Step-by-Step Tutorial: Install and configure vnc server RHEL/CentOS 7

In this article I will show you the step by step guide to install and configure vnc server in RHEL/CentOS 7 Linux. In CentOS 7 and RHEL 7 by default we use TigerVNC (Tiger Virtual Network Computing) to as the VNC Server. So we will use tigervnc to install and configure vnc server in RHEL/CentOS 7
Step-by-Step Tutorial: Guide to configure tigervnc server in Linux
TigerVNC is a system for graphical desktop sharing which allows you to remotely control other computers and works on the client-server principle. A server shares its output (vncserver) and a client (vncviewer) connects to the server to view the output.
I have verified the steps of this article to install and configure vnc server on CentOS 7 so I am sure the same steps should work on RHEL 7 also, please do let me know if you face any issues using the comment section
 

What is a vncserver?

vncserver is a utility which starts a VNC (Virtual Network Computing) desktop. It runs Xvnc with appropriate options and starts a window manager on the VNC desktop. vncserver allows users to run separate sessions in parallel on a machine so that any number of clients can access the node from anywhere.
For VNC to be useful, it also requires that the X Windows System is installed along with a window manager.

 

Install and Configure vnc server on CentOS 7

We recommend to use yum for installing the rpms, or else if you do not have an active internet connection then you can always use your CentOS/RHEL DVD to get the packages and perform the installation.
Since for us we have an active internet connection we will use yum to install the rpms to install and configure vnc server on CentOS 7.

# yum -y install tigervnc tigervnc-server

 

How to Configure TigerVNC server?

To start with the steps to install and configure vnc server on CentOS 7, we would need a configuration file. By default we will get a sample configuration file from tigervnc-server rpm as shown below

# rpm -ql tigervnc-server-1.8.0-5.el7.x86_64
/etc/sysconfig/vncservers
/usr/bin/vncserver
/usr/bin/x0vncserver
/usr/lib/systemd/system/vncserver@.service
/usr/lib/systemd/system/xvnc.socket
/usr/lib/systemd/system/xvnc@.service
/usr/share/man/man1/vncserver.1.gz
/usr/share/man/man1/x0vncserver.1.gz

In this example we will create vncservice for root and a normal user deepak. For this we will copy the default configuration file to below location with two different display number

# cp /usr/lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service
# cp /usr/lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:2.service

Here vncserver@:1.service will act as a configuration file for root user and vncserver@:2.service will be used for deepak user.

IMPORTANT NOTE:

The steps to configure vnc server has changed in RHEL 7.8 and higher releases. If you are using CentOS then the minor version may vary so look out for the sample configuration file in the below methods and choose the one matching your sample configuration file.

 

Method 1

I have this service unit file from tigervnc-server-1.8.0-5.el7.x86_64 version of rpm. Edit the /etc/systemd/system/vncserver@:1.service file with text editor and replace the string USER with appropriate vncuser’s username. In this example the user will be root

# vim /etc/systemd/system/vncserver@:1.service
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking

# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/sbin/runuser -l root -c "/usr/bin/vncserver %i"
PIDFile=/root/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target
NOTE:

If the user is root, change the path in PIDFile line to /root/.vnc/%H%i.pid

Next similarly to install and configure vnc server on CentOS 7 for normal user, we will modify the other configuration file for "deepak" user

# vim /etc/systemd/system/vncserver@:2.service
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking

# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/sbin/runuser -l deepak -c "/usr/bin/vncserver %i"
PIDFile=/home/deepak/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target
IMPORTANT NOTE:

Make sure to change the path for PIDFile with the home path of the user i.e. /home/deepak/.vnc/%H%i.pid, if the home path of the user is /export/home then the path should be /export/home/deepak/.vnc/%H%i.pid

To make the changes take effect immediately, issue the following command:

# systemctl daemon-reload

 

Method 2

In this method we don't have any special handling for root and normal user to be able to use vnc server. I have this unit file with tigervnc-server-1.8.0-19.el7.x86_64 version rpm from CentOS 7.7. Below is a sample unit file for vncserver service. Here replace <USER> with the username for which you wish to configure vnc server.

[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=simple

# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver_wrapper <USER> %i
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

In this example I have replaced <USER> with deepak.

[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=simple

# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver_wrapper deepak %i
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

Here changing the path in PIDFile line to /root/.vnc/%H%i.pid is not required. Aside from the <USER> replacement, do not replace the rest of the unit text.

Next to activate the changes reload the systemd daemon.

# systemctl daemon-reload

 

Assign vnc password to the user

Set the password for the user or users defined in the configuration file.

# vncpasswd
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
NOTE:

To assign password to a normal user, you must first log in as "root" and then switch user
# su - deepak
$ vncpasswd
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
IMPORTANT NOTE:

The stored password is not encrypted; anyone who has access to the password file can find the plain-text password.

 

Start the vncserver service

Next to complete the steps to install and configure vnc server we must start the vnc server service. To start or enable the service, specify the display number directly in the command. The file configured above works as a template, in which %i is substituted with the display number by systemd.

# systemctl enable vncserver@:1.service
Created symlink from /etc/systemd/system/multi-user.target.wants/vncserver@:1.service to /etc/systemd/system/vncserver@:1.service.

# systemctl enable vncserver@:2.service
Created symlink from /etc/systemd/system/multi-user.target.wants/vncserver@:2.service to /etc/systemd/system/vncserver@:2.service.

Let us start the vncservice for user "root"

# systemctl start vncserver@:1.service

# systemctl status vncserver@:1.service
● vncserver@:1.service - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2018-09-22 23:18:57 IST; 2min 17s ago
Process: 10897 ExecStart=/usr/sbin/runuser -l root -c /usr/bin/vncserver %i (code=exited, status=0/SUCCESS)
Process: 10892 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
Main PID: 10934 (Xvnc)
CGroup: /system.slice/system-vncserver.slice/vncserver@:1.service
‣ 10934 /usr/bin/Xvnc :1 -auth /root/.Xauthority -desktop openstack.example:1 (root) -fp catalogue:/etc/X11/fontpath.d -g...

Sep 22 23:18:54 openstack.example systemd[1]: Starting Remote desktop service (VNC)...
Sep 22 23:18:57 openstack.example systemd[1]: Started Remote desktop service (VNC).

Similarly start the vncservice for user "deepak"

# systemctl start vncserver@:2.service

# systemctl status vncserver@:2.service
● vncserver@:2.service - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/vncserver@:2.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2018-09-26 20:01:41 IST; 16min ago
Main PID: 27325 (Xvnc)
CGroup: /system.slice/system-vncserver.slice/vncserver@:2.service
‣ 27325 /usr/bin/Xvnc :2 -auth /home/deepak/.Xauthority -desktop openstack-test:2 (deepak) -fp catalogue:/etc/X11/fontpath.d -geometry 1024x768 -pn -rfbauth /home/deepak/.vnc/passwd -...

Sep 26 20:01:38 openstack-test systemd[1]: Starting Remote desktop service (VNC)...
Sep 26 20:01:41 openstack-test systemd[1]: Started Remote desktop service (VNC).
NOTE:

You may face below error while attempting to start the service
vncserver service failed because a configured resource limit was exceeded

 

Configure firewall

Run the firewall configuration tool and add TCP port 5950 to allow incoming connections to the system.

# firewall-cmd --permanent --zone=public --add-port=5950/tcp
success

# firewall-cmd --reload
success

 

Configuring Desktop Environment

The user specific configuration files of vnc resides in ‘.vnc’ directory in user’s home directory. (e.g. /home/username/.vnc/). Open .vnc/xstartup in your favourite editor and edit as below.
Restart vnc server service after making any changes in configuration file.
For Gnome
The ‘xstartup’ file should look like this

# cat ~/.vnc/xstartup

#!/bin/sh
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
vncconfig -iconic &
dbus-launch --exit-with-session gnome-session &

For KDE
The ‘xstartup’ file should look like this

# cat ~/.vnc/xstartup

#!/bin/sh
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
#vncconfig -iconic &
#dbus-launch --exit-with-session gnome-session &
startkde &

 

Terminating or stopping a VNC Session

Similarly to enabling the vncserver service, you can disable the automatic start of the service at system start:

# systemctl disable vncserver@:display_number.service

Or, when your system is running, you can stop the service by issuing the following command as root:

# systemctl stop vncserver@:display_number.service

 
I hope this step by step guide to install and configure vnc server on CentOS 7 and/or RHEL 7 Linux was useful for you, please let me know your feedback using the comment box below.
 

4 thoughts on “Step-by-Step Tutorial: Install and configure vnc server RHEL/CentOS 7”

  1. Hello! I have a problem when I set up vnc user accounts for any user other than root. The problem I am having is that whenever I try to start the vnc server service, I get the error "runuser: may not be used by non-root users". How can I start the non-root user vnc services?

    Reply
    • This is weird, have you followed this article to configure vnc or do you have a different configuration? I hope you have set vncpasswd using the respective user's shell? and check the password of this /home/someuser/.vnc/

      Reply
      • Hi, thanks for the reply. Yes I followed the steps as shown above exactly and set the password for each user using the user shell but the error is persistent.

        I am using CentOS 7 and the same error occurs on multiple hosts/VMs so it's not isolated... Any ideas as to how I might be able to fix that will be much appreciated, thank you very much.

        Reply
        • Hi Anil, based on your comment I tried to reproduce the error and looks like with newer tigervnc-server, the steps of configuration has changed. I have updated the article, please check if this fixes your issue.

          Reply

Leave a Comment

Please use shortcodes <pre class=comments>your code</pre> for syntax highlighting when adding code.