xpra icon
Bug tracker and wiki

Opened 4 months ago

Closed 4 months ago

Last modified 2 weeks ago

#1476 closed defect (fixed)

proxy control socket permission error

Reported by: B Owned by: B
Priority: major Milestone: 2.1
Component: server Version: trunk
Keywords: Cc:



im trying to setup a working xpra proxy server. I followed https://xpra.org/trac/wiki/ProxyServer

im on 3x ubuntu 16.04 (proxyhost+targethost in docker containers and the client is a physical machine)

Xpra Version on all machines: v2.1-r15427

on the proxy server i start the proxy with:

xpra proxy :100 --bind-tcp= --auth=multifile:filename=/xpra-auth --no-daemon -d all
cat xpra-auth
cat /etc/passwd
nvidia-persistenced:x:106:109:NVIDIA Persistence Daemon,,,:/:/sbin/nologin

on the targethost

xpra start :11 --bind-tcp= --no-clipboard --no-pulseaudio --start-child="glxgears" --exit-with-child --no-printing --no-speaker --no-cursors --dbus-control=no --dbus-proxy=no --use-display --no-daemon

and on the client host

xpra attach --username=john --password-file=/password.txt tcp:i31forhlr4:10050
cat password.txt 

on the proxyhost i will get the following error:

2017-03-28 08:33:52,106 proxy video encoders: 
2017-03-28 08:33:52,106 new proxy instance started
2017-03-28 08:33:52,106  for client tcp socket: <-
2017-03-28 08:33:52,106  and server tcp socket: <-
2017-03-28 08:33:52,107 Error: failed to setup control socket '/root/.xpra/xpra-proxy-proxy-2398':
2017-03-28 08:33:52,107  [Errno 13] Permission denied

on proxytarget i get

New tcp connection received from

Any ideas how to trace the problem? Which debug flag should i enable?

Greets from Germany

Change History (5)

comment:1 Changed 4 months ago by Antoine Martin

Owner: changed from Antoine Martin to B

Looks like the proxy instance tries to create its socket in /root/.xpra/xpra-proxy-proxy-$PID, which it will not be able to do since it will be running as uid=1000, gid=1000.

  • r15441 may help: tries to ensure that when we expand socket bind paths, we will use the username, uid and gid we mean to use (note: the username used will be the one from the system password database matching the uid specified, which may be different from the username used for authentication)
  • r15442 improves debug logging

I am not seeing the problem here running Fedora.
If you can still reproduce the problem with the latest beta builds, please attach the "-d proxy" output from the proxy server process.
Also attach the xpra showconfig | egrep "bind|socket-dir" output, running it as the same user that executes the proxy server (root in your case).

A potential workaround would be to start the proxy server with "--socket-dirs=/tmp/" since that path is normally accessible to all users, but this would be less than ideal: you would then need to specify this socket path with other commands or make the setting permanent.

comment:2 Changed 4 months ago by B


now it looks good, except that xpra is not creating the /home/$USER/.xpra dir and it throws the an error.

I have created the directory by hand, now it looks good. Maybe you can add the dir creation in python, so theres no need to do it by hand...

thanks and greets

Last edited 4 months ago by Antoine Martin (previous) (diff)

comment:3 Changed 4 months ago by Antoine Martin

it throws an error.

Please always specify the full error message - I assume that you are using the changes from comment:1 and not the "socket-dirs=/tmp/" workaround?

r15443 should fix that, new beta Ubuntu 16.04 builds posted.

Last edited 4 months ago by Antoine Martin (previous) (diff)

comment:4 Changed 4 months ago by B

Resolution: fixed
Status: newclosed

Your assuming was right and your fix works like a charm.

Thank you very much


comment:5 Changed 2 weeks ago by Antoine Martin

Summary: Xpra Proxyproxy control socket permission error

(editing ticket title)

Note: See TracTickets for help on using tickets.