Xserver - X Window System display server


       X [option ...]


       X  is  the  generic name for the X Window System display server.  It is
       frequently a link or a copy of the appropriate server binary for  driv-
       ing the most frequently used server on a given machine.


       The  X  server  is  usually  started from the X Display Manager program
       xdm(1) or a similar display manager program.  This utility is run  from
       the  system  boot  files  and takes care of keeping the server running,
       prompting for usernames and passwords, and starting up  the  user  ses-

       Installations  that run more than one window system may need to use the
       xinit(1) utility instead of a display manager.  However, xinit is to be
       considered  a tool for building startup scripts and is not intended for
       use by end users.  Site administrators are strongly urged to use a dis-
       play manager, or build other interfaces for novice users.

       The  X  server  may  also  be started directly by the user, though this
       method is usually reserved for testing and is not recommended for  nor-
       mal  operation.   On some platforms, the user must have special permis-
       sion to start the X server, often because  access  to  certain  devices
       (e.g. /dev/mouse) is restricted.

       When  the  X server starts up, it typically takes over the display.  If
       you are running on a workstation whose console is the display, you  may
       not be able to log into the console while the server is running.


       Many X servers have device-specific command line options.  See the man-
       ual pages for the individual  servers  for  more  details;  a  list  of
       server-specific manual pages is provided in the SEE ALSO section below.

       All  of  the X servers accept the command line options described below.
       Some X servers may have alternative ways of  providing  the  parameters
       described  here,  but  the values provided via the command line options
       should override values specified via other mechanisms.

               The X server runs as the given displaynumber, which by  default
               is  0.   If  multiple  X servers are to run simultaneously on a
               host, each must have a unique display number.  See the  DISPLAY
               NAMES  section  of the X(7) manual page to learn how to specify
               which display number clients should try to use.

       -a number
               sets pointer acceleration  (i.e.  the  ratio  of  how  much  is
               reported to how much the user actually moved the pointer).

       -ac     disables  host-based access control mechanisms.  Enables access
               by any host, and permits any host to modify the access  control
               list.   Use with extreme caution.  This option exists primarily
               for running test suites remotely.

       -audit level
               sets the audit trail level.  The default level  is  1,  meaning
               only  connection rejections are reported.  Level 2 additionally
               reports all successful connections and  disconnects.   Level  4
               enables  messages  from  the  SECURITY  extension,  if present,
               including generation and revocation of authorizations and  vio-
               lations  of  the  security policy.  Level 0 turns off the audit
               trail.  Audit lines are sent as standard error output.

       -auth authorization-file
               specifies a file which contains a collection  of  authorization
               records  used  to authenticate access.  See also the xdm(1) and
               Xsecurity(7) manual pages.

       -bs     disables backing store support on all screens.

       -br     sets the default root window to  solid  black  instead  of  the
               standard root weave pattern.

       -c      turns off key-click.

       c volume
               sets key-click volume (allowable range: 0-100).

       -cc class
               sets  the  visual  class  for the root window of color screens.
               The class numbers are as specified  in  the  X  protocol.   Not
               obeyed by all servers.

       -co filename
               sets   name   of   RGB   color   database.    The   default  is

       -core   causes the server to generate a core dump on fatal errors.

       -deferglyphs whichfonts
               specifies the types  of  fonts  for  which  the  server  should
               attempt  to  use deferred glyph loading.  whichfonts can be all
               (all fonts), none (no fonts), or 16 (16 bit fonts only).

       -dpi resolution
               sets the resolution for all screens, in dots per inch.   To  be
               used  when  the server cannot determine the screen size(s) from
               the hardware.

       dpms    enables DPMS (display power management  services),  where  sup-
               ported.   The  default state is platform and configuration spe-

       -dpms   disables DPMS (display power management services).  The default
               state is platform and configuration specific.

               disables  named  extension.    If  an unknown extension name is
               specified, a list of accepted extension names is printed.

               enables named extension.   If  an  unknown  extension  name  is
               specified, a list of accepted extension names is printed.

       -f volume
               sets feep (bell) volume (allowable range: 0-100).

       -fc cursorFont
               sets default cursor font.

       -fn font
               sets the default font.

       -fp fontPath
               sets the search path for fonts.  This path is a comma separated
               list of directories which the X server searches for font  data-
               bases.   See  the  FONTS  section  of this manual page for more
               information and the default list.

       -help   prints a usage message.

       -I      causes all remaining command line arguments to be ignored.

       -maxbigreqsize size
               sets the maximum big request to size MB.

       -nolisten trans-type
               disables a transport type.  For example, TCP/IP connections can
               be disabled with -nolisten tcp.  This option may be issued mul-
               tiple times to disable listening to different transport types.

               prevents a server reset when  the  last  client  connection  is
               closed.   This  overrides  a  previous  -terminate command line

       -p minutes
               sets screen-saver pattern cycle time in minutes.

       -pn     permits the server to continue running if it fails to establish
               all  of its well-known sockets (connection points for clients),
               but establishes at least one.  This option is set by default.

       -nopn   causes the server to exit if it fails to establish all  of  its
               well-known sockets (connection points for clients).

       -r      turns off auto-repeat.

       r       turns on auto-repeat.

       -s minutes
               sets screen-saver timeout time in minutes.

       -su     disables save under support on all screens.

       -t number
               sets  pointer  acceleration threshold in pixels (i.e. after how
               many pixels pointer acceleration should take effect).

               causes the server to terminate at server reset, instead of con-
               tinuing  to  run.   This  overrides a previous -noreset command
               line option.

       -to seconds
               sets default connection timeout in seconds.

       -tst    disables all testing extensions (e.g., XTEST,  XTrap,  XTestEx-
               tension1, RECORD).

       ttyxx   ignored, for servers started the ancient way (from init).

       v       sets video-off screen-saver preference.

       -v      sets video-on screen-saver preference.

       -wm     forces  the  default  backing-store  of all windows to be When-
               Mapped.  This is a backdoor way  of  getting  backing-store  to
               apply  to  all  windows.  Although all mapped windows will have
               backing store, the backing store attribute  value  reported  by
               the server for a window will be the last value established by a
               client.  If it has never been set by a client, the server  will
               report the default value, NotUseful.  This behavior is required
               by the X protocol,  which  allows  the  server  to  exceed  the
               client's  backing store expectations but does not provide a way
               to tell the client that it is doing so.

       -wr     sets the default root window to  solid  white  instead  of  the
               standard root weave pattern.

       -x extension
               loads  the  specified  extension  at init.  This is a no-op for
               most implementations.

               enables(+) or disables(-) the XINERAMA extension.  The  default
               state is platform and configuration specific.


       Some X servers accept the following options:

       -ld kilobytes
               sets the data space limit of the server to the specified number
               of kilobytes.  A value of zero makes the data size as large  as
               possible.   The default value of -1 leaves the data space limit

       -lf files
               sets the number-of-open-files limit of the server to the speci-
               fied  number.  A value of zero makes the limit as large as pos-
               sible.  The default value of -1 leaves the limit unchanged.

       -ls kilobytes
               sets the stack space limit of the server to the specified  num-
               ber  of  kilobytes.   A  value  of zero makes the stack size as
               large as possible.  The default value of -1  leaves  the  stack
               space limit unchanged.

       -logo   turns  on the X Window System logo display in the screen-saver.
               There is currently no way to change this from a client.

       nologo  turns off the X Window System logo display in the screen-saver.
               There is currently no way to change this from a client.

       -render default|mono|gray|color  sets  the color allocation policy that
               will be used by the render extension.

               default selects the default  policy  defined  for  the  display
                       depth of the X server.

               mono    don't use any color cell.

               gray    use  a  gray  map  of  13  color cells for the X render

               color   use a color cube of at most 4*4*4 colors  (that  is  64
                       color cells).

               disables  smart  scheduling on platforms that support the smart

       -schedInterval interval
               sets the smart scheduler's scheduling interval to interval mil-


       X  servers  that  support  XDMCP have the following options.  See the X
       Display Manager Control Protocol specification for more information.

       -query hostname
               enables XDMCP and sends Query packets to  the  specified  host-

               enable  XDMCP and broadcasts BroadcastQuery packets to the net-
               work.  The first responding display manager will be chosen  for
               the session.

       -multicast [address [hop count]]
               Enable  XDMCP and multicast BroadcastQuery packets to the  net-
               work.  The first responding display manager is chosen  for  the
               session.   If an address is specified, the multicast is sent to
               that address.  If no address is  specified,  the  multicast  is
               sent to the default XDMCP IPv6 multicast group.  If a hop count
               is specified, it is used as the maximum hop count for the  mul-
               ticast.   If no hop count is specified, the multicast is set to
               a maximum of 1 hop, to prevent the multicast from being  routed
               beyond the local network.

       -indirect hostname
               enables  XDMCP  and send IndirectQuery packets to the specified

       -port port-number
               uses the specified port-number for XDMCP  packets,  instead  of
               the  default.  This option must be specified before any -query,
               -broadcast, -multicast, or -indirect options.

       -from local-address
               specifies the local address to connect from (useful if the con-
               necting  host  has  multiple  network  interfaces).  The local-
               address may be expressed in any form  acceptable  to  the  host
               platform's gethostbyname(3) implementation.

       -once   causes  the  server  to  terminate (rather than reset) when the
               XDMCP session ends.

       -class display-class
               XDMCP has an additional  display  qualifier  used  in  resource
               lookup  for  display-specific  options.   This option sets that
               value, by default it is "MIT-Unspecified" (not  a  very  useful

       -cookie xdm-auth-bits
               When  testing  XDM-AUTHENTICATION-1,  a  private  key is shared
               between the server and the manager.  This option sets the value
               of that private data (not that it is very private, being on the
               command line!).

       -displayID display-id
               Yet another XDMCP specific value, this one allows  the  display
               manager  to  identify  each  display  so that it can locate the
               shared key.


       X servers that support the XKEYBOARD (a.k.a.  "XKB")  extension  accept
       the  following options.  All layout files specified on the command line
       must be located in the XKB base directory or a subdirectory, and speci-
       fied as the relative path from the XKB base directory.  The default XKB
       base directory is /usr/X11R6/lib/X11/xkb.

       [+-]kb  enables(+) or disables(-) the XKEYBOARD extension.

       [+-]accessx [ timeout [ timeout_mask [ feedback [ options_mask ] ] ] ]
               enables(+) or disables(-) AccessX key sequences.

       -xkbdir directory
               base directory for keyboard layout files.  This option  is  not
               available  for setuid X servers (i.e., when the X server's real
               and effective uids are different).

       -ardelay milliseconds
               sets the autorepeat delay (length of time in milliseconds  that
               a key must be depressed before autorepeat starts).

       -arinterval milliseconds
               sets  the  autorepeat  interval (length of time in milliseconds
               that should elapse between autorepeat-generated keystrokes).

       -xkbmap filename
               loads keyboard description in filename on server startup.


       X servers that support the  SECURITY  extension  accept  the  following

       -sp filename
               causes  the server to attempt to read and interpret filename as
               a security policy file with the format  described  below.   The
               file is read at server startup and reread at each server reset.

       The  syntax  of  the security policy file is as follows.  Notation: "*"
       means zero or more occurrences of the preceding element, and "+"  means
       one or more occurrences.  To interpret <foo/bar>, ignore the text after
       the /; it is used to distinguish between instances of <foo> in the next

       <policy file> ::= <version line> <other line>*

       <version line> ::= <string/v> '\n'

       <other line > ::= <comment> | <access rule> | <site policy> | <blank line>

       <comment> ::= # <not newline>* '\n'

       <blank line> ::= <space> '\n'

       <site policy> ::= sitepolicy <string/sp> '\n'

       <access rule> ::= property <property/ar> <window> <perms> '\n'

       <property> ::= <string>

       <window> ::= any | root | <required property>

       <required property> ::= <property/rp> | <property with value>

       <property with value> ::= <property/rpv> = <string/rv>

       <perms> ::= [ <operation> | <action> | <space> ]*

       <operation> ::= r | w | d

       <action> ::= a | i | e

       <string> ::= <dbl quoted string> | <single quoted string> | <unquoted string>

       <dbl quoted string> ::= <space> " <not dqoute>* " <space>

       <single quoted string> ::= <space> ' <not squote>* ' <space>

       <unquoted string> ::= <space> <not space>+ <space>

       <space> ::= [ ' ' | '\t' ]*

       Character sets:

       <not newline> ::= any character except '\n'
       <not dqoute>  ::= any character except "
       <not squote>  ::= any character except '
       <not space>   ::= any character except those in <space>

       The semantics associated with the above syntax are as follows.

       <version  line>,  the first line in the file, specifies the file format
       version.  If the server does not recognize the version  <string/v>,  it
       ignores  the  rest of the file.  The version string for the file format
       described here is "version-1" .

       Once past the <version line>, lines that do not match the above  syntax
       are ignored.

       <comment> lines are ignored.

       <sitepolicy> lines are currently ignored.  They are intended to specify
       the site policies used by the XC-QUERY-SECURITY-1 authorization method.

       <access rule> lines specify how the server should  react  to  untrusted
       client  requests that affect the X Window property named <property/ar>.
       The rest of this section describes the  interpretation  of  an  <access

       For  an  <access  rule>  to apply to a given instance of <property/ar>,
       <property/ar> must be on a window that is in the set of windows  speci-
       fied  by  <window>.   If  <window>  is  any, the rule applies to <prop-
       erty/ar> on any window.  If <window>  is  root,  the  rule  applies  to
       <property/ar> only on root windows.

       If  <window> is <required property>, the following apply.  If <required
       property> is a <property/rp>, the rule applies when the window also has
       that <property/rp>, regardless of its value.  If <required property> is
       a <property with value>, <property/rpv> must also have the value speci-
       fied  by <string/rv>.  In this case, the property must have type STRING
       and format 8, and should contain one or more  null-terminated  strings.
       If any of the strings match <string/rv>, the rule applies.

       The  definition of string matching is simple case-sensitive string com-
       parison with one elaboration: the occurrence of the  character  '*'  in
       <string/rv> is a wildcard meaning "any string."  A <string/rv> can con-
       tain multiple wildcards anywhere in  the  string.   For  example,  "x*"
       matches  strings  that begin with x, "*x" matches strings that end with
       x, "*x*" matches strings containing x, and "x*y*" matches strings  that
       start with x and subsequently contain y.

       There  may  be  multiple <access rule> lines for a given <property/ar>.
       The rules are tested in the order that they appear in  the  file.   The
       first rule that applies is used.

       <perms>  specify operations that untrusted clients may attempt, and the
       actions that the server should take in response to those operations.

       <operation> can be r (read), w (write), or d (delete).   The  following
       table shows how X Protocol property requests map to these operations in
       The Open Group server implementation.

       GetProperty    r, or r and d if delete = True
       ChangeProperty w
       RotateProperties    r and w
       DeleteProperty d
       ListProperties none, untrusted clients can always list all properties

       <action> can be a (allow), i (ignore), or e (error).  Allow means  exe-
       cute  the request as if it had been issued by a trusted client.  Ignore
       means treat the request as a no-op.  In the case of GetProperty, ignore
       means return an empty property value if the property exists, regardless
       of its actual value.  Error means do not execute the request and return
       a  BadAtom  error with the atom set to the property name.  Error is the
       default action for all properties, including those not  listed  in  the
       security policy file.

       An  <action> applies to all <operation>s that follow it, until the next
       <action> is encountered.  Thus, irwad  means  ignore  read  and  write,
       allow delete.

       GetProperty  and  RotateProperties may do multiple operations (r and d,
       or r and w).  If different actions apply to the  operations,  the  most
       severe  action  is  applied  to  the whole request; there is no partial
       request execution.  The severity ordering is: allow < ignore  <  error.
       Thus,  if  the  <perms>  for  a  property  are ired (ignore read, error
       delete), and an untrusted client attempts GetProperty on that  property
       with  delete  =  True,  an error is returned, but the property value is
       not.  Similarly, if any of the properties in a RotateProperties do  not
       allow  both  read  and write, an error is returned without changing any
       property values.

       Here is an example security policy file.


       # Allow reading of application resources, but not writing.
       property RESOURCE_MANAGER     root      ar iw
       property SCREEN_RESOURCES     root      ar iw

       # Ignore attempts to use cut buffers.  Giving errors causes apps to crash,
       # and allowing access may give away too much information.
       property CUT_BUFFER0          root      irw
       property CUT_BUFFER1          root      irw
       property CUT_BUFFER2          root      irw
       property CUT_BUFFER3          root      irw
       property CUT_BUFFER4          root      irw
       property CUT_BUFFER5          root      irw
       property CUT_BUFFER6          root      irw
       property CUT_BUFFER7          root      irw

       # If you are using Motif, you probably want these.
       property _MOTIF_DEFAULT_BINDINGS        rootar iw
       property _MOTIF_DRAG_WINDOW   root      ar iw
       property _MOTIF_DRAG_TARGETS  any       ar iw
       property _MOTIF_DRAG_ATOMS    any       ar iw
       property _MOTIF_DRAG_ATOM_PAIRS         any ar iw

       # The next two rules let xwininfo -tree work when untrusted.
       property WM_NAME              any       ar

       # Allow read of WM_CLASS, but only for windows with WM_NAME.
       # This might be more restrictive than necessary, but demonstrates
       # the <required property> facility, and is also an attempt to
       # say "top level windows only."
       property WM_CLASS             WM_NAME   ar

       # These next three let xlsclients work untrusted.  Think carefully
       # before including these; giving away the client machine name and command
       # may be exposing too much.
       property WM_STATE             WM_NAME   ar
       property WM_CLIENT_MACHINE    WM_NAME   ar
       property WM_COMMAND           WM_NAME   ar

       # To let untrusted clients use the standard colormaps created by
       # xstdcmap, include these lines.
       property RGB_DEFAULT_MAP      root      ar
       property RGB_BEST_MAP         root      ar
       property RGB_RED_MAP          root      ar
       property RGB_GREEN_MAP        root      ar
       property RGB_BLUE_MAP         root      ar
       property RGB_GRAY_MAP         root      ar

       # To let untrusted clients use the color management database created
       # by xcmsdb, include these lines.
       property XDCCC_LINEAR_RGB_CORRECTION    rootar
       property XDCCC_LINEAR_RGB_MATRICES      rootar
       property XDCCC_GRAY_SCREENWHITEPOINT    rootar
       property XDCCC_GRAY_CORRECTION          rootar

       # To let untrusted clients use the overlay visuals that many vendors
       # support, include this line.
       property SERVER_OVERLAY_VISUALS         rootar

       # Dumb examples to show other capabilities.

       # oddball property names and explicit specification of error conditions
       property "property with spaces"         'property with "'aw er ed

       # Allow deletion of Woo-Hoo if window also has property OhBoy with value
       # ending in "son".  Reads and writes will cause an error.
       property Woo-Hoo              OhBoy = "*son"ad


       The X server supports client connections via a platform-dependent  sub-
       set  of the following transport types: TCPIP, Unix Domain sockets, DEC-
       net, and several varieties of SVR4 local connections.  See the  DISPLAY
       NAMES  section  of  the  X(7) manual page to learn how to specify which
       transport type clients should try to use.


       The X server implements a platform-dependent subset  of  the  following
       authorization  protocols: MIT-MAGIC-COOKIE-1, XDM-AUTHORIZATION-1, XDM-
       AUTHORIZATION-2, SUN-DES-1, and MIT-KERBEROS-5.  See  the  Xsecurity(7)
       manual page for information on the operation of these protocols.

       Authorization  data  required  by  the above protocols is passed to the
       server in a private file named with  the  -auth  command  line  option.
       Each  time  the  server is about to accept the first connection after a
       reset (or when the server is starting), it reads this  file.   If  this
       file contains any authorization records, the local host is not automat-
       ically allowed access to the server, and only clients which send one of
       the authorization records contained in the file in the connection setup
       information will be allowed access.  See the  Xau  manual  page  for  a
       description  of the binary format of this file.  See xauth(1) for main-
       tenance of this file, and distribution of its contents to remote hosts.

       The X server also uses a host-based access control  list  for  deciding
       whether  or  not  to  accept  connections  from clients on a particular
       machine.  If no other authorization mechanism is being used, this  list
       initially  consists  of the host on which the server is running as well
       as any machines listed in the file /etc/Xn.hosts, where n is  the  dis-
       play number of the server.  Each line of the file should contain either
       an Internet hostname (e.g. or a  DECnet  hostname  in
       double  colon  format  (e.g.  hydra::) or a complete name in the format
       family:name as described in the xhost(1) manual page.  There should  be
       no leading or trailing spaces on any lines.  For example:


       Users  can  add  or  remove  hosts from this list and enable or disable
       access control using the xhost command from the  same  machine  as  the

       If  the  X  FireWall  Proxy  (xfwp) is being used without a sitepolicy,
       host-based authorization must be turned on for clients to  be  able  to
       connect to the X server via the xfwp.  If xfwp is run without a config-
       uration file and thus no sitepolicy is defined, if xfwp is using  an  X
       server  where xhost + has been run to turn off host-based authorization
       checks, when a client tries to connect to this X server via xfwp, the X
       server  will  deny  the  connection.   See xfwp(1) for more information
       about this proxy.

       The X protocol intrinsically does not have any notion of window  opera-
       tion  permissions or place any restrictions on what a client can do; if
       a program can connect to a display, it has full run of the  screen.   X
       servers that support the SECURITY extension fare better because clients
       can be designated untrusted via the authorization they use to  connect;
       see  the xauth(1) manual page for details.  Restrictions are imposed on
       untrusted clients that curtail the mischief they can do.  See the SECU-
       RITY extension specification for a complete list of these restrictions.

       Sites  that  have better authentication and authorization systems might
       wish to make use of the hooks in the libraries and the server  to  pro-
       vide additional security models.


       The X server attaches special meaning to the following signals:

       SIGHUP  This  signal  causes  the  server to close all existing connec-
               tions, free all resources, and restore  all  defaults.   It  is
               sent  by  the  display  manager  whenever  the main user's main
               application (usually an xterm or window manager) exits to force
               the server to clean up and prepare for the next user.

       SIGTERM This signal causes the server to exit cleanly.

       SIGUSR1 This signal is used quite differently from either of the above.
               When the server starts, it checks to see if  it  has  inherited
               SIGUSR1 as SIG_IGN instead of the usual SIG_DFL.  In this case,
               the server sends a SIGUSR1 to its parent process after  it  has
               set  up  the various connection schemes.  Xdm uses this feature
               to recognize when connecting to the server is possible.


       The X server  can  obtain  fonts  from  directories  and/or  from  font
       servers.   The  list  of directories and font servers the X server uses
       when trying to open a font is controlled by the font path.

       The    default    font    path    is    /usr/X11R6/lib/X11/fonts/misc/,
       /usr/X11R6/lib/X11/fonts/TTF/,            /usr/X11R6/lib/X11/fonts/OTF,
       /usr/X11R6/lib/X11/fonts/Type1/,      /usr/X11R6/lib/X11/fonts/100dpi/,
       /usr/X11R6/lib/X11/fonts/75dpi/ .

       The  font  path  can be set with the -fp option or by xset(1) after the
       server has started.


       /etc/Xn.hosts                 Initial access control list  for  display
                                     number n

                                     Bitmap font directories

                                     Outline font directories

       /usr/X11R6/share/X11/rgb.txt  Color database

       /tmp/.X11-unix/Xn             Unix domain socket for display number n

       /tmp/rcXn                     Kerberos 5 replay cache for display  num-
                                     ber n

       /usr/adm/Xnmsgs               Error  log  file  for display number n if
                                     run from init(8)

                                     Default error log file if the  server  is
                                     run from xdm(1)


       General information: X(7)

       Protocols:  X  Window  System  Protocol, The X Font Service Protocol, X
       Display Manager Control Protocol

       Fonts: bdftopcf(1), mkfontdir(1), mkfontscale(1), xfs(1),  xlsfonts(1),
       xfontsel(1), xfd(1), X Logical Font Description Conventions

       Security:  Xsecurity(7),  xauth(1),  Xau(1), xdm(1), xhost(1), xfwp(1),
       Security Extension Specification

       Starting the server: xdm(1), xinit(1)

       Controlling the server once started: xset(1), xsetroot(1), xhost(1)

       Server-specific man pages: Xorg(1), Xdmx(1), Xnest(1),  Xvfb(1),  XDar-
       win(1), XWin(1).

       Server  internal documentation: Definition of the Porting Layer for the
       X v11 Sample Server


       The sample server was originally written by Susan Angebranndt,  Raymond
       Drewry,  Philip Karlton, and Todd Newman, from Digital Equipment Corpo-
       ration, with support from a large cast.  It has since been  extensively
       rewritten  by  Keith Packard and Bob Scheifler, from MIT.  Dave Wiggins
       took over post-R5 and made substantial improvements.

X Version 11                   xorg-server 1.2.0                    XSERVER(1)

Man(1) output converted with man2html