tigervncsession 服务无法启动,删除密码文件

tag-icon tag-icon vnc
tigervncsession 服务无法启动,删除密码文件

在 Ubuntu 22.04 上,我使用 TigerVNC(通过tigervnc-standalone-server软件包)为无头服务器提供远程桌面访问。

对于一个用户,tigervncserver服务退出时没有出现任何诊断消息:

$ sudo systemctl restart tigervncserver@:2
$ sudo systemctl status tigervncserver@:2
○ tigervncserver@:2.service - Remote desktop service (VNC)
     Loaded: loaded (/lib/systemd/system/[email protected]; disabled; vendor preset: enabled)
     Active: inactive (dead)

Jul 14 18:31:53 myserver systemd[1]: Starting Remote desktop service (VNC)...
Jul 14 18:31:53 myserver tigervncsession[14835]: pam_unix(tigervnc:session): session opened for user user2(uid=1002) by (uid=0)
Jul 14 18:31:53 myserver systemd[1]: Started Remote desktop service (VNC).
Jul 14 18:31:53 myserver tigervncsession[14835]: tigervncsession: tigervncserver exited with status=1
Jul 14 18:31:53 myserver tigervncsession[14835]: pam_unix(tigervnc:session): session closed for user user2
Jul 14 18:31:53 myserver systemd[1]: tigervncserver@:2.service: Deactivated successfully.

即使tigervncserver以状态 1 退出,整体服务也不会显示为失败。

在中~user2/.vnc/hostname:2.log,它看起来像是在要求输入密码,但由于它作为服务运行并且无法接收输入,因此失败:

You will require a password to access your desktops.

getpassword error: Inappropriate ioctl for device
Password:

有一个~user2/.vnc/passwd文件,但奇怪的是,当服务尝试启动时它被删除了:

[pid 15789] unlink("/home/user2/.vnc/passwd") = 0
[pid 15789] write(1, "\nYou will require a password to "..., 55) = 55

答案1

该行为实现于/usr/share/perl5/TigerVNC/Wrapper.pm

# Make sure the user has a password.
sub CreateVNCPasswd {
  my ( $options ) = @_;

  my $passwordArgSpecified =
    ($options->{'src'}{'vncPasswdFile'}//"undef") eq "cmdline";

  # Check whether VNC authentication is enabled, and if so, prompt the user to
  # create a VNC password if they don't already have one.
  return if !$options->{'vncAuthEnabled'} || $passwordArgSpecified;
  my $vncPasswdFile = $options->{'vncPasswdFile'};
  my $st = stat($vncPasswdFile);

  if (!defined($st) || ($st->mode & 077)) {
    print "\nYou will require a password to access your desktops.\n\n";
    unless (unlink($vncPasswdFile) || $! == ENOENT) {
      print STDERR "Can't remove old vnc passwd file '$vncPasswdFile': $!!\n";
      exit 1;
    }
    system(getCommand("tigervncpasswd"), $vncPasswdFile);
    exit 1 if (($? >> 8) != 0);
  }
}

罪魁祸首是检查$st->mode & 077密码文件是否为所有者以外的任何人设置了任何权限位 - 即密码不安全地存储在磁盘上。

因为我使用以下方式创建密码文件:

echo "$PASSWORD" | tigervncpasswd -f > ~/.vnc/passwd

该文件的默认权限为-rw-rw-r--。我们可以创建具有以下权限的文件-rw------

SAVED_UMASK=$(umask)
umask 177  # Limit permissions to -rw------
echo "$PASSWORD" | tigervncpasswd -f > ~/.vnc/passwd
umask "$SAVED_UMASK"

要不就chmod 600 ~/.vnc/passwd

相关内容