Summary: VNC, Solaris 7 and /tmp/.X11-unix

From: Paul E. Bloch (
Date: Fri May 12 2000 - 12:09:17 CDT

I received several replies. Most people make Xvnc SGID root. One
person made /tmp/.X11-unix world writeable. No one noted any security
concerns either way. Thanks for the replies.

I made mine SGID root. Since /tmp uses tmpfs in virtual memory, I
guess I'd need an /etc/rc script that set the permissions each time the system
boots. One person noted that /tmp/.X11-pipe potentially had the same permission

Replies from:

"Patrick L. Nolan" <>
"Matthew Stier" <>
Hanspeter Roth Bsag <>
Frank Velazquez <>

paul e. bloch, network administrator    phone:  +1 541 346 4451
department of computer science          email:          
1202 university of oregon               fax:    +1 541 346 5373
eugene OR 97403-1202 USA              

Original question posed on Wednesday, 10 May 2000:

We would like to use VNC in our Solaris 7 environment. The problem is that VNC wants to make a socket in /tmp/.X11-unix which isn't writeable by others.

drwxrwxr-x 2 root root 104 Apr 29 18:54 /tmp/.X11-unix/

There are a couple of relevant answers in the VNC FAQ <>:

Q12 I get errors like "failed to bind listener" and "Failed to establish all listening sockets" in the log file.

This is probably due to the permissions on /tmp/.X11-unix. You may well see this if you update to Solaris 2.7 or Redhat 6.0, for example. See the section below entitled "Why can I only run vncserver/ Xvnc as root?".

Q21 Why can I only run vncserver/Xvnc as root?

The most likely reason for this is that Xvnc can't create the unix domain socket (the path for this unix domain socket is usually /tmp/.X11-unix/Xn). Try making sure that users can write to this directory by making it world-writable, i.e.

chmod 01777 /tmp/.X11-unix

An alternative is to set the Xvnc binary to have the same permissions as your normal X server, but this may be more of a security risk.

This problem seems new to Solaris 7 (and exists on Solaris 8 as well). So what do I do? Make /tmp/.X11-unix writeable by others? Make vncserver SGID root? Why did Solaris 7 and (apparently) Redhat 6.0 make this more restrictive. Should I recompile VNCserver to us a different directory? Maybe /tmp/.vnc?

VNC Homepage: <>

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:08 CDT