I'm aware that it is possible to restrict VNC server to localhost and thereby requrie SSH tunneling for remote connections. However, once you install TigerVNC server, any user can execute "vncserver", thus potentially allowing anyone to share a screen, only protected by a VNC password (VNCauth).
Access can be restricted by a Firewall and permissions of the vncserver app could be modified, but what is the rationale behind the default configuration? Why, when installing TigerVNC, "user mode", or the execution of "vncserver" is not restricted to root?
Thanks.