 7 Aug20 ? 01:22:23 /usr/bin/Xvnc :1 -auth /home/chris/.Xauthority -desktop 127.0.0.1:1 (chris) -fp catalogue:/etc/X11/fontpath.d -geometry 1024x768 -pn -rfbauth /home/chris/.vnc/passwd -rfbport 5901 -rfbwait 30000
[chris ~]$ kill 27325
[chris ~]$ ps -aef | grep vnc
chris 6470 4589 0 09:14 pts/0 00:00:00 grep --color=auto vncThe first step is to remove Tiger VNC.
Uninstall Tiger VNC
[chris ~]$ sudo dnf remove tigervnc-server
Dependencies resolved
========================================================================================================================================
Package Arch Version Repository Size
========================================================================================================================================
Removing:
tigervnc-server x86_64 1.8.0-7.fc28 @fedora 556 k
Transaction Summary
========================================================================================================================================
Remove 1 Package
Freed space: 556 k
Is this ok [y/N]: y
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: tigervnc-server-1.8.0-7.fc28.x86_64 1/1
Erasing : tigervnc-server-1.8.0-7.fc28.x86_64 1/1
Running scriptlet: tigervnc-server-1.8.0-7.fc28.x86_64 1/1
Verifying : tigervnc-server-1.8.0-7.fc28.x86_64 1/1
Removed:
tigervnc-server.x86_64 1.8.0-7.fc28
Complete!The second step is to remove any unused dependencies. The output was unwieldy and has been truncated in sections.
Remove unneeded dependencies
[chris ~]$ sudo dnf autoremove
[sudo] password for chris:
Last metadata expiration check: 0:20:25 ago on Tue 21 Aug 2018 08:11:11 AM EDT.
Dependencies resolved.
========================================================================================================================================
Package Arch Version Repository Size
========================================================================================================================================
Removing:
NetworkManager-glib x86_64 1:1.10.10-1.fc28 @updates 6.0 M
NetworkManager-ppp x86_64 1:1.10.10-1.fc28 @updates 76 k
apache-commons-lang noarch 2.6-21.fc28 @fedora 314 k
... STUFF OMITTED HERE ...
xerces-c x86_64 3.2.1-1.fc28 @fedora 3.9 M
xerces-j2 noarch 2.11.0-31.fc28 @fedora 1.3 M
xml-commons-resolver noarch 1.2-24.fc28 @fedora 121 k
xml-security-c x86_64 1.7.3-4.fc28 @fedora 1.2 M
Transaction Summary
========================================================================================================================================
Remove 71 Packages
Freed space: 143 M
Is this ok [y/N]: y
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: xalan-j2-2.7.1-34.fc28.noarch 1/1
Erasing : xalan-j2-2.7.1-34.fc28.noarch 1/71
Erasing : xerces-j2-2.11.0-31.fc28.noarch 2/71
Erasing : python3-pyOpenSSL-17.3.0-3.fc28.noarch 3/71
... STUFF OMITTED HERE ...
Verifying : gstreamer-plugins-base-0.10.36-18.fc27.x86_64 68/71
Verifying : gstreamer-tools-0.10.36-18.fc27.x86_64 69/71
Verifying : guava-24.0-3.fc28.noarch 70/71
Verifying : sphinx-2.2.11-7.fc28.x86_64 71/71
Removed:
NetworkManager-glib.x86_64 1:1.10.10-1.fc28 NetworkManager-ppp.x86_64 1:1.10.10-1.fc28
apache-commons-lang.noarch 2.6-21.fc28 argyllcms.x86_64 1.9.2-5.fc28
bison.x86_64 3.0.4-9.fc28 boost-random.x86_64 1.66.0-8.fc28
dnfdragora-updater.noarch 1.0.1-10.git20180108.b0e8a66.fc28 dnsmasq.x86_64 2.79-5.fc28
... STUFF OMITTED HERE ...
xalan-j2.noarch 2.7.1-34.fc28 xerces-c.x86_64 3.2.1-1.fc28
xerces-j2.noarch 2.11.0-31.fc28 xml-commons-resolver.noarch 1.2-24.fc28
xml-security-c.x86_64 1.7.3-4.fc28
Complete!Our third step is to clean things up.
Clean up any left over mess
[chris ~]$ sudo dnf clean all
72 files removedWith Tiger VNC removed from our system we can now proceed with putting it back on the system. Normally I would expect the service file to automatically be installed when the server is installed. It isn’t and the next bit touches on why. The Systemd service file for TigerVNC looks different than other service files. As shown below Tiger VNC’s service file has an “@” symbol in its name. Without going into the details, the result is that you start can multiple instances of Tiger VNC by passing different display numbers to the service file during startup. The next step is to install Tigeer VNC.
Install Tiger VNC
[chris ~]$ sudo dnf install tigervnc-server
Adobe Systems Incorporated 8.9 kB/s | 1.9 kB 00:00
Fedora 28 - x86_64 - Updates 572 kB/s | 22 MB 00:39
Fedora 28 - x86_64 105 kB/s | 60 MB 09:47
Last metadata expiration check: 0:00:00 ago on Tue 21 Aug 2018 08:49:10 AM EDT.
Dependencies resolved.
========================================================================================================================================
Package Arch Version Repository Size
========================================================================================================================================
Installing:
tigervnc-server x86_64 1.9.0-2.fc28 updates 247 k
Transaction Summary
========================================================================================================================================
Install 1 Package
Total download size: 247 k
Installed size: 600 k
Is this ok [y/N]: y
Downloading Packages:
tigervnc-server-1.9.0-2.fc28.x86_64.rpm 280 kB/s | 247 kB 00:00
----------------------------------------------------------------------------------------------------------------------------------------
Total 174 kB/s | 247 kB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : tigervnc-server-1.9.0-2.fc28.x86_64 1/1
Running scriptlet: tigervnc-server-1.9.0-2.fc28.x86_64 1/1
Verifying : tigervnc-server-1.9.0-2.fc28.x86_64 1/1
Installed:
tigervnc-server.x86_64 1.9.0-2.fc28
Complete!Next we copy over a service file from the libraries to our Systemd service directory.
copy service file
[chris]$ sudo cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@.service
[sudo] password for chris:
[chris]$ Now we need to edit the vncserver@.service file to add your our name. The contents of this file is one part that has changed. I have provided a before and after look of the file. In my case I edit the file replacing
Original vncserver@.service
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=forking
WorkingDirectory=/home/<USER>
User=<USER>
Group=<USER>
PIDFile=/home/<USER>/.vnc/%H%i.pid
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver -autokill %i
ExecStop=/usr/bin/vncserver -kill %i
Restart=on-success
RestartSec=15
[Install]
WantedBy=multi-user.targetThe file you copied is owned by the root user and you will want to “sudo vim vncserver@.service” when editing the file. Or use whatever editor you prefer in place of Vim. If you use Vim you can run the command ":%s/<User>/username/g" to place your username in the correct places. Replace “username” with our user account name.
Modified vncserver@.service
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=forking
WorkingDirectory=/home/chris
User=chris
Group=chris
PIDFile=/home/chris/.vnc/%H%i.pid
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver -autokill %i
ExecStop=/usr/bin/vncserver -kill %i
Restart=on-success
RestartSec=15
[Install]
WantedBy=multi-user.targetNow we want to set a VNC password for our user. The following commands need to be run as the user which you added to the vncserver@.service file.
Set VNC password
[chris]$ vncpasswd
Password:
Verify:
Would you like to enter a view-only password (y/n)? nNext we want to reload the Systemd configuration. This is in case you already had Tiger VNC configured. This command has Systemd reread its configurations.
Reload Systemd configuration
[chris]$ sudo systemctl daemon-reloadThe next step is to start Tiger VNC service, verify its running and check its status.
Restart Tiger VNC
[chris ~]$ sudo systemctl start vncserver@:1
[sudo] password for chris:
[chris ~]$ ps -aef | grep vnc
chris 6588 1 1 09:28 ? 00:00:00 /usr/bin/Xvnc :1 -auth /home/chris/.Xauthority -desktop achrcwk0900L412:1 (chris) -fp catalogue:/etc/X11/fontpath.d -geometry 1024x768 -pn -rfbauth /home/chris/.vnc/passwd -rfbport 5901 -rfbwait 30000
chris 6597 1 0 09:28 ? 00:00:00 sh -c (/home/chris/.vnc/xstartup; /usr/bin/vncserver -kill :1) >> '/home/chris/.vnc/achrcwk0900L412:1.log' 2>&1 &
chris 7083 4589 0 09:29 pts/0 00:00:00 grep --color=auto vnc
[chris ~]$ sudo systemctl status vncserver@:1
● vncserver@:1.service - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/vncserver@.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2018-08-21 09:28:58 EDT; 54s ago
Process: 6580 ExecStart=/usr/bin/vncserver -autokill :1 (code=exited, status=0/SUCCESS)
Process: 6575 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill :1 > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
Main PID: 6588 (Xvnc)
Tasks: 98 (limit: 4915)
Memory: 139.2M
CGroup: /system.slice/system-vncserver.slice/vncserver@:1.service
├─6588 /usr/bin/Xvnc :1 -auth /home/chris/.Xauthority -desktop achrcwk0900L412:1 (chris) -fp catalogue:/etc/X11/fontpa>
├─6597 sh -c (/home/chris/.vnc/xstartup; /usr/bin/vncserver -kill :1) >> '/home/chris/.vnc/achrcwk0900L412:1.log' 2>&1>
├─6598 /bin/sh /etc/xdg/xfce4/xinitrc -- vt
├─6605 dbus-launch --sh-syntax --exit-with-session
├─6606 /usr/bin/dbus-daemon --syslog --fork --print-pid 5 --print-address 7 --session
├─6680 /usr/libexec/imsettings-daemon
├─6684 /usr/libexec/gvfsd
├─6730 /usr/bin/ssh-agent /etc/X11/xinit/Xclients
├─6744 xfce4-session
├─6748 /usr/lib64/xfce4/xfconf/xfconfd
├─6753 xfwm4
├─6757 xfce4-panel
├─6759 Thunar --daemon
├─6761 xfdesktop
├─6762 xfsettingsd
├─6765 /usr/libexec/xfce-polkit
├─6766 xscreensaver -no-splash
├─6771 nm-applet
├─6775 abrt-applet
├─6782 /usr/bin/python3 /usr/bin/seapplet
├─6783 xfce4-power-manager
├─6784 /usr/libexec/geoclue-2.0/demos/agentNow lets make sure that our server starts when our workstation starts up.
Configure Tiger VNC to automaticall start on boot
[chris ~]$ sudo systemctl enable vncserver@:1After all that it is still possible that Tiger VNC will not start. If you look in /var/log/messages there may be a line saying thate systemd cannot write to a PID file. This could be due to SELinux and you can fix it by changing the SELinux properties for systemd as shown below. The commands below will not work prop
Change .vnc SELinux properties
[chris ~]$ sudo ausearch -c 'systemd' --raw | sudo audit2allow -M my-systemd
[chris ~]$ sudo semodule -X 300 -i my-systemd.ppThe last step of the server setup is to open up your firewall. If you are using firewalld you can run firewall-config and select “vnc-server” under services in the runtime and permanent configurations. If you are using a different firewall you will probably want to open up ports 5900 to 6000.
The next step is to download the Tiger VNC Client from their GitHub site. From there you can follow the links to the latest download site. The client is a straight binary executable without an install program. Drop it in a folder and run it. The last tricky bit is you will need to add a “:1” to the end of your DNS/IP address to tell the client which display number to connect to.
tags: linux - tls - certificate - selinux - file - security - context - xfce - fedora - fedora 28 - fedora 27