Topics: Red Hat / Linux, System Admin

Multi-user VNC setup on RHEL 7.5

Here's how to set up VNC on Red Hat 7.5, combined with the Gnome desktop, Firefox and TigerVNC.

The goal is to install a Linux desktop, Firefox and TigerVNC on a system with just a base (minimal) Red Hat 7.5 install (without a desktop), and to set up the VNC service for 2 users, in this case for user root, and for user oracle. The VNC port to use for user root will be 5901, and it will be 5092 for user oracle.

Note: This procedure will also work on older RHEL 7 versions, like RHEL 7.2 through RHEL 7.4, with a few minor changes as there are a few differences between these RHEL releases. Please see below.

Install the GUI first (based on: https://access.redhat.com/solutions/5238):

# yum -y groupinstall "Server with GUI"
# yum install xterm xorg-x11-xinit
Install TigerVNC:
# yum -y install tigervnc tigervnc-server
There is no need to specifically install Firefox - it is installed as part of the GUI installation.

If here, you are not using RHEL 7.5, but an older version of RHEL 7, then please make sure to (at least) update the following packages to the latest available versions. These latest package versions are needed to make this work:
# yum -y update xterm xorg-x1-xinit tigervnc tigervnc-server
Start the GUI:
# systemctl set-default graphical.target
# systemctl start graphical.target
Configure VNC (based on https://access.redhat.com/solutions/966063):

Configure the VNC password for both root and user oracle (repeat for both users - log in as each user, and run the following command):
# vncpasswd
You will be asked if you would like to enter a view-only password. You may answer "n" for no.

Set up the VNC service on the system:

For user root:
# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service
Edit the new file, and replace all entries in the files of "<USER>" with "root"; ensure the home directory of user root is also set to /root, not /home/root.

For user oracle:
# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:2.service
Edit the new file, and replace all entries of "<USER>" with "oracle".

Edit the xstartup user file in ~root/.vnc/xstartup and ~oracle/.vnc/xstartup. Replace the contents of the xstartup file with this:
#!/bin/sh

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
  [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
  vncconfig -iconic &
  dbus-launch --exit-with-session gnome-session &
Note here: Create the xstartup file, if it does not exist. And make sure to enable the execution bit on the xstartup file, by running:
# chmod +x xstartup
If necessary, if the firewall is in use, add the ports in the firewall.

First check if the firewall daemon is running right now, and enabled at boot time:
# systemctl status firewalld
If so, then add the ports used by VNC to the firewall configuration:
# firewall-cmd --permanent --zone=public --add-port 5901/tcp
# firewall-cmd --permanent --zone=public --add-port 5902/tcp
# firewall-cmd --reload
Run the following command as changes were made to systemd files:
# systemctl daemon-reload
Enable and start the TigerVNC service:
# systemctl enable vncserver@:1.service
# systemctl enable vncserver@:2.service
# systemctl start vncserver@:1.service
# systemctl start vncserver@:2.service
If, at this point, when starting either VNC service, you get an error about not available resources, it may be that either VNC was already running, or that there are old VNC files in /tmp. In this case, first search for any running VNC processes:
# ps -ef | grep vnc
If any VNC processes are still running, then kill them, by using "kill -9". Then move over to the /tmp folder and clear out any old files used by VNC:
# cd /tmp
# rm -rf .X*
And then, try starting the VNC services again:
# systemctl start vncserver@:1.service
# systemctl start vncserver@:2.service
That should work. If so, then proceed with the next steps:

Check if the VNC services are listening on the ports 5901 and 5902:
# netstat -an | grep ::590
tcp        0      0 0.0.0.0:5901            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:5902            0.0.0.0:*               LISTEN
tcp6       0      0 :::5901                 :::*                    LISTEN
tcp6       0      0 :::5902                 :::*                    LISTEN
Now, it's time to test the VNC connections. A good way to test, without having to install a VNC client (usually requiring admin privileges on your Windows desktop), use realVNC VNC viewer, from https://www.realvnc.com/en/connect/download/viewer/windows/. In the dropdown list on this website, make sure to select the "Standalone" version that applies to your operating system version. The regular EXE file on this site is a VNC viewer that requires admin privileges on Windows to install. This "standalone" VNC viewer can be used without having to install any software, and does not require admin-level access on Windows.

Open the screen for user root, by typing the following string, assuming the IP address of the server is 172.29.126.210:
172.29.126.210:5901
And for user oracle:
172.29.126.210:5902
And type the password provided earlier through the vncpasswd command.

That's it. You should be presented with desktop screens for both users root and oracle, and you should be able to run Firefox within those desktops.



If you found this useful, here's more on the same topic(s) in our blog:


UNIX Health Check delivers software to scan Linux and AIX systems for potential issues. Run our software on your system, and receive a report in just a few minutes. UNIX Health Check is an automated check list. It will report on perfomance, capacity, stability and security issues. It will alert on configurations that can be improved per best practices, or items that should be improved per audit guidelines. A report will be generated in the format you wish, and the report includes the issues discovered and information on how to solve the issues as well.

Interested in learning more?