[solved] TigerVNC cannot start via systemct: Failed to execute /sbin/runuser: Permission denied

I am following the docs and coming stuck when I am starting the server:

root in /etc/tigervnc
√ systemctl start vncserver@:3.service
Job for vncserver@:3.service failed because the control process exited with error code.
See "systemctl status vncserver@:3.service" and "journalctl -xeu vncserver@:3.service" for details.

root in /etc/tigervnc
✗ systemctl status vncserver@:3.service
× vncserver@:3.service - Remote desktop service (VNC)
     Loaded: loaded (/etc/systemd/system/vncserver@.service; disabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: failed (Result: exit-code) since Wed 2023-10-04 16:10:22 BST; 6s ago
    Process: 301352 ExecStartPre=/usr/libexec/vncsession-restore :3 (code=exited, status=0/SUCCESS)
    Process: 301363 ExecStart=/sbin/runuser -l yg -c /usr/bin/vncserver :3 -geometry 1280x1024 (code=exited, status=203>
        CPU: 15ms

Oct 04 16:10:22 berserk systemd[1]: Starting vncserver@:3.service - Remote desktop service (VNC)...
Oct 04 16:10:22 berserk (runuser)[301363]: vncserver@:3.service: Failed to execute /sbin/runuser: Permission denied
Oct 04 16:10:22 berserk (runuser)[301363]: vncserver@:3.service: Failed at step EXEC spawning /sbin/runuser: Permission>
Oct 04 16:10:22 berserk systemd[1]: vncserver@:3.service: Control process exited, code=exited, status=203/EXEC
Oct 04 16:10:22 berserk systemd[1]: vncserver@:3.service: Failed with result 'exit-code'.
Oct 04 16:10:22 berserk systemd[1]: Failed to start vncserver@:3.service - Remote desktop service (VNC).

root in /etc/tigervnc took 2s

What am I doing wrong?

I'm trying to run a remote desktop without monitor but i cannot find out how it works - #4 by vgaetera

Sadly, this is what I am doing with no luck:

root in /etc/tigervnc
√ cat /etc/tigervnc/vncserver.users
# TigerVNC User assignment
#
# This file assigns users to specific VNC display numbers.
# The syntax is <display>=<username>. E.g.:
#
# :2=andrew
# :3=lisa
:3=yg

root in /etc/tigervnc
√ systemctl restart vncserver@:3.service
Job for vncserver@:3.service failed because the control process exited with error code.
See "systemctl status vncserver@:3.service" and "journalctl -xeu vncserver@:3.service" for details.

root in /etc/tigervnc
✗ systemctl status vncserver@:3.service
× vncserver@:3.service - Remote desktop service (VNC)
     Loaded: loaded (/etc/systemd/system/vncserver@.service; disabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: failed (Result: exit-code) since Thu 2023-10-05 08:49:04 BST; 7s ago
    Process: 323815 ExecStartPre=/usr/libexec/vncsession-restore :3 (code=exited, status=0/SUCCESS)
    Process: 323826 ExecStart=/sbin/runuser -l yg -c /usr/bin/vncserver :3 -geometry 1280x1024 (code=exited, status=203>
        CPU: 16ms

Oct 05 08:49:04 berserk systemd[1]: Starting vncserver@:3.service - Remote desktop service (VNC)...
Oct 05 08:49:04 berserk (runuser)[323826]: vncserver@:3.service: Failed to execute /sbin/runuser: Permission denied
Oct 05 08:49:04 berserk (runuser)[323826]: vncserver@:3.service: Failed at step EXEC spawning /sbin/runuser: Permission>
Oct 05 08:49:04 berserk systemd[1]: vncserver@:3.service: Control process exited, code=exited, status=203/EXEC
Oct 05 08:49:04 berserk systemd[1]: vncserver@:3.service: Failed with result 'exit-code'.
Oct 05 08:49:04 berserk systemd[1]: Failed to start vncserver@:3.service - Remote desktop service (VNC).

All I really want is the ability to run chrome on a localmachine instead of my laptop. Maybe VNC is not the best idea here…

sudo rm -f /etc/systemd/system/vncserver@.service
sudo systemctl daemon-reload
sudo systemctl enable vncserver@:3.service
sudo systemctl restart vncserver@:3.service

The documentation is apparently outdated.
Follow the linked post, it works for me.

@vgaetera Thank you, I am now getting somewhere.

However, the vncviewer gives me an connection dropped. The firewall rules were changed in the remote host.

PS: your help is much appreciated!

Be sure to connect to the port 590X where X is the configured display number.
Verify that the service is listening the port and the client is reaching the server:

sudo ss -lnpAinet | grep -e :590[0-9]
sudo tcpdump -evnni any tcp portrange 5900-5909

I need more coffee before I debug things… All sorted.

vncviewer 192.168.1.83:5903

That was the correct command.

@vgaetera Thank you very much indeed. Your help us super appreciated. All the best.

Hello, I meet with these command, but get gnome-session failed as below:

Screenshot from 2024-04-02 10-34-302560×1440 33.4 KB

and when I debug with systemctl status with this service get sth below:

▸ sudo systemctl status vncserver@\:3.service
○ vncserver@:3.service - Remote desktop service (VNC)
     Loaded: loaded (/usr/lib/systemd/system/vncserver@.service; enabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: inactive (dead) since Tue 2024-04-02 10:36:00 CST; 2min 41s ago
   Duration: 10.873s
    Process: 179427 ExecStartPre=/usr/libexec/vncsession-restore :3 (code=exited, status=0/SUCCESS)
    Process: 179438 ExecStart=/usr/libexec/vncsession-start :3 (code=exited, status=0/SUCCESS)
   Main PID: 179446 (code=exited, status=0/SUCCESS)
        CPU: 43ms

Apr 02 10:35:49 fedora systemd[1]: Starting vncserver@:3.service - Remote desktop service (VNC)...
Apr 02 10:35:49 fedora systemd[1]: Started vncserver@:3.service - Remote desktop service (VNC).
Apr 02 10:36:00 fedora systemd[1]: vncserver@:3.service: Deactivated successfully.

and the releate config file as:

▸ cat /etc/tigervnc/vncserver.users
# TigerVNC User assignment
#
# This file assigns users to specific VNC display numbers.
# The syntax is <display>=<username>. E.g.:
#
# :2=andrew
# :3=lisa

:3=redj

and

# The vncserver service unit file
#
# Quick HowTo:
# 1. Add a user mapping to /etc/tigervnc/vncserver.users.
# 2. Adjust the global or user configuration. See the
#    vncsession(8) manpage for details. (OPTIONAL)
# 3. Run `systemctl enable vncserver@:<display>.service`
# 4. Run `systemctl start vncserver@:<display>.service`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted!  For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "nolisten=tcp" to prevent X connections to your VNC server via TCP.
#
# Use "localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel.  See the "-via" option in the
# `man vncviewer' manual page.


[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target systemd-user-sessions.service

[Service]
Type=forking
ExecStartPre=+/usr/libexec/vncsession-restore %i
ExecStart=/usr/libexec/vncsession-start %i
PIDFile=/run/vncsession-%i.pid
SELinuxContext=system_u:system_r:vnc_session_t:s0

[Install]
WantedBy=multi-user.target

is there something was wrong?

After I reconfig X11 with gnome, now it’s ok.