# # Dual-user GDM configuration file. Modified from /etc/X11/gdm/gdm.conf # from Fedora Core 2 by Jan "Yenya" Kasprzak # See http://cambuca.ldhs.cetuc.puc-rio.br/multiuser/ for details. # # Interesting parts are in the [Servers] section. # # GDM Configuration file. You can use gdmsetup program to graphically # edit this, or you can optionally just edit this file by hand. Note that # gdmsetup does not tweak every option here, just the ones most users # would care about. Rest is for special setups and distro specific # tweaks. If you edit this file, you should send the HUP or USR1 signal to # the daemon so that it restarts: (Assuming you have not changed PidFile) # kill -USR1 `cat /var/run/gdm.pid` # (HUP will make gdm restart immediately while USR1 will make gdm not kill # existing sessions and will only restart gdm after all users log out) # # You can also use the gdm-restart and gdm-safe-restart scripts which just # do the above for you. # # For full reference documentation see the gnome help browser under # GNOME|System category. You can also find the docs in HTML form # on http://www.jirka.org/gdm.html # # NOTE: Some of these are commented out but still show their default values. # If you wish to change them you must remove the '#' from the beginning of # the line. The commented out lines are lines where the default might # change in the future, so set them one way or another if you feel # strongly about it. # # Have fun! - George [daemon] # Automatic login, if true the first local screen will automatically logged # in as user as set with AutomaticLogin key. AutomaticLoginEnable=false AutomaticLogin= # Timed login, useful for kiosks. Log in a certain user after a certain # amount of time TimedLoginEnable=false TimedLogin= TimedLoginDelay=30 # The gdm configuration program that is run from the login screen, you should # probably leave this alone #Configurator=/usr/sbin/gdmsetup --disable-sound --disable-crash-dialog # The chooser program. Must output the chosen host on stdout, probably you # should leave this alone #Chooser=/usr/bin/gdmchooser # Greeter for local (non-xdmcp) logins. Change gdmgreeter to gdmlogin to # get the standard greeter. Greeter=/usr/bin/gdmgreeter # The greeter for xdmcp logins, usually you want a less graphically intensive # greeter here so it's better to leave this with gdmlogin #RemoteGreeter=/usr/bin/gdmlogin # Launch the greeter with an additional list of colon seperated gtk # modules. This is useful for enabling additional feature support # e.g. gnome accessibility framework. Only "trusted" modules should # be allowed to minimise security holes #AddGtkModules=false # By default these are the accessibility modules #GtkModulesList=gail:atk-bridge:/usr/lib/gtk-2.0/modules/libdwellmouselistener:/usr/lib/gtk-2.0/modules/libkeymouselistener # Default path to set. The profile scripts will likely override this DefaultPath=/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin # Default path for root. The profile scripts will likely override this RootPath=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin # If you are having trouble with using a single server for a long time and # want gdm to kill/restart the server, turn this on #AlwaysRestartServer=false # User and group that gdm should run as. Probably should be gdm and gdm and # you should create these user and group. Anyone found running this as # someone too privilaged will get a kick in the ass. This should have # access to only the gdm directories and files. User=gdm Group=gdm # To try to kill all clients started at greeter time or in the Init script. # doesn't always work, only if those clients have a window of their own #KillInitClients=true LogDir=/var/log/gdm # You should probably never change this value unless you have a weird setup PidFile=/var/run/gdm.pid # Note that a post login script is run before a PreSession script. # It is run after the login is successful and before any setup is # run on behalf of the user PostLoginScriptDir=/etc/X11/gdm/PostLogin/ PreSessionScriptDir=/etc/X11/gdm/PreSession/ PostSessionScriptDir=/etc/X11/gdm/PostSession/ DisplayInitDir=/etc/X11/gdm/Init # Distributions: If you have some script that runs an X server in say # VGA mode, allowing a login, could you please send it to me? #FailsafeXServer= # if X keeps crashing on us we run this script. The default one does a bunch # of cool stuff to figure out what to tell the user and such and can # run an X configuration program. XKeepsCrashing=/etc/X11/gdm/XKeepsCrashing # Reboot, Halt and suspend commands, you can add different commands # separated by a semicolon and gdm will use the first one it can find #RebootCommand=/sbin/reboot;/sbin/shutdown -r now;/usr/sbin/shutdown -r now;/usr/bin/reboot #HaltCommand=/sbin/poweroff;/sbin/shutdown -h now;/usr/sbin/shutdown -h now;/usr/bin/poweroff #SuspendCommand= # Probably should not touch the below this is the standard setup ServAuthDir=/var/gdm # This is our standard startup script. A bit different from a normal # X session, but it shares a lot of stuff with that. See the provided # default for more information. BaseXsession=/etc/X11/xdm/Xsession # This is a directory where .desktop files describing the sessions live # It is really a PATH style variable since 2.4.4.2 to allow actual # interoperability with KDM. Note that /dm/Sessions is there # for backwards compatibility reasons with 2.4.4.x #SessionDesktopDir=/etc/X11/sessions/:/etc/X11/dm/Sessions/:/usr/share/gdm/BuiltInSessions/:/usr/share/xsessions/ # This is the default .desktop session. One of the ones in SessionDesktopDir DefaultSession=default.desktop # Better leave this blank and HOME will be used. You can use syntax ~/ below # to indicate home directory of the user. You can also set this to something # like /tmp if you don't want the authorizations to be in home directories. # This is useful if you have NFS mounted home directories. Note that if this # is the home directory the UserAuthFBDir will still be used in case the home # directory is NFS, see security/NeverPlaceCookiesOnNFS to override this behaviour. UserAuthDir= # Fallback if home directory not writable UserAuthFBDir=/tmp UserAuthFile=.Xauthority # The X server to use if we can't figure out what else to run. StandardXServer=/usr/X11R6/bin/X # The maximum number of flexible X servers to run. #FlexibleXServers=5 # And after how many minutes should we reap the flexible server if there is # no activity and no one logged on. Set to 0 to turn off the reaping. # Does not affect Xnest flexiservers. #FlexiReapDelayMinutes=5 # the X nest command Xnest=/usr/X11R6/bin/Xnest -audit 0 -name Xnest # Automatic VT allocation. Right now only works on Linux. This way # we force X to use specific vts. turn VTAllocation to false if this # is causing problems. #FirstVT=7 #VTAllocation=true # Should double login be treated with a warning (and possibility to change # vts on linux systems for console logins) #DoubleLoginWarning=true # If true then the last login information is printed to the user before # being prompted for password. While this gives away some info on what # users are on a system, it on the other hand should give the user an # idea of when they logged in and if it doesn't seem kosher to them, # they can just abort the login and contact the sysadmin (avoids running # malicious startup scripts) #DisplayLastLogin=false # Program used to play sounds. Should not require any 'daemon' or anything # like that as it will be run when no one is logged in yet. #SoundProgram=/usr/bin/play [security] # If any distributions ship with this one off, they should be shot # this is only local, so it's only for say kiosk use, when you # want to minimize possibility of breakin AllowRoot=true # If you want to be paranoid, turn this one off AllowRemoteRoot=true # This will allow remote timed login AllowRemoteAutoLogin=false # 0 is the most anal, 1 allows group write permissions, 2 allows all write # permissions RelaxPermissions=0 # Number of seconds to wait after a bad login #RetryDelay=1 # Maximum size of a file we wish to read. This makes it hard for a user to DoS # us by using a large file. #UserMaxFile=65536 # If true this will basically append -nolisten tcp to every X command line, # a good default to have (why is this a "negative" setting? because if # it is false, you could still not allow it by setting command line of # any particular server). It's probably better to ship with this on # since most users will not need this and it's more of a security risk # then anything else. # Note: Anytime we find a -query or -indirect on the command line we do # not add a "-nolisten tcp", as then the query just wouldn't work, so # this setting only affects truly local sessions. #DisallowTCP=true # By default never place cookies if we "detect" NFS. We detect NFS # by detecting "root-squashing". It seems bad practice to place # cookies on things that go over the network by default and thus we # don't do it by default. Sometimes you can however use safe remote # filesystems where this is OK and you may want to have the cookie in your # home directory. #NeverPlaceCookiesOnNFS=true # XDMCP is the protocol that allows remote login. If you want to log into # gdm remotely (I'd never turn this on on open network, use ssh for such # remote usage that). You can then run X with -query to log in, # or -indirect to run a chooser. Look for the 'Terminal' server # type at the bottom of this config file. [xdmcp] # Distributions: Ship with this off. It is never a safe thing to leave # out on the net. Setting up /etc/hosts.allow and /etc/hosts.deny to only # allow local access is another alternative but not the safest. # Firewalling port 177 is the safest if you wish to have xdmcp on. # Read the manual for more notes on the security of XDMCP. Enable=false # Honour indirect queries, we run a chooser for these, and then redirect # the user to the chosen host. Otherwise we just log the user in locally. #HonorIndirect=true # Maximum pending requests #MaxPending=4 #MaxPendingIndirect=4 # Maximum open XDMCP sessions at any point in time #MaxSessions=16 # Maximum wait times #MaxWait=15 #MaxWaitIndirect=15 # How many times can a person log in from a single host. Usually better to # keep low to fend off DoS attacks by running many logins from a single # host. This is now set at 2 since if the server crashes then gdm doesn't # know for some time and wouldn't allow another session. #DisplaysPerHost=2 # The number of seconds after which a non-responsive session is logged off. # Better keep this low. #PingIntervalSeconds=15 # The port. 177 is the standard port so better keep it that way #Port=177 # Willing script, none is shipped and by default we'll send # hostname system id. But if you supply something here, the # output of this script will be sent as status of this host so that # the chooser can display it. You could for example send load, # or mail details for some user, or some such. #Willing=/etc/X11/gdm/Xwilling [gui] # The specific gtkrc file we use. It should be the full path to the gtkrc # that we need. Unless you need a specific gtkrc that doesn't correspond to # a specific theme, then just use the GtkTheme key #GtkRC=/usr/share/themes/Default/gtk/gtkrc # The GTK+ theme to use for the gui #GtkTheme=Bluecurve # If to allow changing the GTK+ (widget) theme from the greeter. Currently # this only affects the standard greeter as the graphical greeter does # not yet have this ability #AllowGtkThemeChange=true # Comma separated list of themes to allow. These must be the names of the # themes installed in the standard locations for gtk themes. You can # also specify 'all' to allow all installed themes. These should be just # the basenames of the themes such as 'Thinice' or 'LowContrast'. #GtkThemesToAllow=all # Maximum size of an icon, larger icons are scaled down #MaxIconWidth=128 #MaxIconHeight=128 [greeter] # Greeter has a nice title bar that the user can move TitleBar=false # Configuration is available from the system menu of the greeter ConfigAvailable=false # Face browser is enabled. This only works currently for the # standard greeter as it is not yet enabled in the graphical greeter. Browser=false # The default picture in the browser #DefaultFace=/usr/share/pixmaps/nobody.png # These are things excluded from the face browser, not from logging in #Exclude=bin,daemon,adm,lp,sync,shutdown,halt,mail,news,uucp,operator,nobody,gdm,postgres,pvm,rpm,nfsnobody,pcap # As an alternative to the above this is the minimum uid to show MinimalUID=500 # If user or user.png exists in this dir it will be used as his picture #GlobalFaceDir=/usr/share/faces/ # File which contains the locale we show to the user. Likely you want to use # the one shipped with gdm and edit it. It is not a standard locale.alias file, # although gdm will be able to read a standard locale.alias file as well. #LocaleFile=/etc/X11/gdm/locale.alias # Logo shown in the standard greeter #Logo=/usr/share/pixmaps/gdm-foot-logo.png Logo= ## nice RH logo for the above line: /usr/share/pixmaps/redhat/shadowman-200.png # The standard greeter should shake if a user entered the wrong username or # password. Kind of cool looking #Quiver=true # The Actions menu (formerly system menu) is shown in the greeter, this is the # menu that contains reboot, shutdown, suspend, config and chooser. None of # these is available if this is off. They can be turned off individually # however #SystemMenu=true # Should the chooser button be shown. If this is shown, GDM can drop into # chooser mode which will run the xdmcp chooser locally and allow the user # to connect to some remote host. Local XDMCP does not need to be enabled # however #ChooserButton=true # Note to distributors, if you wish to have a different Welcome string # and wish to have this translated you can have entries such as # Welcome[cs]=Vitejte na %n # Just make sure the string is in utf-8 # Welcome is for all console logins and RemoteWelcome is for remote logins # (through XDMCP). # The default entries that are shipped are translated inside genius and # are as follows: #Welcome=Welcome #RemoteWelcome=Welcome to %n # Don't allow user to move the standard greeter window. Only makes sense # if TitleBar is on #LockPosition=false # Set a position rather then just centering the window. If you enter # negative values for the position it is taken as an offset from the # right or bottom edge. #SetPosition=false #PositionX=0 #PositionY=0 # Xinerama screen we use to display the greeter on. Not for true # multihead, currently only works for Xinerama. #XineramaScreen=0 # Background settings for the standard greeter: # Type can be 0=None, 1=Image, 2=Color #BackgroundType=2 #BackgroundImage= #BackgroundScaleToFit=true BackgroundColor=#20305a # XDMCP session should only get a color, this is the sanest setting since # you don't want to take up too much bandwidth #BackgroundRemoteOnlyColor=true # Program to run to draw the background in the standard greeter. Perhaps # something like an xscreensaver hack or some such. #BackgroundProgram= # if this is true then the background program is run always, otherwise # it is only run when the BackgroundType is 0 (None) #RunBackgroundProgramAlways=false # Show the Failsafe sessions. These are much MUCH nicer (focus for xterm for # example) and more failsafe then those supplied by scripts so distros should # use this rather then just running an xterm from a script. ShowGnomeFailsafeSession=false #ShowXtermFailsafeSession=true # Normally there is a session type called 'Last' that is shown which refers to # the last session the user used. If off, we will be in 'switchdesk' mode where # the session saving stuff is disabled in GDM ShowLastSession=false # Always use 24 hour clock no matter what the locale. #Use24Clock=false # Use circles in the password field. Looks kind of cool actually, # but only works with certain fonts. #UseCirclesInEntry=false # These two keys are for the new greeter. Circles is the standard # shipped theme GraphicalTheme=Bluecurve GraphicalThemeDir=/usr/share/gdm/themes/ # If InfoMsgFile points to a file, the greeter will display the contents of the # file in a modal dialog box before the user is allowed to log in. #InfoMsgFile= # If InfoMsgFile is present then InfoMsgFont can be used to specify the font # to be used when displaying the contents of the file. #InfoMsgFont=Sans 24 # If SoundOnLogin is true, then the greeter will beep when login is ready # for user input. If SoundOnLogin is a file and the greeter finds the # 'play' executable (see daemon/SoundProgram) it will play that file # instead of just beeping #SoundOnLogin=true #SoundOnLoginFile= # The chooser is what's displayed when a user wants an indirect XDMCP # session, or selects Run XDMCP chooser from the system menu [chooser] # Default image for hosts #DefaultHostImg=/usr/share/pixmaps/nohost.png # Directory with host images, they are named by the hosts: host or host.png HostImageDir=/usr/share/hosts/ # Time we scan for hosts (well only the time we tell the user we are # scanning actually, we continue to listen even after this has # expired) #ScanTime=4 # A comma separated lists of hosts to automatically add (if they answer to # a query of course). You can use this to reach hosts that broadcast cannot # reach. Hosts= # Broadcast a query to get all hosts on the current network that answer Broadcast=true # Set it to true if you want to send a multicast query to hosts. Multicast=false # It is an IPv6 multicast address.It is hardcoded here and will be replaced when # officially registered xdmcp multicast address of TBD will be available #Multicast_Addr=ff02::1 # Allow adding random hosts to the list by typing in their names #AllowAdd=true [debug] # This will enable debugging into the syslog, usually not neccessary # and it creates a LOT of spew of random stuff to the syslog. However it # can be useful in determining when something is going very wrong. Enable=false [servers] # These are the standard servers. You can add as many you want here # and they will always be started. Each line must start with a unique # number and that will be the display number of that server. Usually just # the 0 server is used. 0=Standard #1=Standard # Note the VTAllocation and FirstVT keys on linux. Don't add any vt # arguments if VTAllocation is on, and set FirstVT to be the first vt # available that your gettys don't grab (gettys are usually dumb and grab # even a vt that has already been taken). Using 7 will work pretty much for # all linux distributions. VTAllocation is not currently implemented on # anything but linux since I don't own any non-linux systems. Feel free to # send patches. X servers will just not get any extra arguments then. # # If you want to run an X terminal you could add an X server such as this #0=Terminal -query serverhostname # or for a chooser (optionally serverhostname could be localhost) #0=Terminal -indirect serverhostname # # If you wish to run the XDMCP chooser on the local display use the following # line #0=Chooser ## Note: # is your X server not listening to TCP requests? Perhaps you should look # at the security/DisallowTCP setting! 1=2nd # Definition of the standard X server. [server-Standard] name=Standard server command=/usr/X11R6/bin/X -audit 0 vt7 -layout ATI+LGLCD -nopciaccessdisable flexible=true [server-2nd] name=Second server command=/usr/X11R6/bin/X -audit 0 vt7 -layout Riva+LGCRT -nopciaccessdisable -novtswitches flexible=true # To use this server type you should add -query host or -indirect host # to the command line [server-Terminal] name=Terminal server # Add -terminate to make things behave more nicely command=/usr/X11R6/bin/X -audit 0 -terminate # Make this not appear in the flexible servers (we need extra params # anyway, and terminate would be bad for xdmcp choosing). You can # make a terminal server flexible, but not with an indirect query. # If you need flexible indirect query server, then you must get rid # of the -terminate and the only way to kill the flexible server will # then be by Ctrl-Alt-Backspace flexible=false # Not local, we do not handle the logins for this X server handled=false # To use this server type you should add -query host or -indirect host # to the command line [server-Chooser] name=Chooser server command=/usr/X11R6/bin/X -audit 0 # Make this not appear in the flexible servers for now, but if you # wish to allow a chooser server then make this true. This is the # only way to make a flexible chooser server that behaves nicely. flexible=false # Run the chooser instead of the greeter. When the user chooses a # machine they will get this same server but run with # "-terminate -query hostname" chooser=true