GNOME Display Manager Configuration File
The GNOME display manager configuration file is /etc/gdm/gdm.conf. While changes should be made to the /etc/gdm/gdm.conf-custom file, the main file is well commented and is discussed here. As there are over 700 lines in this file, I only describe a few active directives that are most frequently customized—and a couple of others of interest. You'll see many more directives in the /etc/gdm/gdm.conf file on the local system.
This configuration file is divided into several stanzas, as described in Table 12-2.
en the
TABLE 12-2
|
Stanza |
Description |
|
[daemon] |
Includes fundamental directives that drive how the display manager starts, operates, and responds to errors |
|
[security] |
Configures basic security settings, Pluggable Authentication Modules (PAM), more |
|
[xdmcp] |
Sets up remote access to the display manager |
|
[gui] |
Configures resource files based on The GIMP Toolkit (GTK+) |
|
[greeter] |
Sets up the title bar, window position, and the face browser, as well as responses to actions in the display manager |
|
[chooser] |
Specifies settings associated with an XDMCP connection |
|
[debug] |
Sets up information sent to the system log file |
|
[servers] |
Configures how displays are run; closely related are the [serverStandard], [server-Terminal], and [server-Chooser] stanzas |
|
[customcommand] |
Reserved for custom display manager commands |
Most of the directives that I describe are in the [daemon] stanza; in other words, they determine and configure how the GNOME display manager works. The first directives can enable automatic logins for the user as specified. The default settings disable automatic logins:
AutomaticLoginEnable=false
AutomaticLogin=
I could enable automatic logins, bypassing the login screen for my account, if I changed those directives as follows:
AutomaticLoginEnable=true
AutomaticLogin=michael
The following directives could be changed for users such as guest on a public terminal:
TimedLoginEnable=false
TimedLogin=
TimedLoginDelay=3 0
The next directive specifies the use of a graphical greeting:
Greeter=/usr/lib/gdm/gdmgreeter
There are directives that set the PATH environment variable for regular and default users. These directives do not supersede any default values of PATH for any specific user. Note, the value of the RootPath variable has been truncated, as it includes more directories than can be shown given the formatting limitations of this book.
DefaultPath=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games RootPath=/usr/local/bin:/usr/local/sbin:/sbin:/usr/sbin:/bin:/usr/bin
For access to related applications, the following directives provide access to scripts and files owned by the gdm user and group:
User=gdm
Group=gdm
The following directives run other scripts in the /etc/gdm directory. These directives all name directories, and run the contents of the file named Default in each of these directories.
PostLoginScriptDir=/etc/gdm/PostLogin/
PreSessionScriptDir=/etc/gdm/PreSession/
PostSessionScriptDir=/etc/gdm/PostSession/
DisplayInitDir=/etc/gdm/Init
If there are problems, the gdm daemon refers to the BulletProofX files with the following directive:
FailsafeXServer=/etc/gdm/failsafeXServer
If even the BulletProofX files don't work, the following directive provides messages to the user:
XKeepsCrashing=/etc/gdm/XKeepsCrashing
Assuming the hardware supports it, the following commands should be available from the Options button shown in the lower-left corner. However, the hibernate command listed in the following example may only be available in the logout menu shown when you click System | Quit in the GNOME desktop.
RebootCommand=/sbin/shutdown -r now "Rebooted via gdm."
HaltCommand=/sbin/shutdown -h now "Shut Down via gdm."
SuspendCommand=/usr/sbin/pmi action suspend
HibernateCommand=/usr/sbin/pmi action hibernate
The next directive associates these directives with actual commands in the display manager:
SystemCommandsInMenu=HALT;REBOOT;SUSPEND;CUSTOM_CMD
A similar directive works with the display manager during the logout process:
AllowLogoutActions=HALT;REBOOT;SUSPEND;CUSTOM_CMD
There are a few other directives of interest, for example, in the [security] and [servers] stanzas. The following directive specifies the Xsession script:
BaseXsession=/etc/gdm/Xsession
And the following directive specifies the default.desktop configuration file, which runs user-specific X client scripts:
DefaultSession=default.desktop
The following directive means you can access the first GNOME display manager terminal by pressing ctrl-alt-f7:
FirstVT=7
It's important in my opinion to disable remote root access, and especially automated logins, and that's done with the following directives in the [security] stanza:
AllowRemoteRoot=false
AllowRemoteAutoLogin=false
The following directive supports PAM authentication for the GNOME display manager:
PamStack=gdm
Further security-related directives are associated with the [xdmcp] stanza. Naturally, it's disabled by default, and should be enabled only behind a secure firewall:
Enable=false
The number of logins should be limited to minimize the risk of remote attacks through the GNOME display manager. The following limits the number of GNOME display manager displays per system. Even though the following directive is in comments, it is the default. Larger values have a higher risk of a Denial of Service (DoS) attack.
#DisplaysPerHost=2
One more directive that limits the size of a file read by the GNOME display manager is the UserMaxFile. Larger files may take a long time for a GNOME display manager to read, also increasing the risk of a DoS attack. The following directive is the default, in bytes.
#UserMaxFile=6 5 53 6
Finally, the following directive sets up a standard graphical console based in part on the FirstVT directive earlier in this file. In other words, it sets up the first GNOME display manager in a console accessible by pressing ctrl-alt-F7.
0=Standard device=/dev/console
More consoles can be set up; an example of how this can be done is described in the second lab at the end of this chapter.
Was this article helpful?