1# VNC Remote Access
2
3## VNC Container
4
5### VNC RBAC
6
7# vncRBAC.sh
8
9The vncRBAC.sh script embeded in the vncserver container is used to determine if any vnc connection should be granted by the vncserver,
10and determines the connection mode, i.e. read only or read write.
11On every connection attempt, vncserver will call the vnc RBAC executable, setting some environment variables relating to the connection attempt.
12The vncRBAC script will read the environment variables and make a decision on which connections to allow.
13
14The `RFB_CLIENT_IP` env var is set by vncserver to the client ip address.
15During normal Edge UI connections,
16this will be set to a specific loopback address,
17chosen to indicate the connect mode which has been authorized for the connection.
18
19Expected IP Addresses:
20| IP Address | Meaning |
21| ------------------ | ------------------------------------------------------------------------------------------------------- |
22| 127.0.0.1 | nginx received an unexpected connect mode parameter |
23| 127.0.0.2 | nginx received a read-write connect mode parameter |
24| 127.0.0.3 | nginx received a read only connect mode parameter |
25| `<POD IP Address>` | (i.e. a non-loopback address) Direct connection to the vncserver port, indicating direct vnc connection |
26
27Exit Code Meaning:
28
29| Exit Code | Purpose |
30| --------- | ----------------- |
31| 0 | Full Access |
32| 1 | Reject Connection |
33| 3 | View Only Access |
34| Other | Reject Connection |
35
36
37#### Links
38
391. https://linux.die.net/man/1/x11vnc#:~:text=accept%20string,afteraccept%20string
402. https://github.com/LibVNC/x11vnc/blob/master/doc/FAQ.md#q-46-can-i-prompt-the-user-at-the-local-x-display-whether-the-incoming-vnc-client-should-be-accepted-or-not-can-i-decide-to-make-some-clients-view-only-how-about-running-an-arbitrary-program-to-make-the-decisions
View as plain text