9. Using PC-BSD®

This section discusses how to perform common tasks that were not discussed in the Control Panel section.

9.1. Java and Flash

IcedTea-Web provides an open source Java browser plugin which automatically works with the FireFox, Chromium, and Opera web browsers without any additional configuration. To install this software, search for “icedtea” within AppCafe®.

PC-BSD® installs and configures the Adobe Flash player (version 11) plugin for you. This means that flash should “just work” when browsing the web. You will find several web browsers in the Web Browsers category of AppCafe®, including Firefox, Opera, and Chromium.

If Adobe Flash does not seem to be working, running the following command as your regular user account should fix the problem:

flashpluginctl on

The Adobe Flash Player preferences icon in Control Panel can be used to modify how websites interact with your browser using Adobe Flash. Many of the same configurations can be done via right-click within an active flash object in a web browser.

To access the utility shown in Figure 9.1.1: Flash Player Configuration Utility, use Control Panel ‣ Adobe Flash Player preferences or type flash-player-properties.


The options available in each tab and when to use them are described at the Adobe website:

  • Storage describes private browsing support and the privacy issues associated with local storage of flash information.
  • Camera and Mic controls how websites can use your computer’s camera and microphone.
  • Playback describes how to configure peer-assisted networking to improve bandwidth.
  • Advanced controls how Flash Player handles browsing data, updates, trusted locations, and protected content.

9.2. Installing Custom Fonts

PC-BSD® includes Google Noto which provide multi-lingual Sans and Serif fonts.

If you have a collection of fonts that you have downloaded or purchased, you can configure your PC-BSD® system to also use these fonts. Which utility you use depends upon which window manager you have logged into.


many other fonts are available from AppCafe®. Check the “Search all available PBI and packages” box in the “App Search” tab to search for fonts. Any font installed using AppCafe® should not require any additional configuration to “just work”.

To install custom fonts within KDE, go to System Settings ‣ Font Management. In Figure 9.2.1: Using KDE’s Font Installer to Install Custom Fonts, “All Fonts” is currently selected under the “Group” column, showing all of the fonts installed on this system.


To install your fonts, highlight “Personal Fonts” under the “Group” column, then click the “+Add” button. This will allow you to browse to the font you wish to add. You can add multiple fonts in the same directory by holding down the Ctrl key while making your selection. Click the “Open” button, which will install the font for you. When it is finished, a pop-up message will indicate that you will need to restart any open applications for the font change to take affect. Your newly installed font(s) should now show up in the “Personal Fonts” section in the “Group” column and be available to the applications you use.

To install custom fonts within GNOME, go to Activities ‣ Files. Navigate to the location of the font that you would like to install and either double-click the font name or select “Font Viewer” from the icon’s right-click menu. This will open the font in Font Viewer, allowing you to view it. If you like the font, click the “Install Font” button to make it available to your applications. In the example shown in Figure 9.2.2: Using Files to Install a Custom Font, the user is installing the BlackFlag font.


To install custom fonts within XFCE, use Applications ‣ System ‣ Thunar File Manager. Once you browse to the location of the font and double- or right-click it, you will see the same Font Viewer used by GNOME.

If you prefer to install fonts from the command line, become the superuser and copy the downloaded font to the /usr/local/share/fonts/ directory. Then, refresh the fonts cache:

fc-cache -f -v /usr/local/share/fonts/name_of_font

9.3. Multimedia

PC-BSD® has been pre-configured to support most multimedia formats and makes it easy to install most open source media applications using AppCafe®. PC-BSD® supports both PulseAudio and OSS so that applications using either sound server should work.

If you install your web browser using AppCafe®, you should be able to play most media formats, including YouTube videos, Internet radio, and many trailer and movie sites.

If people are blue in YouTube videos, this is due to a known issue in flash which Adobe hasn’t fixed for open source players. To resolve this issue, right-click an area in the video, select “Settings”, then uncheck the box “Enable hardware acceleration”. Alternately, install Minitube using AppCafe® and use it to watch YouTube.


if you happen to come across a file that you can not play in a web browser or media player, it is probably because it is in a proprietary format that requires a licensing fee or restricts distribution of the codec that is required to play that media format.

AppCafe® contains several dozen applications for playing and editing multimedia. It includes these popular applications (click the links to view screenshots):

  • aTunes: full-featured audio player and manager that can play mp3, ogg, wma, wav, flac, mp4 and radio streaming, allowing users to easily edit tags, organize music and rip audio CDs.
  • Audacity: multilingual audio editor and recorder.
  • DeaDBeeF: music player that supports most audio formats.
  • Decibel: audio player built around a highly modular structure that lets the user disable completely the features he does not need. Able to play CDs directly.
  • gtkpod: graphical user interface for the Apple iPod.
  • Miro: HD video player that can play almost any video file and offers over 6,000 free Internet TV shows and video podcasts.
  • SMPlayer: universal media player that can handle any media format and play audio CDs, DVDs, (S)VCDs, TV/radio cards, YouTube™ and SHOUTcast™ streams. This is the default player used by Mount Tray.

9.3.1. Kodi

Kodi, formerly known as XBMC, is a GPL-licensed software media player and entertainment hub for digital media. It can play most audio and video formats, CDs and DVDs from a disk or image file, and even files inside ZIP and RAR archives. It can scan all of your media and automatically create a personalized library with album covers, descriptions, and fan art.

During the installation of PC-BSD®, the installer provided an option to install Kodi. If you wish to install Kodi afterwards, use AppCafe®. Click “App Search” and search for “pcbsd-meta-kodi”. Once installed, an entry for “Media Center” should be added to the “Multimedia” section of the application menu of your desktop. You can also start Kodi by typing kodi from a command prompt.

If you have never used Kodi before, take some time to skim through the Kodi Wiki Manual. The Turn PC-BSD into a home theater forum post contains a quick how-to for configuring Kodi.

9.3.2. PlexHome Theater

Plex Home Theater is a centralized media playback system. The central Plex Media Server streams media to many Plex player Apps which are used to view your media library and watch shows.

During the installation of PC-BSD®, the installer will have provided an option to install PlexHome Theater. If you wish to install it afterwards, use AppCafe®. Click the box “Search all available PBI and packages” and search for “plexhometheater”. Once installed, an entry should be added to the “Multimedia” section of the application menu of your desktop. You can also start this application by typing plexhometheater from a command prompt.

Once installed, an entry for “Plex Home Theater” will also be added to the login manager so that you can login directly to the home theater instead of a desktop.

The first time you run or log into Plex Home Theater, a wizard will check your audio settings and sign into your Plex account. If you do not have a Plex account yet, create one at plex.tv. The wizard will give you a PIN code and an URL to enter the code. Once you enter the PIN, the wizard will connect and sign you in. You can now search for and watch media. To exit Plex, click the “<” then “Quit”.

9.4. Files and File Sharing

Depending upon which Desktops you have installed, different graphical file manager utilities may already be installed for you. You do not need to be logged into a specific window manager to use an installed file manager. For example, if KDE is installed, you can run its file manager from any window manager by typing dolphin. KDE, GNOME, LXDE, and XFCE install their own file managers while most of the other desktops assume that you will install your favorite file manager. Table 9.4a summarizes the available file managers and indicates which desktop they are installed with. Some file managers can be installed independent of a desktop using AppCafe®. Once a file manager is installed, type its name if you wish to run it from another desktop.

Table 9.4a: Available File Managers

File Manager Desktop/AppCafe Screenshots
dolphin KDE https://userbase.kde.org/Dolphin
emelfm2 AppCafe http://emelfm2.net/wiki/ScreenShots
caja MATE http://mate-desktop.org/gallery/1.6/
mucommander AppCafe http://www.mucommander.com/screenshots.php
nautilus GNOME, AppCafe https://projects.gnome.org/nautilus/screenshots.html
pcmanfm LXDE, AppCafe http://lxde.org/easy_fast_file_management_pcmanfm
thunar XFCE, AppCafe http://docs.xfce.org/xfce/thunar/start
xfe AppCafe http://roland65.free.fr/xfe/index.php?page=screenshots

When working with files on your PC-BSD® system, save your own files to your home directory. Since most of the files outside of your home directory are used by the operating system and applications, you should not delete or modify any files outside of your home directory, unless you know what you are doing.

Table 9.4b summarizes the directory structure found on a PC-BSD® system. man hier explains this directory structure in more detail.

Table 9.4b: PC-BSD Directory Structure

Directory Contents
/ pronounced as “root” and represents the beginning of the directory structure
/bin/ applications (binaries) that were installed with the operating system
/boot/ stores the startup code, including kernel modules (such as hardware drivers)
/compat/linux/ Linux software compatibility files
/dev/ files which are used by the operating system to access devices
/etc/ operating system configuration files
/etc/X11/ the xorg.conf configuration file
/etc/rc.d/ operating system startup scripts
/home/ subdirectories for each user account; each user should store their files in their own home directory
/lib/ operating system libraries needed for applications
/libexec/ operating system libraries and binaries
/media/ mount point for storage media such as DVDs and USB drives
/mnt/ another mount point
/proc/ the proc filesystem required by some Linux applications
/rescue/ necessary programs for emergency recovery
/root/ administrative account’s home directory
/sbin/ operating system applications; typically only the superuser can run these applications
/tmp/ temporary file storage; files stored here may disappear when the system reboots
/usr/bin/ contains most of the command line programs available to users
/usr/local/ contains the binaries, libraries, startup scripts, documentation, and configuration files used by applications installed from ports or packages
/usr/local/share/fonts/ system wide fonts for graphical applications
/usr/local/share/icons/ system wide icons
/usr/ports/ location of system ports tree (if installed)
/usr/share/ system documentation and man pages
/usr/sbin/ command line programs for the superuser
/usr/src/ location of system source code (if installed)
/var/ files that change (vary), such as log files and print jobs

PC-BSD® provides built-in support for accessing Windows shares, meaning you only have to decide which utility you prefer to access existing Windows shares on your network. If a desktop is installed, you do not have to be logged into that desktop in order to use that utility.

Table 9.4c summarizes the available utilities (type a utility’s name to launch it in any desktop), which desktop it installs with and whether or not it can be installed separately using AppCafe®, and a short description of how to access the available shares using that utility.

Table 9.4c: Utilities that Support Windows Shares

Utility Desktop/AppCafe How to Access Existing Shares
dolphin KDE in the left frame, click on Network ‣ Samba Shares, then the Workgroup name; if the network requires a username and password to browse for shares, set this in Control Panel ‣ System Settings ‣ Sharing while in KDE or type systemsettings and click “Sharing” while in another desktop
konqueror KDE in the location bar, type smb:/
mucommander AppCafe click on Go ‣ Connect to server ‣ SMB; input the NETBIOS name of server, name of share, name of domain (or workgroup), and the share’s username and password
nautilus GNOME, AppCafe click on Browse Network ‣ Windows Network
thunar XFCE, AppCafe in the left frame, click on Network ‣ Windows Network

9.5. Windows Emulation

Wine is an application that allows you to create a Windows environment for installing Windows software. This can be useful if your favorite Windows game or productivity application has not been ported to Linux or BSD.

Wine is not guaranteed to work with every Windows application. If you are unsure if the application that you require is supported, search for it in the “Browse Apps” section of the Wine application database. The Wine wiki contains many resources to get you started and to refer to if you encounter problems with your Windows application.

Wine can be installed during installation or from AppCafe®. Once installed, it can be started by clicking the entry for “Wine Configuration” from the desktop’s application menu or by typing winecfg at the command line. The initial Wine configuration menu shown in Figure 9.5.1: Wine Configuration Menu.


Click the “Add application” button to browse to the application’s installer file. By default, the contents of your hard drive will be listed under “drive_c”. If the installer is on a CD/DVD, use the drop-down menu to browse to your home directory ‣ *.wine ‣ dosdevices folder. The contents of the CD/DVD should be listed under d:. If they are not, the most likely reason is that your CD/DVD was not automatically mounted by the desktop. To mount the media, type the following as the superuser:

mount -t cd9660 /dev/cd0 /cdrom

You should hear the media spin and be able to select the installer file. Once selected, press “Apply” then “OK” to exit the configuration utility.

To install the application, click the Winefile desktop icon or type winefile to see the screen shown in Figure 9.5.2: Installing the Application Using winefile.


Click the button representing the drive containing the installer and double-click on the installation file (e.g. setup.exe). The installer should launch and you can proceed to install the application as you would on a Windows system.


if you had to manually mount the CD/DVD, you will need to unmount it before it will eject. As the superuser, use the command umount /mnt.

Once the installation is complete, browse to the application’s location. Figure 9.5.3: Running the Installed Application shows an example of running Internet Explorer within winefile.


9.5.1. Running Steam

Wine can be configured to install and run Steam games. Video instructions can be found at Steam on PC-BSD - How to Get Wine Running 3D Games and at Steam on PCBSD 2 - Using Wine as a Streaming Client.

9.6. Remote Desktop

Occasionally it is useful to allow connections between desktop sessions running on different computers. This can be handy when troubleshooting a problem since both users will be able to see the error on the problematic system and either user can take control of the mouse and keyboard in order to fix the problem. Typically this is a temporary situation as providing access to one’s computer allows a remote user the ability to both view and modify its settings.

The Remote Desktop Protocol (RDP) can be used to make a connection to another computer. Depending upon the operating system, you may have to first install or enable RDP software on the remote computer:

  • Not every edition of Windows provides a fully functional version of RDP; for example, it may not be fully supported in a Home Edition of Windows. Even if the full version of RDP is included, remote access may or may not be enabled by default. If you have trouble connecting using RDP, do a web search for “remote desktop” and the name of the version of Windows you are using to find out how to configure its remote desktop settings. If you still can not connect, you can instead download, install, and configure Virtual Network Computing (VNC) server software on the system.
  • If the other computer you are connecting to is a Mac, Linux, or BSD system, you will have to first install either xrdp or a VNC server on the other system. Depending upon the operating system, either software may or may not already be installed. If it is not, check the software repository for the operating system or use a web search to find out how to install and configure one of these applications on that operating system. If you are connecting to another PC-BSD® system, use AppCafe®, check the box “Search all available PBI and packages”, and search for “rdp” or “vnc”.

If there is a firewall on either system or a network firewall between the two systems, check that it allows connections to the TCP port required by the type of connection that you will be using:

  • RDP: uses port 3389
  • VNC: uses port 5900 (for the first connection, 5901 for the second connection, etc.)

If you need to manually add a firewall rule, it is best to only allow the IP address of the computer that will be connecting. You should immediately remove or disable this firewall rule after the connection is finished so that other computers do not try to connect to the computer. Since your PC-BSD® system is considered to be the client and will be initiating the connection, you do not have to modify the firewall on the PC-BSD® system.

9.6.1. Connecting with KRDC

KRDC can be used to initiate a connection request. This application can be installed using AppCafe® Check the “Search all available PBI and packages” box within the “App Search” tab to install this package.

To launch this application, go to Applications ‣ Internet ‣ Remote Desktop Client within KDE or type krdc at the command line within any desktop. If you click F1 while in KRDC you can access the Remote Connection Desktop Handbook to learn more about how to use this application.

Figure 9.6.1: Creating a Connection Using KRDC shows the initial KRDC screen which allows you to specify which system you wish to connect to.


Use the drop-down menu to indicate whether the remote system is using RDP or VNC for the connection. Then type in the IP address of the system you wish to connect to. If you are connecting to a VNC system, the IP address needs to be followed by a colon and a number indicating the number of the session. Typically, the number will be 1 unless the VNC server is hosting multiple simultaneous connections. Once you press enter, the connection will be initiated and, if it is an RDP connection, you will see the screen shown in Figure 9.6.2: Settings for the RDP Connection.


Here is a quick overview of the settings:

Desktop resolution: since the contents of the screen are sent over the network, select the lowest resolution that still allows you to see what is happening on the other system. If you have a very fast network connection, you can choose a higher resolution; if you find that the other system is very slow to refresh its screen, try choosing a lower resolution.

Color depth: choose the lowest color depth that allows you to see the other system; you can choose a higher color depth if the network connection is fast.

Keyboard layout: this drop-down menu allows you to select the desired keyboard layout.

Sound: this drop-down menu allows you to choose whether any sounds heard during the connection are produced on this system, the remote system, or to disable sound during the connection.

Performance: select the option that best matches the network speed to the remote host. Choices are “Modem”, “Broadband”, or “LAN”.

RemoteFX: check this box if the remote system supports RemoteFX and hardware acceleration is desired.

Share Media: specifies a mount point for data to be shared between the systems.

Console login: if you are connecting to a Unix-like system, you can check this box if you wish to have access to the other system’s command line console.

Extra options: allows you to specify rdesktop switches that are not covered by the other options in this screen.

Show this dialog again for this host: if you plan on using the same settings every time you connect to this computer, you can uncheck this box. If you need to change the settings at a later time, you can right-click the connection (which will appear in a list as a past connection) and choose “Settings” from the right-click menu.

Remember password: KWallet is KDE’s password storage system. If this box stays checked, you will only need to input the password the first time you make this connection as it will be saved for you. If this is the first time you have stored a password using KWallet, it will prompt you for some information to set up your wallet.

If it is a VNC connection, you will be able to choose your connection type (speed), screen resolution, and have the option to remember the password.

Once you press “OK”, the connection should be initiated and you will receive pop-up messages asking for a username then a password; the details you provide must match a user account on the system you are connecting to. Once your authentication details are confirmed, you should see the desktop of the other system. If you move your mouse, it will move on the other desktop as well. Click the “View Only” button in the top toolbar whenever you wish to disable this mouse behavior. When you are finished your session, you can click the “Disconnect” button in the top toolbar.


if the connection fails, check on the remote computer that either the RDP software is enabled or that the VNC server is listening for connections. Also double-check that a firewall is not preventing the connection.

9.6.2. Connecting with VNC

If you prefer to use VNC for the connection, use AppCafe® to install a VNC client such as TightVNC. Before using the VNC client, ensure that the VNC server is installed and running on the remote desktop.

Once TightVNC is installed, type vncviewer to start the VNC client. A small window will appear, allowing you to type in the IP address of the remote system in the format IP_ADDRESS:5801. Change the 5801 if the VNC server is listening on a different port.

9.6.3. Using Desktop Sharing

If you wish another user to connect to your computer, the KDE Desktop Sharing application can be used to generate a connection invitation The krfb application can be installed using AppCafe®. Check the “Search all available PBI and packages” box within “App Search” to search for this application.

To launch this application within KDE, go to Applications ‣ Internet ‣ Desktop Sharing or type krfb from the command prompt of any desktop. If you press F1 while in this application, it will open the Desktop Sharing Handbook where you can learn more about using this utility. Figure 9.6.3: Initiating a Connection Request Using krfb shows the initial screen for this application.


To share your desktop, check the box “Enable Desktop Sharing”. This will activate the “Connection Details” portion of this screen. If you click the blue icon next to the “Address”, a pop-up menu will indicate that this is just a hint and that the remote user should use the IP address for your computer. If you wish, you can click the icon next to the “Password”. This will activate that field so that you can change the generated password to the one you want to use for the session. Be sure to reclick the icon to save the new password.


while you can check the “Enable Unattended Access” checkbox, it is not recommended to do so. If you give another user the unattended password (which is set by clicking the “Change Unattended Password”), they can connect to your system without your knowledge. The default, which occurs when the “Enable Unattended Access” is un checked, is for a pop-up message to appear on your screen whenever a remote user attempts to connect and for the desktop to remain inaccessible until you accept the remote connection.

Once you have checked the box to “Enable Desktop Sharing”, contact the other person to let them know the password and IP address so that they can connect. The most secure way to convey the invitation information is through an alternate communications channel such as a phone call. Ideally, you are speaking to the other person as they connect so that you can walk them through the problem you are experiencing and they can let you know what they are doing to your system as you watch them do it.

The other person should input the IP address and password into their VNC client in order to start the connection. You will know when they try to connect as a pop-up message will appear on your screen similar to Figure 9.6.4: The Other User is Trying to Connect Using the Invitation.


In this example, a computer with an IP address of is trying to connect. Buttons are provided to either accept or refuse the connection. You can also check or uncheck the box to “allow remote user to control keyboard and mouse”. If you accept the connection, the other user will be prompted to input the invitation password. Once the password is accepted, they will see your desktop.


your desktop will continue to be shared as long as the “Enable Desktop Sharing” checkbox is checked, even if you close this utility. Always remember to uncheck this box when your session is finished in order to prevent unwanted connections.

9.7. Thin Client

PC-BSD® provides a Thin Client script which can be used to easily create a PXE Boot Desktop Server, to support thin clients, and a PXE Boot Install Server, for creating a central server which systems can connect to in order to be installed with PC-BSD®.

This section demonstrates how to configure and use both the PXE Boot Desktop Server and the PXE Boot Install Server.

9.7.1. PXE Boot Desktop Server

A PC-BSD® PXE Boot Desktop Server allows you to automatically configure a Diskless node where each computer has a network interface card capable of Preboot Execution Environment (PXE) booting. When a client boots from their network interface instead of their hard disk, they automatically connect to the PXE Boot Desktop Server and receive a login window. Once authenticated, they can use PC-BSD®, even if PC-BSD® is not installed on their own computer and even if their computer does not have a hard drive.

To prepare your PC-BSD® system for a PXE Boot Desktop Server configuration, perform these tasks first:

  1. If the diskless clients will require Internet access, install two network cards where one NIC is connected to the Internet and the other is connected to a private LAN from which the thin clients can PXE boot from.
  2. The PC-BSD® system should have lots of RAM installed, especially if multiple clients will be connecting.

To configure the PC-BSD® system as a PXE Boot Desktop Server, run the following script as the superuser:

/usr/local/bin/pc-thinclient will install the components to convert this system into a thin-client server.
Continue? (Y/N) y
Do you wish to install the dhcpd server port or use an external server?
If you wish to use an external server please make sure it supports adding next server and bootfile name options.

If you wish to have the PC-BSD® system act as the DHCP server, type d. If the network already has a configured DHCP server, type e. The following example will install the DHCP server on the PC-BSD® system. After making your selection, press enter to continue:

Do you wish to make this a remote X desktop server or install server?
(r/i) r

If your intent is to install a PXE Boot Desktop Server, input r and press enter. If you previously typed d and a DHCP server is not already installed, it will be installed for you. Once the DHCP server is installed, the tools needed in the PXE environment will be installed and messages will indicate the progress. Once everything is installed, you will see this message:

Setting up system for PXE booting...
What NIC do you wish DHCPD to listen on? (I.E. re0)
nic) em0

Input the FreeBSD device name of the interface that is attached to the local network containing the diskless workstations. This interface will run the DHCP server and should not be connected to a network with another DHCP server running. In the example shown here, the user has input the em0 interface. If you are unsure of the device name, type ifconfig from another terminal.

The script will now configure the specified interface and start the required services:

Starting /etc/rc.d/nfsd...OK
Starting /etc/rc.d/inetd...OK
Starting /usr/local/etc/rc.d/isc-dhcpd...OK
You will need to reboot the system for the login manager changes to take effect.
Your system is now setup to do PXE booting!

Before rebooting, you may wish to customize the installation.

The installation creates a chroot directory that contains a small PXE image that is used by clients to launch Xorg and connect to the PXE Boot Desktop Server. You can access this chroot by typing this command as the superuser:

chroot /usr/home/thinclient

Running pkg info within the chroot will show which X components and drivers are available. Should you need to install additional video drivers, use pkg install within the chroot. When you are finished using the chroot, type exit to leave it.

The thin client script installs and configures the following services:

NFS: the Network File System is a protocol for sharing files on a network. It has been configured to allow clients on the network attached to the interface that you specified to connect to the thin client server. Its configuration file is located in /etc/exports.

TFTP: the Trivial File Transfer Protocol is a light-weight version of FTP used to transfer configuration or boot files between machines. The PXE network cards on the diskless computers will use TFTP to receive their configuration information. This service was enabled in /etc/inetd.conf with a home directory of /usr/home/thinclient.

DHCP: the Dynamic Host Configuration Protocol is used to configure IP addressing info on the diskless workstations. If you selected to install a DHCP server, it will be configured to assign addresses for the network attached to the interface that you specified. Its configuration file is located in /usr/local/etc/dhcpd.conf.

The thin client script also creates the pxeboot user with the default password thinclient. This username and password is used to save the working Xorg configuration files for each of the diskless computers. It is highly recommended that you change this password right away by running this command as the superuser:

passwd pxeboot

You will also need to create the users that will connect to the system. You can do so using or by typing adduser at the command line and following the prompts.

After a successful installation and reboot of the PXE Boot Desktop Server, the DHCP service will be running on the NIC you specified. Make sure that this NIC and a PXE capable client are connected to the same hub or switch. When you boot up the client, PXE should automatically obtain an IP address and begin to load PC-BSD®. If it does not, review the boot order settings in the BIOS on the client to make sure that PXE is listed first.

After the boot process has finished, the client will be brought to this prompt:

No saved xorg-config for this MAC: <MAC_Address>
Do you wish to setup a custom xorg.conf for this system? (Y/N)

If you wait 10 seconds, this message will timeout, and the client will bring up X in 1024x768 mode. If this is not the resolution that you wish to use, type “Y” at the prompt and hit enter to bring up the Xorg Configuration screen. In this menu, you will be able to setup your own custom xorg.conf file, auto-detect settings, and test the new configuration. When finished, choose “Save working config” to send this configuration to the PXE Boot Desktop Server. This will prompt for the password of the pxeboot user. Once authenticated, the file will be saved by the client’s MAC address in /home/pxeboot/mnt/xorg-config/<mac>.conf. The next time you boot the client, it will automatically use the saved xorg.conf file and bring the system to the PC-BSD® login screen.


in order for the login to succeed, the user account must already exist on the PXE Boot Desktop Server.

The client’s boot environment is located in /home/pxeboot. This is mounted read-only during the PXE boot process to allow the client to bootup and create an XDCMP connection to the server.

Once logged in to the PXE Boot Desktop Server, using PC-BSD® will be the same as if you had installed PC-BSD® on the client system. You will be able to use to install software and to save and use the files in your home directory.

Use the -remove option if you wish to uninstall the PXE Boot Desktop Server:

pc-thinclient -remove
Removing /usr/home/thinclient

This will remove the PXE environment from the system. If you are finished using the PXE boot services, you can stop them using these commands:

service nfsd stop

service inetd stop

service isc-dhcpd stop

and prevent them from restarting by removing these lines from /etc/rc.conf:

# pc-thinclient configuration

Your interface name and IP address may differ from those in the example. The dhcpd and portmap lines will not exist if you did not install a DHCP server.

9.7.2. PXE Boot Install Server

A PC-BSD® PXE Boot Install Server can be used to install PC-BSD®, FreeBSD, or TrueOS® onto computers who connect to the server using PXE. The installations can be interactive or fully automated. The PXE Boot Install Server supports multiple, concurrent installations with the only limiting factor being the server’s disk I/O and the network’s bandwidth.

The installation of the PXE Boot Install Server starts the same way, except this time you select i when prompted:

/usr/local/bin/pc-thinclient will install the components to convert this system into a thin-client server.
Continue? (Y/N) y
Do you wish to install the dhcpd server port or use an external server?
If you wish to use an external server please make sure it supports adding next server and bootfile name options.
(d/e) d
Do you wish to make this a remote X desktop server or install server?
(r/i) i

Once the environment is downloaded and configured, you will be asked if you would like to install the web interface:

PC-ThinClient includes a web-interface for client management.
Would you like to install the Apache / PHP packages required?
default: (y)

You will then be prompted to input the interface to be used by the server and then the services will be started:

All the webui files are located in /usr/local/share/pcbsd/pc-thinclient/resources/webui
You will need to configure your web-server to serve this directory.
Please edit the file /usr/local/share/pcbsd/pc-thinclient/resources/webui/config.php to set the user passwords / auth tokens for the site.
Setting up system for PXE booting...
What NIC do you wish DHCPD to listen on? (I.E. re0)
nic) em0
Starting /etc/rc.d/nfsd...OK
Starting /etc/rc.d/inetd...OK
Starting /usr/local/etc/rc.d/isc-dhcpd...OK
To perform system installations, place your custom pc-sysinstall scripts in:
An example script is provided in the above directory
For unattended installations, save your pc-sysinstall script as:
Your system is now setup to do PXE booting!

Once the PXE Boot Install Server is installed, try to PXE boot a client which is connected to the same network. If the client boots successfully, you will see the installation screen shown in Figure 9.7.1: PXE Boot Installation Menu.


By default, selecting “install” from the boot menu will use the /usr/home/thinclient/installscripts/pc-sysinstall.example script which installs a basic FreeBSD system. In addition to starting an installation, this menu provides an emergency shell prompt. This can be useful if you have a system which can no longer boot and you wish to either access the disk’s contents or attempt to repair the installation.

Any scripts that you create and place in the /usr/home/thinclient/installscripts/ directory will be selectable as an installation option within the PXE client boot menu. Tables 5.5a and 5.5b in summarize the available configuration options when creating an installation script. Alternately, every time you install PC-BSD, the installation script is automatically saved to /root/pc-sysinstall.cfg. This means that if you wish to repeat an installation, you simply need to copy that file to the /usr/home/thinclient/installscripts/ directory on the PXE Boot Install Server.

The PXE Boot Install Server also supports completely unattended installations. To perform fully-automated installations over the PXE interface, create a configuration script named /usr/home/thinclient/installscripts/unattended.cfg. When a PXE client first boots, it checks for the existence of the unattended.cfg file, and if found, it will automatically use it for installation. Some caution should be taken when using this method since simply plugging a PXE boot client into the wrong LAN cable could cause it to be re-installed.

9.8. Security

Your PC-BSD® system is secure by default. This section provides an overview of the built-in security features and additional resources should you like to learn more about increasing the security of your system beyond its current level.

The security features built into PC-BSD® include:

  • Naturally immune to viruses and other malware: most viruses are written to exploit Windows systems and do not understand the binaries or paths found on a PC-BSD® system. Antivirus software is still available in the Security section of AppCafe® as this can be useful if you send or forward email attachments to users running other operating systems.
  • Potential for serious damage is limited: file and directory ownership and permissions along with separate user and group functions mean that as an ordinary user any program executed will only be granted the abilities and access of that user. A user that is not a member of the wheel group can not switch to administrative access and can not enter or list the contents of a directory that has not been set for universal access.
  • Built-in firewall: the default firewall ruleset allows you to access the Internet and the shares available on your network but does not allow any inbound connections to your computer. In addition, Fail2ban is installed. This service can be configured to identify possible break-in attempts and to respond with an action such as creating a firewall rule to ban the intruder. Instructions for configuring fail2ban can be found on the fail2ban wiki.
  • Very few services are enabled by default: you can easily view which services are started at boot time using Service Manager or by reading through /etc/rc.conf. You can disable the services that you do not use by disabling that service in Service Manager or by commenting out that line with a # in /etc/rc.conf.
  • SSH is disabled by default: and can only be enabled by the superuser. This setting prevents bots and other users from trying to access your system. If you do need to use SSH, add the line sshd_enable=YES to /etc/rc.conf. You can then start the service by typing service sshd start. You will need to add a firewall rule using Firewall Manager to allow SSH connections over TCP port 22.
  • SSH root logins are disabled by default: if you enable SSH, you must login as a regular user and use su or sudo when you need to perform administrative actions. You should not change this default as this prevents an unwanted user from having complete access to your system.
  • sudo is installed: and configured to allow users in the wheel group permission to run an administrative command after typing their password. By default, the first user you create during installation is added to the wheel group. You can use User Manager to add other users to this group. You can change the default sudo configuration using the visudo command as the superuser.
  • :wikipedia:`AES instruction set (AESNI) support is loaded by default for the Intel Core i5/i7 processors that support this encryption set. This support speeds up AES encryption and decryption.
  • Automatic notification of security advisories: Update Manager will automatically notify you if an update is available as the result of a security advisory that affects PC-BSD®. This allows you to keep your operating system fully patched with just the click of a mouse.
  • PC-BSD® packages are built with LibreSSL which has fewer vulnerabilities than OpenSSL.
  • PersonaCrypt allows a user to use a removable, encrypted device as their home directory.
  • Logging into a stealth session creates an encrypted zvol as a temporary home directory for that login session. When the user logs out of a stealth session, the zvol is destroyed, along with the contents of the temporary home directory.
  • Tor Mode can be used to anonymously access Internet sites as this mode automatically forwards all Internet traffic through the Tor Project’s transparent proxy service.

If you would like to learn more about security on FreeBSD/PC-BSD® systems, man security is a good place to start. These resources provide more information about security on FreeBSD-based operating systems:

9.8.1. Tor Mode

Tor mode uses Tor, socat, and a built-in script which automatically creates the necessary firewall rules to enable and disable tor mode at the user’s request. While in tor mode, the firewall will redirect all outgoing port 80 (HTTP), 443 (HTTPS), and DNS traffic through the Tor transparent proxy network.

To start tor mode, right-click Update Manager and check the “Routing through Tor” box. The pop-up message shown in Figure 9.8.1: Enabling Tor Mode will appear.


If you have never used the Tor network before, it is recommended to read the link for the Tor FAQ. Click “Yes” to enable tor mode and enter your password when prompted so that the firewall rules can be updated for you.

While in tor mode, a small onion will be added to the Update Manager icon and, if you hover over the icon, it will say “(Routing through Tor)”. You can also verify that you are connected to the Tor network by right-clicking Update Manager and clicking “Check Tor connection”. It will take a moment or so, but a pop-up message should indicate that the connection to https://check.torproject.org/ succeeded.


the system will remain in tor mode, even after a reboot, until you disable it. To disable tor mode, right-click Update Manager and uncheck the “Routing through Tor” box. Now when you “Check Tor connection”, it should indicate that you are not using Tor.

To enable and disable tor mode from the command line or on a desktop that does not provide a system tray, use the following commands:

  • sudo enable-tor-mode enables tor mode.
  • sudo disable-tor-mode disables tor mode.

9.9. Accessibility

The GNOME and KDE desktop environments provide accessibility features to assist users with vision and mobility impairments. In PC-BSD®, these desktops can be installed either during installation or afterwards using AppCafe®.

This section provides an overview of the features provided by each desktop and additional references to these features.

9.9.1. GNOME Universal Access

GNOME3 provides a “Universal Access” utility for configuring the desktop for accessibility. To open this utility, open “Activities” and search for “Universal Access”. This will open the screen shown in Figure 9.9.1: Universal Access Screen.


The “Seeing” section of this screen has options for assisting users with low vision.

Click “Off” in the “Hearing” section to open a pop-up screen used to enable visual alerts, either to the window title of the current window or the entire screen. The pop-up screen provides a “Test flash” button for testing the settings.

If you click “Off” next to “Typing Assist (AccessX)” in the “Typing” section, it will open the screen shown in Figure 9.9.2: Keyboard and Key Options. “Sticky Keys”, “Slow Keys”, and “Bounce Keys” can be enabled in this screen to assist users with mobility impairments.


If you click the “Off” next to “Click Assist” in the “Pointing and Clicking” section, you can configure a simulated secondary click and a hover click.

More information about the options provided by Universal Access can be found at the GNOME Universal page.

9.9.2. KDE Accessibility Tools

To install the KDE accessibility tools, use AppCafe®. Check the “Search all available PBI and packages” in “App Search” and search for the “kdeaccessibility” package.

The KDE-Accessibility component installs the following software:

  • KMag: a screen magnifier. In KDE, this application is in Applications ‣ Utilities ‣ Screen Magnifier or you can type kmag from the command line. Drag the magnifier window over the text you wish to magnify or click its “Settings” button to view the shortcuts for its various modes. Click F1 while the application is open to access the Kmagnifier Handbook.
  • KMouseTool: clicks the mouse whenever the mouse cursor pauses briefly. It can also drag the mouse, although this takes a bit more practice. To start this utility in KDE, click Applications ‣ Utilities ‣ Automatic Mouse Click or type kmousetool from the command line. In the screen shown in Figure 9.9.3: Configuring KMouseTool, check the settings you wish to use, click the “Apply” button, then click the “Start” button. If you quit this screen, it will be added to the system tray and will continue to run until you launch its icon and click the “Stop” button.
  • KMouth: enables persons that cannot speak to speak through their computer. It keeps a history of spoken sentences from which the user can select to be re-spoken. To start this program, click Applications ‣ Utilities ‣ Speech Synthesizer Frontend or type kmouth from the command line. The first time you run this application, a configuration wizard will prompt you to set the command to use for speaking texts (such as /usr/local/bin/espeak) and the character encoding.