# VNC Remote Access ## VNC Container ### VNC RBAC # vncRBAC.sh The vncRBAC.sh script embeded in the vncserver container is used to determine if any vnc connection should be granted by the vncserver, and determines the connection mode, i.e. read only or read write. On every connection attempt, vncserver will call the vnc RBAC executable, setting some environment variables relating to the connection attempt. The vncRBAC script will read the environment variables and make a decision on which connections to allow. The `RFB_CLIENT_IP` env var is set by vncserver to the client ip address. During normal Edge UI connections, this will be set to a specific loopback address, chosen to indicate the connect mode which has been authorized for the connection. Expected IP Addresses: | IP Address | Meaning | | ------------------ | ------------------------------------------------------------------------------------------------------- | | 127.0.0.1 | nginx received an unexpected connect mode parameter | | 127.0.0.2 | nginx received a read-write connect mode parameter | | 127.0.0.3 | nginx received a read only connect mode parameter | | `` | (i.e. a non-loopback address) Direct connection to the vncserver port, indicating direct vnc connection | Exit Code Meaning: | Exit Code | Purpose | | --------- | ----------------- | | 0 | Full Access | | 1 | Reject Connection | | 3 | View Only Access | | Other | Reject Connection | #### Links 1. https://linux.die.net/man/1/x11vnc#:~:text=accept%20string,afteraccept%20string 2. https://github.com/LibVNC/x11vnc/blob/master/doc/FAQ.md#q-46-can-i-prompt-the-user-at-the-local-x-display-whether-the-incoming-vnc-client-should-be-accepted-or-not-can-i-decide-to-make-some-clients-view-only-how-about-running-an-arbitrary-program-to-make-the-decisions