sysvint (Original Method)

The sysvinit method works for RHEL and it’s clones (Oracle Linux and CentOS) up to and including RHEL6. It also works for Fedora up to and including Fedora 15. Although Fedora 15 includes systemd, the VNC server configuration is unchanged, so you should still use this method.

Install the VNC Server.

# yum install tigervnc-server

Edit the “/etc/sysconfig/vncservers” file to configure the required displays. The following entries enable VNC for display numbers “:2” and “:3”. Notice multiple “display:user” pairs are defined on a single line, but the arguments for each display are defined separately.

VNCSERVERS="2:root 3:oracle"
VNCSERVERARGS[2]="-geometry 1280x1024 -nolisten tcp -localhost"
VNCSERVERARGS[3]="-geometry 1280x1024"

Set the VNC password for any users defined in the “/etc/sysconfig/vncservers” file.

# vncpasswd
Password:
Verify:
#

# su - oracle
$ vncpasswd
Password:
Verify:
$ exit
logout
#

Enable the “vncserver” service for autostart and start the service.

# chkconfig vncserver on
# service vncserver start

You should now be able to use a VNC viewer to connect to system using the display numbers and passwords defined.

Use the following commands to stop the service and disable autostart.

# service vncserver stop
# chkconfig vncserver off

systemd (New Method)

The systemd method works for Fedora 16 and above. Although Fedora 15 uses systemd, the VNC server configuration is unchanged so you still use the previous configuration method.

Install the VNC Server.

# yum install tigervnc-server

Create a new configuration file for each of the display numbers you want to enable. In the following case, I am setting up the display number “:3”. Notice how the display number is included in the configuration file name.

# cp /lib/systemd/system/[email protected] /lib/systemd/system/[email protected]:3.service

Edit the new configuration file, amending the user and startup arguments as necessary. An example of the changed lines is shown below. All other lines should be unmodified.

User=oracle
ExecStart=/usr/bin/vncserver %i -geometry 1280x1024

Run the following command.

# systemctl daemon-reload

Set the VNC password for the user defined in the new configuration file.

# su - oracle
$ vncpasswd
Password:
Verify:
$ exit
logout
#

Enable the service for autostart and start the service.

# systemctl enable [email protected]:3.service
# systemctl start [email protected]:3.service

You should now be able to use a VNC viewer to connect to system using the display number and password defined.

Use the following commands to stop the service and disable autostart.

# systemctl stop [email protected]:3.service
# systemctl disable [email protected]:3.service

By default, the VNC server runs the user’s default desktop environment. This is controlled by the VNC user’s $HOME/.vnc/xstartup file, which is created automatically when the VNC desktop service is started.

If you did not install a desktop environment when you installed the system (for example because you selected Minimal Install as the base environment), you can install one with the following command:

# yum groupinstall "server with gui"

When the installation is complete, use the systemctl get-default command to check that the default system state is multi-user.target (multi-user command-line environment). Use the systemctl set-default command reset the default system state or to change it to the graphical.target (multi-user graphical environment) if you prefer.

The $HOME/.vnc/xstartup file is a shell script that specifies the X applications to run when the VNC desktop is started. For example, to run a KDE Plasma Workspace, you could edit the file as follows:

#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
#exec /etc/X11/xinit/xinitrc
startkde &

If you make any changes to a user’s $HOME/.vnc/xstartup file, you must restart the VNC desktop for the changes to take effect:

# systemctl restart [email protected]:3.service

Firewall

If users will access the VNC desktops directly, you must open the required port for each desktop. The required ports can be calculated by adding the VNC desktop service display number to 5900 (the default VNC server port). So if the display number is 1, the required port is 5901 and if the display number is 67, the required port is 5967.

To open ports 5900 to 5903, you can use the following commands:

# firewall-cmd --zone=zone --add-service=vnc-server
# firewall-cmd --zone=zone --add-service=vnc-server --permanent

To open additional ports, for example port 5967, use the following commands:

# firewall-cmd --zone=zone --add-port=5967/tcp # firewall-cmd --zone=zone --add-port=5967/tcp --permanent