【VNC】 tigervnc-server でマルチユーザーログイン可能に設定する手順

[ansible_test@cnt07 ansible]$ python -c 'import crypt; print crypt.crypt("testpassword", "$6$random_salt")'
$6$random_salt$JbIzbomk9fi2jcnguYP4EGQ0edNbbKosEaF3Bm8ZGIfci/vI01Rh3VV2gL1RD7UsWdHGXD3pmCpSAP0G35VK.0　←　ハッシュ化されたパスワード
[ansible_test@cnt07 ansible]$

上記コマンドで生成された「$6$random_salt$JbIzbomk9fi2jcnguYP4EGQ0edNbbKosEaF3Bm8ZGIfci/vI01Rh3VV2gL1RD7UsWdHGXD3pmCpSAP0G35VK.0」を Ansible で設定します。

Ansible を実行するためのプレイブック（playbook）は以下のようになりました。

※playbook は yml（ヤムル）形式のファイルで、インデントで動作が変わるのでインデントを変更しないでください。

[ansible_test@cnt07 ansible]$ cat create-vnc-account-playbook.yml

- hosts: 192.168.1.10
become: true
become_user: root
become_method: sudo
tasks:
- name: Create Group
group:
name="{{ item.groups }}"
gid="{{ item.gids }}"
with_items:
- { groups: 'vnc_group', gids: 3011 }

- name: Create Users
user:
name="{{ item.account }}"
group="{{ item.groups }}"
password="{{ item.password }}"
with_items:
- { account: 'yamada', groups: 'vnc_group', gids: 3011, password: '$6$random_salt$JbIzbomk9fi2jcnguYP4EGQ0edNbbKosEaF3Bm8ZGIfci/vI01Rh3VV2gL1RD7UsWdHGXD3pmCpSAP0G35VK.0' }
- { account: 'nakamura', groups: 'vnc_group', gids: 3011, password: '$6$random_salt$JbIzbomk9fi2jcnguYP4EGQ0edNbbKosEaF3Bm8ZGIfci/vI01Rh3VV2gL1RD7UsWdHGXD3pmCpSAP0G35VK.0' }
- { account: 'sato', groups: 'vnc_group', gids: 3011, password: '$6$random_salt$JbIzbomk9fi2jcnguYP4EGQ0edNbbKosEaF3Bm8ZGIfci/vI01Rh3VV2gL1RD7UsWdHGXD3pmCpSAP0G35VK.0' }
- { account: 'sasaki', groups: 'vnc_group', gids: 3011, password: '$6$random_salt$JbIzbomk9fi2jcnguYP4EGQ0edNbbKosEaF3Bm8ZGIfci/vI01Rh3VV2gL1RD7UsWdHGXD3pmCpSAP0G35VK.0' }

ansible-playbook コマンドを実行します。

[ansible_test@cnt07 ansible]$ ansible-playbook create-vnc-account-playbook.yml -i hostlist

PLAY [192.168.1.10] ***********************************************************

TASK [Gathering Facts] ********************************************************
ok: [192.168.1.10]

TASK [Create Group] ***********************************************************
changed: [192.168.1.10] => (item={u'groups': u'vnc_group', u'gids': 3011})

TASK [Create Users] ***********************************************************
changed: [192.168.1.10] => (item={u'account': u'yamada', u'password': u'$6$random_salt$JbIzbomk9fi2jcnguYP4EGQ0edNbbKosEaF3Bm8ZGIfci/vI01Rh3VV2gL1RD7UsWdHGXD3pmCpSAP0G35VK.0', u'groups': u'vnc_group', u'gids': 3011})
changed: [192.168.1.10] => (item={u'account': u'nakamura', u'password': u'$6$random_salt$JbIzbomk9fi2jcnguYP4EGQ0edNbbKosEaF3Bm8ZGIfci/vI01Rh3VV2gL1RD7UsWdHGXD3pmCpSAP0G35VK.0', u'groups': u'vnc_group', u'gids': 3011})
changed: [192.168.1.10] => (item={u'account': u'sato', u'password': u'$6$random_salt$JbIzbomk9fi2jcnguYP4EGQ0edNbbKosEaF3Bm8ZGIfci/vI01Rh3VV2gL1RD7UsWdHGXD3pmCpSAP0G35VK.0', u'groups': u'vnc_group', u'gids': 3011})
changed: [192.168.1.10] => (item={u'account': u'sasaki', u'password': u'$6$random_salt$JbIzbomk9fi2jcnguYP4EGQ0edNbbKosEaF3Bm8ZGIfci/vI01Rh3VV2gL1RD7UsWdHGXD3pmCpSAP0G35VK.0', u'groups': u'vnc_group', u'gids': 3011})

PLAY RECAP ********************************************************************
192.168.1.10 : ok=3 changed=2 unreachable=0 failed=0

[ansible_test@cnt07 ansible]$

各アカウントが作成されたことを確認します。

[ansible_test@cnt07 ~]$ ls -l /home
合計 4
drwx------. 8 ansible_test ansible_test 187 7月 2 23:01 ansible_test
drwx------. 3 nakamura     vnc_group      78 7月 2 23:04 nakamura　←　4アカウントが作成されています。グループも「vnc_group」に所属しています。
drwx------. 3 sasaki       vnc_group      78 7月 2 23:05 sasaki
drwx------. 3 sato         vnc_group      78 7月 2 23:04 sato
drwx------. 3 yamada       vnc_group      78 7月 2 23:04 yamada
[ansible_test@cnt07 ~]$

[ansible_test@cnt07 ~]$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
........
yamada:x:1008:3011::/home/yamada:/bin/bash　←　IDもGIDも正しく設定されています。
nakamura:x:1009:3011::/home/nakamura:/bin/bash
sato:x:1010:3011::/home/sato:/bin/bash
sasaki:x:1011:3011::/home/sasaki:/bin/bash

[ansible_test@cnt07 ~]$ sudo cat /etc/shadow　←　ハッシュ化されたパスワードになっていることを確認します。
root:$6$k.TX9C8KrzkM9sjW$8voP8Nhg9p1ZFwhwXvwwHStULYw1oVE38tZYmiufvt/kU4vYroG6IMp.nVm3luZv.7PntatPsVvZrGX7Gil/7/::0:99999:7:::
........
ansible_test:$6$JMftjwTs$Wir4VkHLwBKjXA4ucqlyPIOMMnXSlKdRaWdVrBdEtQZghLXZZNHw9uPbc6sICav07RH2bzKkl72YjtdfazVKE.:17333:0:99999:7:::
........
yamada:$6$random_salt$JbIzbomk9fi2jcnguYP4EGQ0edNbbKosEaF3Bm8ZGIfci/vI01Rh3VV2gL1RD7UsWdHGXD3pmCpSAP0G35VK.0:17349:0:99999:7:::　←　パスワードも設定されています。
nakamura:$6$random_salt$JbIzbomk9fi2jcnguYP4EGQ0edNbbKosEaF3Bm8ZGIfci/vI01Rh3VV2gL1RD7UsWdHGXD3pmCpSAP0G35VK.0:17349:0:99999:7:::
sato:$6$random_salt$JbIzbomk9fi2jcnguYP4EGQ0edNbbKosEaF3Bm8ZGIfci/vI01Rh3VV2gL1RD7UsWdHGXD3pmCpSAP0G35VK.0:17349:0:99999:7:::
sasaki:$6$random_salt$JbIzbomk9fi2jcnguYP4EGQ0edNbbKosEaF3Bm8ZGIfci/vI01Rh3VV2gL1RD7UsWdHGXD3pmCpSAP0G35VK.0:17349:0:99999:7:::

[ansible_test@cnt07 ~]$ su - nakamura　←　ためしに nakamura アカウントにスイッチしてみます。
パスワード:
[nakamura@cnt07 ~]$　←　設定したパスワードでスイッチできました。

コンフィグファイルを修正する

次に複数アカウントで同時に VNC を利用できるようにコンフィグファイルを修正します。

初めにテンプレートファイルである「/lib/systemd/system/vncserver@.service」を利用して以下のように4アカウント分のコンフィグファイルを作成します。

/etc/systemd/system/vncserver@:1.service　←　nakamura アカウント用
/etc/systemd/system/vncserver@:2.service　←　sasaki アカウント用　
/etc/systemd/system/vncserver@:3.service　←　sato アカウント用　
/etc/systemd/system/vncserver@:4.service　←　yamada アカウント用

上記設定の結果、VNC Server にアクセスする際は、以下のポート番号になります。

VNC Server の IP アドレスが「192.168.1.10」の場合

nakamura アカウント　←　192.168.1.10:5901
sasaki アカウント　　　←　192.168.1.10:5901
sato アカウント　　　　←　192.168.1.10:5901
yamadaアカウント　　 ←　192.168.1.10:5901

[root@cnt07 ~]# cp -ip /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service

[root@cnt07 ~]# cp -ip /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:2.service

[root@cnt07 ~]# cp -ip /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:3.service

[root@cnt07 ~]# cp -ip /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:4.service

「nakamura」アカウント用ファイルの編集

[root@cnt07 ~]# vi /etc/systemd/system/vncserver@:1.service

# The vncserver service unit file
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/vncserver@.service
# 2. Edit /etc/systemd/system/vncserver@.service, replacing <USER>
#    with the actual user name. Leave the remaining lines of the file unmodified
#    (ExecStart=/usr/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"
#     PIDFile=/home/<USER>/.vnc/%H%i.pid)
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable vncserver@:<display>.service`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted! For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel. See the "-via" option in the
# `man vncviewer' manual page.

[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
#ExecStart=/usr/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"　←　オリジナルの行はコメントアウトをして残します。
#PIDFile=/home/<USER>/.vnc/%H%i.pid　　←　オリジナルの行はコメントアウトをして残します。　　　　　　　　

ExecStart=/usr/sbin/runuser -l nakamura -c "/usr/bin/vncserver %i"　←　オリジナルの行を参考に<USER>を「nakamura」に編集します。
PIDFile=/home/nakamura/.vnc/%H%i.pid　←　オリジナルの行を参考に<USER>を「nakamura」に編集します。

ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

「sasaki」アカウント用ファイルの編集

[root@cnt07 ~]# vi /etc/systemd/system/vncserver@:2.service
# The vncserver service unit file
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/vncserver@.service
# 2. Edit /etc/systemd/system/vncserver@.service, replacing <USER>
#    with the actual user name. Leave the remaining lines of the file unmodified
#    (ExecStart=/usr/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"
#     PIDFile=/home/<USER>/.vnc/%H%i.pid)
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable vncserver@:<display>.service`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted! For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel. See the "-via" option in the
# `man vncviewer' manual page.

[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment

#ExecStart=/usr/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"　←　オリジナルの行はコメントアウトをして残します。
#PIDFile=/home/<USER>/.vnc/%H%i.pid　　←　オリジナルの行はコメントアウトをして残します。　　　　　　　　

ExecStart=/usr/sbin/runuser -l sasaki -c "/usr/bin/vncserver %i"　←　オリジナルの行を参考に<USER>を「sasaki」に編集します。
PIDFile=/home/sasaki/.vnc/%H%i.pid　←　オリジナルの行を参考に<USER>を「sasaki」に編集します。

ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

「sato」アカウント用ファイルの編集

[root@cnt07 ~]# vi /etc/systemd/system/vncserver@:3.service
# The vncserver service unit file
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/vncserver@.service
# 2. Edit /etc/systemd/system/vncserver@.service, replacing <USER>
#    with the actual user name. Leave the remaining lines of the file unmodified
#    (ExecStart=/usr/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"
#     PIDFile=/home/<USER>/.vnc/%H%i.pid)
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable vncserver@:<display>.service`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted! For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel. See the "-via" option in the
# `man vncviewer' manual page.

[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment

ExecStart=/usr/sbin/runuser -l sato -c "/usr/bin/vncserver %i"　←　オリジナルの行を参考に<USER>を「sato」に編集します。
PIDFile=/home/sato/.vnc/%H%i.pid　←　オリジナルの行を参考に<USER>を「sato」に編集します。

ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

「yamada」アカウント用ファイルの編集

[root@cnt07 ~]# vi /etc/systemd/system/vncserver@:4.service
# The vncserver service unit file
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/vncserver@.service
# 2. Edit /etc/systemd/system/vncserver@.service, replacing <USER>
#    with the actual user name. Leave the remaining lines of the file unmodified
#    (ExecStart=/usr/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"
#     PIDFile=/home/<USER>/.vnc/%H%i.pid)
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable vncserver@:<display>.service`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted! For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel. See the "-via" option in the
# `man vncviewer' manual page.

[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment

ExecStart=/usr/sbin/runuser -l yamada -c "/usr/bin/vncserver %i"　←　オリジナルの行を参考に<USER>を「yamada」に編集します。
PIDFile=/home/yamada/.vnc/%H%i.pid　←　オリジナルの行を参考に<USER>を「yamada」に編集します。

ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

vncpasswdを設定する

次に「vncpasswd」コマンドで各アカウントの VNC パスワードを設定します。

※このパスワードは VNC Viewer でログインする際に必要になります。

[root@cnt07 system]# su - nakamura
最終ログイン: 2017/07/03 (月) 20:48:31 JST日時 pts/1
[nakamura@cnt07 ~]$ vncpasswd
Password:
Verify:
[nakamura@cnt07 ~]$ exit
ログアウト
[root@cnt07 system]# su - sasaki
[sasaki@cnt07 ~]$ vncpasswd
Password:
Verify:
[sasaki@cnt07 ~]$ exit
ログアウト
[root@cnt07 system]# su - sato
[sato@cnt07 ~]$ vncpasswd
Password:
Verify:
[sato@cnt07 ~]$ exit
ログアウト
[root@cnt07 system]# su - yamada
[yamada@cnt07 ~]$ vncpasswd
Password:
Verify:
[yamada@cnt07 ~]$

VNCサービスの起動停止

各アカウント用の vncserver サービスを起動します。

※検証のため「systemctl enable vncserver@:1.service」の設定は入れませんでした。（サーバーのリソースをそれなりに消費するので）

しかし、以下のようにエラーが出力されました。

[root@cnt07 ~]# systemctl start vncserver@:1.service
Job for vncserver@:1.service failed because a configured resource limit was exceeded. See "systemctl status vncserver@:1.service" and "journalctl -xe"                   for details.
[root@cnt07 ~]# systemctl status vncserver@:1.service
● vncserver@:1.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; vendor preset: disabled)
   Active: failed (Result: resources) since 月 2017-07-03 22:05:28 JST; 13s ago　←　サービス起動に失敗しています。
Process: 8690 ExecStart=/usr/sbin/runuser -l nakamura -c /usr/bin/vncserver %i (code=exited, status=0/SUCCESS)
Process: 8679 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)

7月 03 22:05:24 cnt07.localdomain systemd[1]: Starting Remote desktop service (VNC)...
7月 03 22:05:28 cnt07.localdomain systemd[1]: PID file /home/nakamura/.vnc/cnt07.localdomain:1.pid not readable (yet?) after start.
7月 03 22:05:28 cnt07.localdomain systemd[1]: Failed to start Remote desktop service (VNC).
7月 03 22:05:28 cnt07.localdomain systemd[1]: Unit vncserver@:1.service entered failed state.
7月 03 22:05:28 cnt07.localdomain systemd[1]: vncserver@:1.service failed.

↑

上記エラーログを見てもいまいち原因が分かりません。

[root@cnt07 ~]# journalctl -xe　←　「"journalctl -xe"」のコマンドで確認してくださいということなのでコマンドを実行しました。

7月 03 22:07:09 cnt07.localdomain systemd[1]: Starting Remote desktop service (VNC)...
-- Subject: Unit vncserver@:1.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit vncserver@:1.service has begun starting up.
7月 03 22:07:09 cnt07.localdomain systemd[1]: Started Session c6 of user nakamura.
-- Subject: Unit session-c6.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-c6.scope has finished starting up.
--
-- The start-up result is done.
7月 03 22:07:09 cnt07.localdomain systemd[1]: Starting Session c6 of user nakamura.
-- Subject: Unit session-c6.scope has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-c6.scope has begun starting up.
7月 03 22:07:09 cnt07.localdomain runuser[9729]: pam_unix(runuser-l:session): session opened for user nakamura by (uid=0)
7月 03 22:07:10 cnt07.localdomain runuser[9729]: Warning: cnt07.localdomain:1 is taken because of /tmp/.X11-unix/X1　←　すでに「/tmp/.X11-unix/X1」ファイルが存在していることが原因と言っています。
7月 03 22:07:10 cnt07.localdomain runuser[9729]: Remove this file if there is no X server cnt07.localdomain:1　←　このファイル「/tmp/.X11-unix/X1」を削除してくださいと言っています。
7月 03 22:07:10 cnt07.localdomain runuser[9729]: A VNC server is already running as :1　←　すでに VNC サーバーが起動していると言っています。
7月 03 22:07:10 cnt07.localdomain runuser[9729]: Warning: cnt07.localdomain:1 is taken because of /tmp/.X11-unix/X1
7月 03 22:07:10 cnt07.localdomain runuser[9729]: Remove this file if there is no X server cnt07.localdomain:1
7月 03 22:07:13 cnt07.localdomain runuser[9729]: New 'cnt07.localdomain:4 (nakamura)' desktop is cnt07.localdomain:4
7月 03 22:07:13 cnt07.localdomain runuser[9729]: Starting applications specified in /home/nakamura/.vnc/xstartup
7月 03 22:07:13 cnt07.localdomain runuser[9729]: Log file is /home/nakamura/.vnc/cnt07.localdomain:4.log
7月 03 22:07:13 cnt07.localdomain runuser[9729]: pam_unix(runuser-l:session): session closed for user nakamura
7月 03 22:07:13 cnt07.localdomain systemd[1]: PID file /home/nakamura/.vnc/cnt07.localdomain:1.pid not readable (yet?) after start.
7月 03 22:07:13 cnt07.localdomain systemd[1]: Failed to start Remote desktop service (VNC).
-- Subject: Unit vncserver@:1.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit vncserver@:1.service has failed.
--
-- The result is failed.
7月 03 22:07:13 cnt07.localdomain systemd[1]: Unit vncserver@:1.service entered failed state.
7月 03 22:07:13 cnt07.localdomain systemd[1]: vncserver@:1.service failed.

/tmp ディレクトリ配下を調査します。

[root@cnt07 ~]# cd /tmp/
[root@cnt07 tmp]# ls -la
合計 28
drwxrwxrwt. 35 root     root       4096 7月 3 22:17 .
dr-xr-xr-x. 17 root     root        233 6月 7 00:44 ..
drwxrwxrwt. 2 root     root        151 7月 3 22:07 .ICE-unix
drwxrwxrwt. 2 root     root          6 6月 6 23:45 .Test-unix
drwxrwxrwt. 2 root     root         56 7月 3 22:07 .X11-unix　←　この「.X11-unix」ディレクトリを削除します。
drwxrwxrwt. 2 root     root          6 7月 1 08:32 .XIM-unix
[root@cnt07 tmp]# rm -rf .X11-unix

[root@cnt07 tmp]# ls -la /tmp
合計 32
drwxrwxrwt. 36 root     root       4096 7月 3 22:21 .
dr-xr-xr-x. 17 root     root        233 6月 7 00:44 ..
drwxrwxrwt. 2 root     root        164 7月 3 22:19 .ICE-unix
drwxrwxrwt. 2 root     root          6 6月 6 23:45 .Test-unix
drwxrwxrwt. 2 root     root          6 7月 1 08:32 .XIM-unix

すでに VNC Server が起動していると言っているので、プロセスを確認します。

[root@cnt07 tmp]# ps -ef | grep vnc
test 1834 1 0 20:38 ? 00:00:02 /usr/bin/Xvnc :1 -desktop cnt07.localdomain:1 (test) -auth /home/test/.Xauthority -geometry 1024x768 -rfbwait 30000 -rfbauth /home/test/.vnc/passwd -rfbport 5901 -fp catalogue:/etc/X11/fontpath.d -pn　←　以前起動したtestが存在していました。

[root@cnt07 tmp]# kill 1834　←　プロセスを kill します。

再度実行します。

[root@cnt07 ~]# systemctl start vncserver@:1.service
[root@cnt07 ~]# systemctl status vncserver@:1.service
● vncserver@:1.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; vendor preset: disabled)　←　正常に起動しました。
   Active: active (running) since 月 2017-07-03 22:19:15 JST; 5s ago
Process: 10868 ExecStart=/usr/sbin/runuser -l nakamura -c /usr/bin/vncserver %i (code=exited, status=0/SUCCESS)
Process: 10859 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
Main PID: 10914 (Xvnc)
   CGroup: /system.slice/system-vncserver.slice/vncserver@:1.service
           ? 10914 /usr/bin/Xvnc :1 -desktop cnt07.localdomain:1 (nakamura) -auth /home/nakamura/.Xauthority -geometry 1024x768 -rfbwait 30000 -rfbauth /home/nakamura...

7月 03 22:19:11 cnt07.localdomain systemd[1]: Starting Remote desktop service (VNC)...
7月 03 22:19:15 cnt07.localdomain systemd[1]: Started Remote desktop service (VNC).

[root@cnt07 tmp]# systemctl start vncserver@:2.service
[root@cnt07 tmp]# systemctl status vncserver@:2.service
● vncserver@:2.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:2.service; disabled; vendor preset: disabled)
   Active: active (running) since 月 2017-07-03 22:43:22 JST; 6s ago
Process: 14039 ExecStart=/usr/sbin/runuser -l sasaki -c /usr/bin/vncserver %i (code=exited, status=0/SUCCESS)
Process: 14029 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
Main PID: 14131 (Xvnc)
   CGroup: /system.slice/system-vncserver.slice/vncserver@:2.service
           ? 14131 /usr/bin/Xvnc :2 -desktop cnt07.localdomain:2 (sasaki) -auth /home/sasaki/.Xauthority -geometry 1024x768 -rfbwait 30000 -rfbauth /home...

7月 03 22:43:16 cnt07.localdomain systemd[1]: Starting Remote desktop service (VNC)...
7月 03 22:43:22 cnt07.localdomain systemd[1]: Started Remote desktop service (VNC).

[root@cnt07 tmp]# systemctl start vncserver@:3.service
[root@cnt07 tmp]# systemctl status vncserver@:3.service
● vncserver@:3.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:3.service; disabled; vendor preset: disabled)
   Active: active (running) since 月 2017-07-03 22:43:47 JST; 7s ago
Process: 14959 ExecStart=/usr/sbin/runuser -l sato -c /usr/bin/vncserver %i (code=exited, status=0/SUCCESS)
Process: 14947 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
Main PID: 15022 (Xvnc)
   CGroup: /system.slice/system-vncserver.slice/vncserver@:3.service
           ? 15022 /usr/bin/Xvnc :3 -desktop cnt07.localdomain:3 (sato) -auth /home/sato/.Xauthority -geometry 1024x768 -rfbwait 30000 -rfbauth /home/sat...

7月 03 22:43:42 cnt07.localdomain systemd[1]: Starting Remote desktop service (VNC)...
7月 03 22:43:47 cnt07.localdomain systemd[1]: Started Remote desktop service (VNC).

[root@cnt07 tmp]# systemctl start vncserver@:4.service
[root@cnt07 tmp]# systemctl status vncserver@:4.service
● vncserver@:4.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:4.service; disabled; vendor preset: disabled)
   Active: active (running) since 月 2017-07-03 22:44:16 JST; 7s ago
Process: 16014 ExecStart=/usr/sbin/runuser -l yamada -c /usr/bin/vncserver %i (code=exited, status=0/SUCCESS)
Process: 16007 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
Main PID: 16075 (Xvnc)
   CGroup: /system.slice/system-vncserver.slice/vncserver@:4.service
           ? 16075 /usr/bin/Xvnc :4 -desktop cnt07.localdomain:4 (yamada) -auth /home/yamada/.Xauthority -geometry 1024x768 -rfbwait 30000 -rfbauth /home...

7月 03 22:44:11 cnt07.localdomain systemd[1]: Starting Remote desktop service (VNC)...
7月 03 22:44:16 cnt07.localdomain systemd[1]: Started Remote desktop service (VNC).

マルチユーザーの VNC Server のプロセスはこんな感じになっています。

[root@cnt07 tmp]# ps -ef | grep vnc
nakamura 13608     1 1 22:42 ?        00:00:01 /usr/bin/Xvnc :1 -desktop cnt07.localdomain:1 (nakamura) -auth /home/nakamura/.Xauthority -geometry 1024x768 -rfbwait 30000 -rfbauth /home/nakamura/.vnc/passwd -rfbport 5901 -fp catalogue:/etc/X11/fontpath.d -pn
nakamura 13615     1 0 22:42 ?        00:00:00 /usr/bin/vncconfig -iconic
sasaki   14131     1 1 22:43 ?        00:00:01 /usr/bin/Xvnc :2 -desktop cnt07.localdomain:2 (sasaki) -auth /home/sasaki/.Xauthority -geometry 1024x768 -rfbwait 30000 -rfbauth /home/sasaki/.vnc/passwd -rfbport 5902 -fp catalogue:/etc/X11/fontpath.d -pn
sasaki   14268     1 0 22:43 ?        00:00:00 /usr/bin/vncconfig -iconic
sato     15022     1 1 22:43 ?        00:00:00 /usr/bin/Xvnc :3 -desktop cnt07.localdomain:3 (sato) -auth /home/sato/.Xauthority -geometry 1024x768 -rfbwait 30000 -rfbauth /home/sato/.vnc/passwd -rfbport 5903 -fp catalogue:/etc/X11/fontpath.d -pn
sato     15129     1 0 22:43 ?        00:00:00 /usr/bin/vncconfig -iconic
yamada   16075     1 1 22:44 ?        00:00:00 /usr/bin/Xvnc :4 -desktop cnt07.localdomain:4 (yamada) -auth /home/yamada/.Xauthority -geometry 1024x768 -rfbwait 30000 -rfbauth /home/yamada/.vnc/passwd -rfbport 5904 -fp catalogue:/etc/X11/fontpath.d -pn
yamada   16188     1 0 22:44 ?        00:00:00 /usr/bin/vncconfig -iconic
root     16726 2616 0 22:44 pts/0    00:00:00 grep --color=auto vnc