Description of problem:

Enabling the Xorg backend is more difficult than it needs to be.

This version of xrdp ships with the Xorg backend stanza commented out in /etc/xrdp/xrdp.ini.

The user enables the Xorg backend by :-

- uncommenting the stanza
- installing xorgxrdp.
- (on EL8) editing /etc/xrdp/sesman.ini and changing this line:-

param=Xorg

to:-

param=/usr/libexec/Xorg

This last of these is not an obvious step.

If the last step is not done, the executable /usr/bin/Xorg is executed instead, which chains to /usr/libexec/Xorg.wrap. By default this fails, as the user is not running on the console.

Some xrdp users are addressing this by creating /etc/X11/Xwrapper.config and setting 'allowed_users=anybody', which is lowering the overall security of their systems. See for example https://github.com/neutrinolabs/xrdp/issues/1772


This is a request to update the xrdp RPM to incorporate the sesman.ini change, so as not to confuse new users more than necessary.

This can be done by appending these lines to xrdp-0.9.9-sesman.patch:-

------
@@ -94,7 +94,7 @@
 ; CentOS 7              :  param=/usr/bin/Xorg or param=Xorg
 ; CentOS 8              :  param=/usr/libexec/Xorg
 ;
-param=Xorg
+param=/usr/libexec/Xorg
 ; Leave the rest paramaters as-is unless you understand what will happen.
 param=-config
 param=xrdp/xorg.conf
------

Version-Release number of selected component (if applicable): 0.9.14-3


How reproducible:


Steps to Reproduce:
1. Install xrdp, xrdp-selinux, xorgxrdp RPMs
2. Uncomment the [Xorg] stanza in /etc/srdp/xrdp.ini
3. Start the xrdp and xrdp-sesman services
4. Attempt to connect to the machine remotely

Actual results:
Blue screen, and no connection

Expected results:
Session starts

Additional info:
I'm one of the maintainers of the XRDP project. Implementing this change will reduce the footfall on our github issues page.