The log is always logged when clients are disconnecting even though
nothing unusual is happening. This scares users too much. Actually,
some users created a issue on GitHub with the following log. It will
lose focus from the real error.
> [ERROR] Listening socket is in wrong state, terminating listener
If you run xrdp with a Unix Domain Socket (UDS) for the port specified in
/etc/xrdp/xrdp.ini then only root can connect to it.
Test case:
1. Edit /etc/xrdp/xrdp.ini to set "port=/var/run/xrdp-local.socket".
2. Restart xrdp.
3. Run the following, as a non-root user.
socat TCP-LISTEN:12345 UNIX-CONNECT:/var/run/xrdp-local.socket &
rdesktop localhost:12345
Expected behaviour: rdesktop starts up and displays the logon dialog.
Observed behaviour: rdesktop exits with "ERROR: Connection closed" and
socat exits with "Permission denied". (But it suceeds if root runs
socat.)
UDS files are created by trans_listen_address() and given permissions
0660, so only root can connect to it. In this case, for the RDP client
connection, it it fine for any user to connect so it should be given
permissions 0666.
Note that this is only relevant when the port in /etc/xrdp/xrdp.ini has
been set to create a UDS instead of a TCP socket. When a TCP port is
created any user (including remote users, unless the loopback interface
is used) can connect so this is not less secure.
For xrdp-sesman, don't report that the daemon is listening to a port if
it fails to attach to that port. Don't use LOG_LEVEL_ALWAYS for startup
message, it's not a critical error.