Chapter 4

Graphical Desktops
Introduction
● To meet the need for application productivity, many distributions also come
with a graphical user interface (GUI).

● The graphics themselves are built upon several layers:

○ a display server
○ a display manager
○ a window manager
○ a desktop environment
Introduction
● The output of the pstree command, shows that the display manager
in the following example is Xorg, the display manager is lightdm,
and the desktop environment is Cinnamon:
sysadmin@localhost:~$ pstree | grep dm
|-lightdm-+-Xorg---{Xorg}
| |-lightdm-+-cinnamon-sessio-+-applet.py---{applet.py}
| | `-2*[{lightdm}]
| `-2*[{lightdm}]
Desktop Environments
● Gnome:
● The GNOME Desktop is one of the most popular Desktop Environments
that runs on the Linux Operating System and provides a GUI (Graphical
User Interface).

● The Gnome desktop and its derivatives are the default desktop for
some of the world’s most popular Linux distributions:
○ Debian
○ Fedora
○ Ubuntu
○ Mint
Desktop Environments
● Gnome is a fully-featured desktop environment which offers
amenities such as:
● Window transparency
● Animation
● Window snapping

● Gnome components are developed in many languages, with

the GTK (Gnome Tool Kit) used for widgets.
Desktop Environments

Gnome 3
Desktop Environments
● KDE:
● KDE is a wordplay on the UNIX-based CDE (Common Desktop
Environment).

● Has been in constant development since 1996.

● Has a very rich suite of programs and applications.

● Mostly written in C++ and Qt (pronounced “cute”).

Desktop Environments

KDE
Desktop Environments
● Xfce:
● Xfce is a lightweight desktop environment.

● The advantages of using Xfce are load time and responsiveness.

● The disadvantages are graphical effects and transparency.

● Ideal for older computers with less RAM and slower video cards, and
those who value performance.
Desktop Environments

Xfce
Installing the Desktop Environment
● The desktop environment and applications are typically installed together.

● Distributions make a meta-package, or group of packages, to accomplish

this task.

● Debian-based distributions use the gnome-session package.

● A meta-package containing the full suite of GNOME applications and

components.
Installing the Desktop Environment
● For example, To install the X Windows System and the GNOME desktop
environment on a Debian-based system that didn't have X Windows
previously installed:
sysadmin@localhost:~$ sudo apt-get install xserver-xorg gnome-session

● To install the X Windows System and the KDE desktop environment on a

Debian-based distribution, execute the following command:
sysadmin@localhost:~$ sudo apt-get install xserver-xorg kde-standard
Installing the Desktop Environment
● For Red Hat-derived distributions, there is a package group for the GNOME
desktop environment:
sysadmin@localhost:~$ sudo apt-get install xserver-xorg gnome-session

● To install the package group for the KDE desktop environment on a Red Hat-
derived distribution:
sysadmin@localhost:~$ sudo apt-get install xserver-xorg kde-standard
Desktop Localization
● A localization package related to the desktop environment can be installed
for different languages.

● For example, the K Desktop Environment has packages for non-English

speakers.

● The Debian-derived KDE package name for languages follows the form kde-
i18n-locale-code (i.e., Spanish is kde-i18n-sp).

● For Red Hat-derived distributions, the KDE localization package name

follows the form of kde-i18n-locale (i.e., Spanish is kde-i18n-Spanish).
Desktop Localization
● The localepurge tool sysadmin@localhost:~$ apt install localepurge;
dpkg-reconfigure localepurge
can be used to remove
localization files.

● The terminal will turn

blue, revealing a
pseudo-graphical
interface.
Remote Desktop Environments
● Sending graphics over a network connection is referred to as X11-Forwarding.

● Xorg was was forked from the X11 project many years ago.

● Xorg can pipe graphics using the ssh protocol.

● First, install ssh:

● Install open-ssh service on Debian to get remote graphics working:

root@localhost:~# apt install openssh-server

● For Red Hat:

root@localhost:~# dnf install openssh-server
Remote Desktop Environments
● Next, verify that an ssh connection can be made:
root@localhost:~# ssh [email protected]

● Once connectivity has been established, invoke graphical programs with

the DISPLAY variable:
root@localhost:~# DISPLAY=:0 gnome-calculator

● The graphics will appear on the remote server (not the client).

● To view graphical programs on both remote server and client, use the –X option:
root@localhost:~# ssh -X [email protected]
Using a Remote X Server
● X server allows you to run a GUI-based program on one system and have its
output displayed on another system.

● For example, to permit connections on your local system from two systems:
● one with a resolvable hostname server1

● the other with an IP address of 192.168.20.30

root@localhost:~# xhost +server1 +192.168.20.30

server1 being added to access control list
192.168.20.30 being added to access control list
Using a Remote X Server
● To restrict access to the X server for server1, remove the host:
root@localhost:~# xhost –server1
server1 being removed from access control list

● To verify which hosts are currently allowed:

root@localhost:~# xhost
access control enabled, only authorized clients can connect
INET:192.168.20.30
SI:localuser:root
Using a Remote X Server
● The syntax for the output of the previous xhost command includes
● Family name

● System name

family:name

● For example, INET:192.168.20.30 means an internet host (IPv4) of

192.168.20.30.
Connecting to a Remote Display
1. Permit X connections from a remote host back to the originating X server by adding
the host with the xhost command.
root@localhost:~# xhost +centos

2. Make the connection to the remote host with the ssh or telnet command:
root@localhost:~# ssh centos

3. Set the DISPLAY environment variable. To set the DISPLAY variable

manually:
root@localhost:~# export DISPLAY=”server1.test:0.0”
Connecting to a Remote Display
4. The final step is to execute any graphical application to verify that an X
client would be able to connect back to the X server where the ssh session
originated.
a) For example, to execute a simple application that will display an analog clock:
root@localhost:~# xclock

b) If a graphical clock appears on the remote X system (server1), then it is

working;

c) If there is a problem, output appears like below:

Error: Can't open display: localhost.localdomain:0.0
XDMCP
● XDMCP is a protocol built into Xorg, used to share a remote screen.

● Unlike X11-Forwarding, the XDMCP protocol is not encrypted.

● To use XDMCP, settings need to be added in the display manager:

[XDMCPServer]
enabled=true
[security]
DisallowTCP=false

● After adding above lines to configuration file and restarting the display server, use
netstat or ss command to verify XDMCP is running:
root@localhost:~# ss -tunl | grep 177
udp UNCONN 0 0 0.0.0.0:177 0.0.0.0:*
Virtual Network Computing (VNC)
● VNC is an open source, platform-independent graphical desktop sharing
program

● VNC uses the Remote Frame Buffer protocol to transmit graphics across a
network to a remote host.

● Variants of VNC include:

○ RealVNC
○ Remmina
○ Remotely
○ TigerVNC
○ TightVNC
Virtual Network Computing (VNC)
● The shared desktop can be accessed from the client using either the IP
address or the hostname of the server.
root@localhost:~# xvnc4viewer 192.168.0.9:1

● The above command allows for the desktop (of the machine hosting the VNC
server) to be seen and manipulated by the client.

● K Remote Frame Buffer (krfb) and K Remote Desktop Client (krdc) are the
server and client programs.
Virtual Network Computing (VNC)
● K Remote Frame Buffer (krfb)
and K Remote Desktop Client
(krdc) are the server and
client programs.

● When a client attempts to

connect, a window pops up,
allowing the user to choose
whether to share control
using the keyboard and
mouse.

● Once the server accepts the

client connection, the client
can view or control the
desktop.
Spice
● Spice is an open source guest, server, protocol, and client.
○ Guest: The interface to a kernel virtual machine (KVM)

○ Server: Interfaces to the virtual machine are provided using a virtual device interface (VDI).

○ Protocol: Allows streams to be passed from the guest through the server to the client.

○ Client: Allows users to access a remote system by using a remote viewer (virt-viewer).
Clients that support spice, include:
■ spice-client
■ remmina
■ spice-html5
Remote Desktop Protocol
● RDP is a proprietary protocol developed by Microsoft™ for use with its
Remote Desktop Connection© software included with Windows©.

● To interface with Windows systems, Linux systems can use various clients,
such as rdesktop and xfreerdp.

● To use the rdesktop client in a Debian-based distribution, use the apt

install rdesktop command and for RedHat, use the dnf install
rdesktop command.
Remote Desktop Protocol
● Use the username and IP address of the Windows system to connect to:
root@localhost:~# rdesktop -u USER 192.168.0.1
Autoselected keyboard map en-us
Connection established using plain RDP.
Remote Desktop Protocol
● Normally, an RDP client would connect to a Windows server, but a
compatible program called xrdp is available to use as a server.

● The configuration file for xrdp is located at /etc/xrdp/xrdp.ini.

● To verify the xrdp service is running:

root@localhost:~# systemctl status xrdp.service
● xrdp.service - xrdp daemon
Loaded: loaded (/lib/systemd/system/xrdp.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-01-07 17:21:16 EST; 15min ago
< Output Omitted >

Jan 07 17:21:17 computer xrdp[6236]: (6236)(140149882738496)[INFO ] listening to port 3389 on 0.0.0.0

○ Note: Even if running, the IP address or port may not be open for the xrdp server to listen
for a connection. This could be due to the /etc/xrdp/xrdp.ini file or a firewall rule.
Remote Desktop Protocol
● To ensure that the firewall allows a port through (i.e. TCP port 3389):
root@localhost:~# ufw allow 3389/tcp

● Also, for increased security, limit RDP access to a specific client or subnet of
clients by using the from and to descriptors:
root@localhost:~# ufw allow from 192.168.0.0/24 to any port 3389