Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Apropos / Subsearch:
optional field

 Xhp(1)								      Xhp(1)

      X - X Window System server

      X :displaynumber [-option] ttyname

      X is the generic name for the window system server.  It is started by
      the dtlogin program which is typically run by init(1M).  Alternatively
      it may be started from the xinit(1) program, which is called by
      x11start.	 The displaynumber argument is used by clients in their
      DISPLAY environment variables to indicate which server to contact
      (machines may have several displays attached).  This number can be any
      number.  If no number is specified 0 is used.  This number is also
      used in determining the names of various startup files.  The ttyname
      argument is passed in by init and isn't used.

      The Hewlett-Packard server has support for the following protocols:

	      The server listens on port 6000+N, where N is the display

      Local Socket IPC Mechanism
	      The file name for the socket is "/var/spool/sockets/X11/*"
	      where "*" is the display number.

      Shared Memory IPC
	      If the Shared Memory Transport (SMT) option is enabled in the
	      Xserver, this will be the default connection that the X
	      Library will use to connect to an X server on the same machine
	      if the DISPLAY environment variable is set to "local:*" or
	      ":*" where "*" is the number of the display.  Currently, SMT
	      is not enabled by default.  Please see /etc/X11/X0screens
	      and/or /usr/lib/X11/Xserver/info/screens/hp for more
	      information about SMT.

      When the server starts up, it takes over the display.  If you are
      running on a workstation whose console is the display, you cannot log
      into the console while the server is running.

      The following options can be given on the command line to the X

      -a number
	      sets pointer acceleration (i.e. the ratio of how much is
	      reported to how much the user actually moved the pointer).

      -audit level
	      Sets the audit trail level.  The default level is 1, meaning

 Hewlett-Packard Company	    - 1 -	 HP-UX 10.*, 11.* March 1998

 Xhp(1)								      Xhp(1)

	      only connection rejections are reported.	Level 2 additionally
	      reports all successful connections and disconnects.  Level 4
	      enables messages from the SECURITY extension, including
	      generation and revocation of authorizations and violations of
	      the security policy.  Level 0 turns off the audit trail.
	      Audit lines are sent as standard error output.

      -auth authorization-file
	      Specifies a file which contains a collection of authorization
	      records used to authenticate access.

      bc      disables certain kinds of error checking, for bug
	      compatibility with previous releases (e.g., to work around
	      bugs in R2 and R3 xterms and toolkits).  Deprecated.

      -bs     disables backing store support on all screens.

      -c      turns off key-click.

      c volume
	      sets key-click volume (allowable range: 0-100).

      -co filename
	      sets name of RGB color database.

      -core   causes the server to generate a core dump on fatal errors.

      -dpi resolution
	      sets the resolution of the screen, in dots per inch.  To be
	      used when the server cannot determine the screen size from the

      -f volume
	      sets beep (bell) volume (allowable range: 0-100).

      -fc cursorFont
	      sets default cursor font.

      -fn font
	      sets the default font.

      -fp fontPath
	      sets the search path for fonts.  This path is a comma
	      separated list of directories which the server searches for
	      font databases.

      -help   prints a usage message.

      -I      causes all remaining command line arguments to be ignored.

 Hewlett-Packard Company	    - 2 -	 HP-UX 10.*, 11.* March 1998

 Xhp(1)								      Xhp(1)

      -logo   turns on the X Window System logo display in the screen-saver.
	      There is currently no way to change this from a client.  You
	      also need to specify -v to enable the logo to appear.

      nologo  turns off the X Window System logo display in the screen-
	      saver.  There is currently no way to change this from a

      -p minutes
	      sets screen-saver pattern cycle time in minutes.

      -pn     allows X server to run even if one or more communications
	      mechanisms fails to initialize.

      -pn     permits the server to continue running if it fails to
	      establish all of its well-known sockets, but establishes at
	      least one.

      -r      turns off keyboard auto-repeat.

      r	      turns on keyboard auto-repeat.

      -s minutes
	      sets screen-saver timeout time in minutes.

      -sp filename
	      causes the server to attempt to read and interpret filename as
	      a security policy file with the format described in the
	      SECURITY FILE FORMAT section below. The file is read at server
	      startup and reread at each server reset.	The default file is

      -su     disables save under support on all screens.

      -t number
	      sets pointer acceleration threshold in pixels (i.e. after how
	      many pixels pointer acceleration should take effect).

	      causes the server to terminate at server reset, instead of
	      continuing to run.

      -to seconds
	      sets default connection timeout in seconds.

      -tst    disables all testing extensions (e.g., XTEST,

      ttyxx   ignored, for servers started the ancient way (from init).

 Hewlett-Packard Company	    - 3 -	 HP-UX 10.*, 11.* March 1998

 Xhp(1)								      Xhp(1)

	      causes server to terminate when all clients disconnect.

      v	      sets video-on screen-saver preference.  A window that changes
	      regularly will be used to save the screen.

      -v      sets video-off screen-saver preference.  The screen will be
	      blanked to save the screen.

      -wm     forces the default backing-store of all windows to be
	      WhenMapped; a less expensive way of getting backing-store to
	      apply to all windows.

	   You can also have the X server connect to xdm(1) or dtlogin(1X) using
	   XDMCP.  Although this is not typically useful as it doesn't allow
	   xdm to manage the server process, it can be used to debug XDMCP
	   implementations, and serves as a sample implementation of the
	   server side of XDMCP.  The following options control the behavior
	   of XDMCP.

      -query host-name
	      Enable XDMCP and send Query packets to the specified host.

	      Enable XDMCP and broadcast BroadcastQuery packets to the
	      network.	The first responding display manager will be chosen
	      for the session.

      -indirect host-name
	      Enable XDMCP and send IndirectQuery packets to the specified

      -port port-num
	      Use an alternate port number for XDMCP packets.  Must be
	      specified before any -query, -broadcast or -indirect options.
	      Default port number is 177.

      -class display-class
	      XDMCP has an additional display qualifier used in resource
	      lookup for display-specific options.  This option sets that
	      value, by default it is "MIT-Unspecified" (not a very useful

      -cookie xdm-auth-bits
	      When testing XDM-AUTHENTICATION-1, a private key is shared
	      between the server and the manager.  This option sets the
	      value of that private data (not that it's very private, being
	      on the command line and all...).

      -displayID display-id
	      Yet another XDMCP specific value, this one allows the display

 Hewlett-Packard Company	    - 4 -	 HP-UX 10.*, 11.* March 1998

 Xhp(1)								      Xhp(1)

	      manager to identify each display so that it can locate the
	      shared key.

      The X server can be configured to run in virtual frame buffer (Xvfb)
      mode (see the X server information file
      /usr/lib/X11/Xserver/info/screens/hp).  Xvfb mode emulates a dumb
      framebuffer using virtual memory so it can be run on machines with no
      display hardware and no physical input devices.

      The primary use of this mode was intended to be server testing.  The
      mfb or cfb code for any depth can be exercised with this server
      without the need for real hardware that supports the desired depths.
      The X community has found many other novel uses for Xvfb mode,
      including testing clients against unusual depths and screen
      configurations, doing batch processing with Xvfb as a background
      rendering engine, load testing, as an aid to porting the X server to a
      new platform, and providing an unobtrusive way to run applications
      that don't really need an X server but insist on having one anyway.

      When run in Xvfb mode, the X server supports the following additional

      -screen screennum WxHxD
	  This option creates screen screennum and sets its width, height,
	  and depth to W, H, and D respectively.  By default, only screen 0
	  exists and has the dimensions 1280x1024x8.

      -pixdepths list-of-depths
	  This option specifies a list of pixmap depths that the server
	  should support in addition to the depths implied by the supported
	  screens.  list-of-depths is a space-separated list of integers
	  that can have values from 1 to 32.

      -fbdir framebuffer-directory
	  This option specifies the directory in which the memory mapped
	  files containing the framebuffer memory should be created.  See
	  FILES.  This option only exists on machines that have the mmap and
	  msync system calls.

	  This option specifies that the framebuffer should be put in shared
	  memory.  The shared memory ID for each screen will be printed by
	  the server.  The shared memory is in xwd format.  This option only
	  exists on machines that support the System V shared memory

      If neither -shmem nor -fbdir is specified, the framebuffer memory will
      be allocated with malloc().

 Hewlett-Packard Company	    - 5 -	 HP-UX 10.*, 11.* March 1998

 Xhp(1)								      Xhp(1)

      -linebias n
	  This option specifies how to adjust the pixelization of thin
	  lines.  The value n is a bitmask of octants in which to prefer an
	  axial step when the Bresenham error term is exactly zero.  See the
	  file Xserver/mi/miline.h for more information.  This option is
	  probably only useful to server developers to experiment with the
	  range of line pixelization possible with the cfb and mfb code.

      -blackpixel pixel-value, -whitepixel pixel-value
	  These options specify the black and white pixel values the server
	  should use.

      The syntax of the security policy file is as follows.  Notation: "*"
      means zero or more occurrences of the preceding element, and "+" means
      one or more occurrences.	To interpret <foo/bar>, ignore the text
      after the /; it is used to distinguish between instances of <foo> in
      the next section.

      <policy file> ::= <version line> <other line>*

      <version line> ::= <string/v> '\n'

      <other line > ::= <comment> | <access rule> | <site policy> | <blank line>

      <comment> ::= # <not newline>* '\n'

      <blank line> ::= <space> '\n'

      <site policy> ::= sitepolicy <string/sp> '\n'

      <access rule> ::= property <property/ar> <window> <perms> '\n'

      <property> ::= <string>

      <window> ::= any | root | <required property>

      <required property> ::= <property/rp> | <property with value>

      <property with value> ::= <property/rpv> = <string/rv>

      <perms> ::= [ <operation> | <action> | <space> ]*

      <operation> ::= r | w | d

      <action> ::= a | i | e

      <string> ::= <dbl quoted string> | <single quoted string> | <unqouted string>

      <dbl quoted string> ::= <space> " <not dqoute>* " <space>

 Hewlett-Packard Company	    - 6 -	 HP-UX 10.*, 11.* March 1998

 Xhp(1)								      Xhp(1)

      <single quoted string> ::= <space> ' <not squote>* ' <space>

      <unquoted string> ::= <space> <not space>+ <space>

      <space> ::= [ ' ' | '\t' ]*

      Character sets:

      <not newline> ::= any character except '\n'
      <not dqoute>  ::= any character except "
      <not squote>  ::= any character except '
      <not space>   ::= any character except those in <space>

      The semantics associated with the above syntax are as follows.

      <version line>, the first line in the file, specifies the file format
      version.	If the server does not recognize the version <string/v>, it
      ignores the rest of the file.  The version string for the file format
      described here is "version-1" .

      Once past the <version line>, lines that do not match the above syntax
      are ignored.

      <comment> lines are ignored.

      <sitepolicy> lines are currently ignored.	 They are intended to
      specify the site policies used by the XC-QUERY-SECURITY-1
      authorization method.

      <access rule> lines specify how the server should react to untrusted
      client requests that affect the X Window property named <property/ar>.
      The rest of this section describes the interpretation of an <access

      For an <access rule> to apply to a given instance of <property/ar>,
      <property/ar> must be on a window that is in the set of windows
      specified by <window>.  If <window> is any, the rule applies to
      <property/ar> on any window.  If <window> is root, the rule applies to
      <property/ar> only on root windows.

      If <window> is <required property>, the following apply.	If <required
      property> is a <property/rp>, the rule applies when the window also
      has that <property/rp>, regardless of its value.	If <required
      property> is a <property with value>, <property/rpv> must also have
      the value specified by <string/rv>.  In this case, the property must
      have type STRING and format 8, and should contain one or more null-
      terminated strings.  If any of the strings match <string/rv>, the rule

      The definition of string matching is simple case-sensitive string
      comparison with one elaboration: the occurence of the character '*' in

 Hewlett-Packard Company	    - 7 -	 HP-UX 10.*, 11.* March 1998

 Xhp(1)								      Xhp(1)

      <string/rv> is a wildcard meaning "any string."  A <string/rv> can
      contain multiple wildcards anywhere in the string.  For example, "x*"
      matches strings that begin with x, "*x" matches strings that end with
      x, "*x*" matches strings containing x, and "x*y*" matches strings that
      start with x and subsequently contain y.

      There may be multiple <access rule> lines for a given <property/ar>.
      The rules are tested in the order that they appear in the file.  The
      first rule that applies is used.

      <perms> specify operations that untrusted clients may attempt, and the
      actions that the server should take in response to those operations.

      <operation> can be r (read), w (write), or d (delete).  The following
      table shows how X Protocol property requests map to these operations
      in The Open Group server implementation.

      GetProperty     r, or r and d if delete = True
      ChangeProperty  w
      RotateProperties	      r and w
      DeleteProperty  d
      ListProperties  none, untrusted clients can always list all properties

      <action> can be a (allow), i (ignore), or e (error).  Allow means
      execute the request as if it had been issued by a trusted client.
      Ignore means treat the request as a no-op.  In the case of
      GetProperty, ignore means return an empty property value if the
      property exists, regardless of its actual value.	Error means do not
      execute the request and return a BadAtom error with the atom set to
      the property name.  Error is the default action for all properties,
      including those not listed in the security policy file.

      An <action> applies to all <operation>s that follow it, until the next
      <action> is encountered.	Thus, irwad  means ignore read and write,
      allow delete.

      GetProperty and RotateProperties may do multiple operations (r and d,
      or r and w).  If different actions apply to the operations, the most
      severe action is applied to the whole request; there is no partial
      request execution.  The severity ordering is: allow < ignore < error.
      Thus, if the <perms> for a property are ired (ignore read, error
      delete), and an untrusted client attempts GetProperty on that property
      with delete = True, an error is returned, but the property value is
      not.  Similarly, if any of the properties in a RotateProperties do not
      allow both read and write, an error is returned without changing any
      property values.

      Here is an example security policy file.


 Hewlett-Packard Company	    - 8 -	 HP-UX 10.*, 11.* March 1998

 Xhp(1)								      Xhp(1)

      # Allow reading of application resources, but not writing.
      property RESOURCE_MANAGER	      root    ar iw
      property SCREEN_RESOURCES	      root    ar iw

      # Ignore attempts to use cut buffers.  Giving errors causes apps to crash,
      # and allowing access may give away too much information.
      property CUT_BUFFER0    root    irw
      property CUT_BUFFER1    root    irw
      property CUT_BUFFER2    root    irw
      property CUT_BUFFER3    root    irw
      property CUT_BUFFER4    root    irw
      property CUT_BUFFER5    root    irw
      property CUT_BUFFER6    root    irw
      property CUT_BUFFER7    root    irw

      # If you are using Motif, you may want these.
      property _MOTIF_DEFAULT_BINDINGS	      root    ar iw
      property _MOTIF_DRAG_WINDOW     root    ar iw
      property _MOTIF_DRAG_TARGETS    any     ar iw
      property _MOTIF_DRAG_ATOMS      any     ar iw
      property _MOTIF_DRAG_ATOM_PAIRS any     ar iw

      # The next two rules let xwininfo -tree work when untrusted.
      property WM_NAME	      any     ar

      # Allow read of WM_CLASS, but only for windows with WM_NAME.
      # This might be more restrictive than necessary, but demonstrates
      # the <required property> facility, and is also an attempt to
      # say "top level windows only."
      property WM_CLASS	      WM_NAME ar

      # These next three let xlsclients work untrusted.	 Think carefully
      # before including these; giving away the client machine name and command
      # may be exposing too much.
      property WM_STATE	      WM_NAME ar
      property WM_CLIENT_MACHINE      WM_NAME ar
      property WM_COMMAND     WM_NAME ar

      # To let untrusted clients use the standard colormaps created by
      # xstdcmap, include these lines.
      property RGB_DEFAULT_MAP	      root    ar
      property RGB_BEST_MAP   root    ar
      property RGB_RED_MAP    root    ar
      property RGB_GREEN_MAP  root    ar
      property RGB_BLUE_MAP   root    ar
      property RGB_GRAY_MAP   root    ar

      # To let untrusted clients use the color management database created
      # by xcmsdb, include these lines.
      property XDCCC_LINEAR_RGB_CORRECTION    root    ar
      property XDCCC_LINEAR_RGB_MATRICES      root    ar

 Hewlett-Packard Company	    - 9 -	 HP-UX 10.*, 11.* March 1998

 Xhp(1)								      Xhp(1)

      property XDCCC_GRAY_SCREENWHITEPOINT    root    ar
      property XDCCC_GRAY_CORRECTION  root    ar

      # To let untrusted clients use the overlay visuals that many vendors
      # support, include this line.
      property SERVER_OVERLAY_VISUALS root    ar

      # property names and explicit specification of error conditions
      property "property with spaces" 'property with "'	      aw er ed

      # Allow deletion of Woo-Hoo if window also has property OhBoy with value
      # ending in "son".  Reads and writes will cause an error.
      property Woo-Hoo	      OhBoy = "*son"  ad

      Though X will usually be run by dtlogin from init, it is possible to
      run X directly from init.	 For information about running X from
      dtlogin, see the dtlogin man page.

      To run X directly from init, it is necessary to modify /etc/inittab
      and /etc/gettydefs.  Detailed information on these files may be
      obtained from the inittab(4) and gettydefs(4) man pages.

      To run X from init on display 0, with a login xterm running on
      /dev/ttypf, in init state 3, the following line must be added to

	  X0:3:respawn:env PATH=/bin:/usr/bin/X11:/usr/bin  xinit -L ttyqf
      -- :0

      To run X with a login hpterm, the following should be used instead:

	  X0:3:respawn:env PATH=/bin:/usr/bin/X11:/usr/bin  xinit hpterm
      =+1+1 -n login -L ttyqf -- :0

      In addition, the following line must be added to /etc/gettydefs (this
      should be a single line):

      IXANY TAB3   #X login: #Xwindow

      There should not be a getty running against the display whenever X is
      run from xinit.

      The sample server implements a simplistic authorization protocol,
      MIT-MAGIC-COOKIE-1 which uses data private to authorized clients and
      the server.  This is a rather trivial scheme; if the client passes
      authorization data which is the same as the server has, it is allowed
      access.  This scheme is inferior to host-based access control

 Hewlett-Packard Company	   - 10 -	 HP-UX 10.*, 11.* March 1998

 Xhp(1)								      Xhp(1)

      mechanisms in environments with unsecure networks as it allows any
      host to connect, given that it has discovered the private key.  But in
      many environments, this level of security is better than the host-
      based scheme as it allows access control per-user instead of per-host.

      In addition, the server provides support for a DES-based authorization
      scheme, XDM-AUTHORIZATION-1, which is more secure (given a secure key
      distribution mechanism), but as DES is not generally distributable,
      the implementation is missing routines to encrypt and decrypt the
      authorization data.  This authorization scheme can be used in
      conjunction with XDMCP's authentication scheme, XDM-AUTHENTICATION-1
      or in isolation.

      The authorization data is passed to the server in a private file named
      with the -auth command line option.  Each time the server is about to
      accept the first connection after a reset (or when the server is
      starting), it reads this file.  If this file contains any
      authorization records, the local host is not automatically allowed
      access to the server, and only clients which send one of the
      authorization records contained in the file in the connection setup
      information will be allowed access.  See the Xau manual page for a
      description of the binary format of this file.  Maintenance of this
      file, and distribution of its contents to remote sites for use there
      is left as an exercise for the reader.

      The sample server also uses a host-based access control list for
      deciding whether or not to accept connections from clients on a
      particular machine.  This list initially consists of the host on which
      the server is running as well as any machines listed in the file
      /etc/Xn.hosts, where n is the display number of the server.  Each line
      of the file should contain an Internet hostname (e.g.
      expo.lcs.mit.edu.)  There should be no leading or trailing spaces on
      any lines.  For example:


      Users can add or remove hosts from this list and enable or disable
      access control using the xhost command from the same machine as the
      server.  For example:

	      %	 xhost +janesworkstation
	      janesworkstation being added to access control list
	      %	 xhost +
	      all hosts being allowed (access control disabled)
	      %	 xhost -
	      all hosts being restricted (access control enabled)
	      %	 xhost
	      access control enabled (only the following hosts are allowed)

 Hewlett-Packard Company	   - 11 -	 HP-UX 10.*, 11.* March 1998

 Xhp(1)								      Xhp(1)


      The X server attaches special meaning to the following signals:

      SIGHUP  This signal causes the server to close all existing
	      connections, free all resources, and restore all defaults.  It
	      is sent by the display manager (xdm or dtlogin) whenever the
	      main user's main application exits to force the server to
	      clean up and prepare for the next user.

      SIGTERM This signal causes the server to exit cleanly.

      SIGUSR1 This signal is used quite differently from either of the
	      above.  When the server starts, it checks to see if it has
	      inherited SIGUSR1 as SIG_IGN instead of the usual SIG_DFL.  In
	      this case, the server sends a SIGUSR1 to its parent process
	      after it has set up the various connection schemes.  Xdm uses
	      this feature to recognize when connecting to the server is

      Fonts are usually stored as individual files in directories.  The list
      of directories in which the server looks when trying to open a font is
      controlled by the font path.  Although most sites will choose to have
      the server start up with the appropriate font path (using the -fp
      option mentioned above), it can be overridden using the xset program.

      Font databases are created by running the mkfontdir or stmkdirs
      program in the directory containing the compiled versions of the fonts
      (mkfontdir) or font outlines (stmkdirs.) Whenever fonts are added to a
      directory, mkfontdir or stmkdirs should be rerun so that the server
      can find the new fonts.  If mkfontdir or stmkdirs is not run, the
      server will not be able to find any of the new fonts in the directory.

      In addition, the X server supports font servers.	A font server is a
      networked program that supplies fonts to X servers and other capable
      programs.	 In order to communicate with a font server, the font
      servers address must be supplied as part of the X server's font path.
      A font server's address is specified as
      where transport is always tcp, hostname is the hostname of the machine
      being connected to (no hostname means a local connection) and port-
      number is the tcp address that the font server is listening at
      (typically 7000.)

      Too numerous to list them all.  If run from DE, errors are logged in
      the file /var/dt/Xerrors,

 Hewlett-Packard Company	   - 12 -	 HP-UX 10.*, 11.* March 1998

 Xhp(1)								      Xhp(1)

      /etc/inittab		    Script for the init process

      /etc/gettydefs		    Speed and terminal settings used by

      /etc/X*.hosts		    Initial access control list

      /usr/lib/X11/fonts	    Top level font directory

      /usr/lib/X11/rgb.txt	    Color database

      /usr/lib/X11/rgb.pag	    Color database

      /usr/lib/X11/rgb.dir	    Color database

      /usr/spool/sockets/X11/*	    IPC mechanism socket

      /var/dt/Xerrors		    Error log file

      /etc/X11/X*devices	    Input devices used by the server.  This
				    file contains many example

      /etc/X11/X*screens	    Screens used by the server.	 This file
				    contains many example configurations.

      /etc/X11/X*pointerkeys	    Keyboard pointer device file.  This file
				    contains many example configurations.

      /etc/X11/XHPkeymaps	    Key device database used by the X

      /etc/X11/SecurityPolicy	    Default Security Policy file used by the
				    X server.

				    These files are created if the -fbdir
				    option is given. They are the memory
				    mapped file containing screen n's
				    framebuffer memory, one file per screen.
				    Each file is in xwd format.	 Thus,
				    taking a full-screen snapshot can be
				    done with a file copy command, and the
				    resulting snapshot will even contain the
				    cursor image.

      The option syntax is inconsistent between itself and xset(1).

 Hewlett-Packard Company	   - 13 -	 HP-UX 10.*, 11.* March 1998

 Xhp(1)								      Xhp(1)

      The acceleration option should take a numerator and a denominator like
      the protocol.

      The color database is missing a large number of colors.  However,
      there doesn't seem to be a better one available that can generate RGB

      Copyright 1996, 1998  The Open Group Copyright 1984, 1985, 1986, 1987,
      1988, 1989, 1990, 1991, 1992 Massachusetts Institute of Technology.
      Copyright 1992 Hewlett Packard Company.
      See X(1) for a full statement of rights and permissions.

      MIT Distribution

      Xserver(1), Xf86(1), dtlogin(1), bdftopcf(1), fs(1), getty(1M),
      gettydefs(4), gwindstop(1), hpterm(1), init(1M), inittab(4),
      mkfontdir(1), rgb(1), stmkdirs(1), x11start(1), xauth(1) xclock(1),
      xfd(1), xhost(1), xinit(1), xinitcolormap(1), xload(1), xmodmap(1),
      xrefresh(1), xseethru(1), xset(1), xsetroot(1), xterm(1), xwcreate(1),
      xwd(1), xwdestroy(1), xwininfo(1), xwud(1)

 Hewlett-Packard Company	   - 14 -	 HP-UX 10.*, 11.* March 1998