-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Building on Debian (or Ubuntu, etc)
These are steps for building and configuring xrdp 0.10.x and xorgxrdp 0.10.x, on Debian and derivatives, including Ubuntu.
These instructions assume you will want to configure the xrdp daemon to run as an unprivileged user. This feature is available for xrdp version v0.10.2 and later.
xrdp can use one of these backends:
-
xorgxrdp: use the existingXorginstallation and add a modulexorgxrdpfor providing modules for RDP suppport -
Xvnc: a VNC server with X11 support
The preferred backend is xorgxrdp.
This configuration only activates the Xorg backend, so when connecting with a RDP client, be sure to use this session type.
You must install at least one of these backends!
Check https://github.com/neutrinolabs/xrdp/releases/latest to find the latest version. We use 0.10.3 as an example here.
XRDP_VERSION=0.10.3
XRDP_SRC_DIR="${PWD}"/xrdp
wget https://github.com/neutrinolabs/xrdp/releases/download/v${XRDP_VERSION}/xrdp-${XRDP_VERSION}.tar.gz
tar xvzf xrdp-${XRDP_VERSION}.tar.gz
mv xrdp-${XRDP_VERSION} "${XRDP_SRC_DIR}" ; # renaming to make the other steps clearer
cd "${XRDP_SRC_DIR}"Alternatively, clone the git repository if you need the devel branch: git clone https://github.com/neutrinolabs/xrdp.git.
We have a script which we use to install xrdp dependencies when we test xrdp using continuous integration (CI). Installing dependencies with this script is the easiest way to get all dependencies installed.
If you did NOT clone the git repository to get the sources, you will need to fetch the script directory from Github. Do that with these commands:-
wget https://raw.githubusercontent.com/neutrinolabs/xrdp/refs/tags/v${XRDP_VERSION}/scripts/install_xrdp_build_dependencies_with_apt.sh
chmod +x install_xrdp_build_dependencies_with_apt.sh
sudo ./install_xrdp_build_dependencies_with_apt.sh maxIf you cloned the git repository to get the sources, the script is already present. Use this command to install the dependencies:-
sudo ./scripts/install_xrdp_build_dependencies_with_apt.sh maxThis script is only regularly tested on Github's latest x86_64 CI version of Ubuntu, but should work on other systems. If it doesn't feel free to raise an issue and we can discuss it.
Note: adapt the configure line below to activate your needed features:
./bootstrap
./configure --with-systemdsystemunitdir=/usr/lib/systemd/system \
--enable-ibus --enable-ipv6 --enable-jpeg --enable-fuse --enable-mp3lame \
--enable-fdkaac --enable-opus --enable-rfxcodec --enable-painter \
--enable-pixman --enable-utmp -with-imlib2 --with-freetype2 \
--enable-tests --enable-x264 --enable-openh264 --enable-vsock
makeIf you are building on a Debian-based distro which does not use systemd (e.g. Devuan), please omit the --with-systemdsystemunitdir= option.
If you have xrdp installed from a debian/ubuntu package, remove it first with sudo apt purge xrdp.
sudo make install
sudo ln -s /usr/local/sbin/xrdp{,-sesman} /usr/sbinsudo adduser --system --group --no-create-home --disabled-password --disabled-login --home /run/xrdp xrdp
Edit /etc/xrdp/xrdp.ini, and uncomment these lines:-
runtime_user=xrdp
runtime_group=xrdp
Edit /etc/xrdp/sesman.ini and uncomment this line:-
SessionSockdirGroup=xrdp
Then:-
sudo chmod 640 /etc/xrdp/rsakeys.ini
sudo chown root:xrdp /etc/xrdp/rsakeys.ini
If you know what you are doing, generate an X.509 certificate and private key in /etc/xrdp/cert.pem and /etc/xrdp/key.pem. Both the certificate and key must be readable by the xrdp group.
If you're happy to use the standard Debian self-signed snakeoil certificate:-
# Generate the certificate and key
sudo make-ssl-cert generate-default-snakeoil
# Link the certificate into the xrdp config
sudo ln -sf /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/xrdp/cert.pem
# Link the private key into the xrdp config
sudo ln -sf /etc/ssl/private/ssl-cert-snakeoil.key /etc/xrdp/key.pem
# Make sure xrdp can read the private key
sudo usermod -a -G ssl-cert xrdp
This command checks all the file permissions are correct to run xrdp without root privilege:-
sudo /usr/local/share/xrdp/xrdp-chkpriv
Example output:-
Settings
- [xrdp.ini] runtime_user : xrdp
- [xrdp.ini] runtime_group : xrdp
- [xrdp.ini] certificate : /etc/xrdp/cert.pem
- [xrdp.ini] key_file : /etc/xrdp/key.pem
- [sesman.ini] SessionSockdirGroup : xrdp
[ OK ] runtime_user 'xrdp' appears to exist
[ OK ] runtime_group 'xrdp' appears to exist
[ OK ] xrdp.ini and sesman.ini agree on group ownership
[ OK ] /etc/xrdp/rsakeys.ini has correct permissions
[ OK ] /etc/xrdp/cert.pem is read-only for xrdp:xrdp
[ OK ] /etc/xrdp/key.pem is read-only for xrdp:xrdp
[ OK ] -Summary- Permissions appear to be correct to run xrdp unprivileged
If any lines are tagged with [ NG ] rather than [ OK ], investigate and correct the errors.
sudo systemctl enable --now xrdp xrdp-sesmanCheck https://github.com/neutrinolabs/xorgxrdp/releases/latest to find the version of xorgxrdp which works with your version of xrdp.
XORG_XRDP_SRC_DIR="${PWD}"/xorgxrdp
wget https://github.com/neutrinolabs/xorgxrdp/releases/download/v0.10.4/xorgxrdp-0.10.4.tar.gz
tar xvzf xorgxrdp-0.10.4.tar.gz
mv xorgxrdp-0.10.4 xorgxrdp # renaming to make the other steps clearerAlternatively, clone the git repository if you need the devel branch: git clone https://github.com/neutrinolabs/xorgxrdp.git.
cd "${XORG_XRDP_SRC_DIR}"
sudo scripts/install_xorgxrdp_build_dependencies_with_apt.sh
./bootstrap
./configure --enable-glamor
make
sudo make installEdit /etc/xrdp/sesman.ini. Look for the line param=Xorg and replace it with the line param=/usr/lib/xorg/Xorg. The comments in the file should hopefully make this clear.