Maintenance Commands gdm(1m)
NAME
gdm, gdm-binary - GDM (GNOME Display Manager)
SYNOPSIS
gdm | gdm-binary [--fatal-warnings] [--help] [--timed-exit]
[--version]
DESCRIPTION
GDM is the GNOME Display Manager, a program used for login
session management. GDM supports managing the console
display, other attached displays, XDMCP displays, and flexi-
ble (or on-demand) displays. Flexible displays make use of
the Virtual Terminals (VT) interfaces to allow user switch-
ing, so that multiple users can run simultaneous sessions
sharing the same console. GDM uses ConsoleKit to manage
what sessions are active on the system. GDM supports a
number of configuration interfaces which are described in
later sections of this manpage.
The gdm-binary program is the actual program which manages
the displays on the system, while gdm is a wrapper script
that launches the gdm-binary program and passes along any
options. Before launching gdm-binary, the gdm wrapper
script sources the system profile(4) file to set standard
system environment variables, and sets the LANG and
LC_MESSAGES environment variables to support internationali-
zation.
For each display that GDM is configured to manage, the gdm-
binary program will launch a slave daemon which does the
work to actually manage the display. The slave daemon will
start the login greeter GUI program, the program that the
user interacts with. Refer the the "Login Greeter GUI" sec-
tion below for more information about how the user interface
works.
If Virtual Terminals are supported on your system, you can
start a flexible display via the "User Switcher" panel
applet. You may need to add this applet to your panel to
make use of it. You can also use the gdmflexiserver(1) com-
mand to start flexible displays from the command line.
If you wish to stop the GDM service, you can either send a
TERM signal to the main GDM daemon, or run the gdm-stop(1m)
command. On Solaris, the GDM service is managed by the
smf(5) service management facility under the service iden-
tifier svc:/application/graphical-login/gdm. On Solaris, it
is recommended that you use the svcadm(1m) utility to enable
and disable the "gdm" service instead of using the gdm-
stop(1m) command.
SunOS 5.11 Last change: 28 Dec 2009 1
Maintenance Commands gdm(1m)
GDM supports libaudit and Solaris auditing. Refer to the
"System Administration Guide: Security Services" and the
audit(1m) manpage for more information. On Solaris, GDM
also uses logindevperm(4) to ensure that device permissions
are set properly for the user on login.
OPTIONS
The following options are supported by gdm and gdm-binary:
--fatal-warnings Make all warnings fatal. Useful for
debugging.
--help Display detailed usage message.
--timed-exit Exit after 30 seconds. Useful for
debugging.
--version Display the GDM version.
ENVIRONMENT VARIABLES
See environ(5) for descriptions of environment variables.
When the following description refers to "scripts", these
are referring to the GDM Init, PostLogin, PreSession, and
PostSession scripts.
DESKTOP_SESSION
For any user session started by GDM, this environment
variable is set to the session name the user has chosen
in the login GUI, such as "gnome" to indicate that the
/usr/share/xsession/gnome.desktop session file was used
to launch the session.
DISPLAY
When running scripts and for any user session started by
GDM, this environment variable is set to the Xserver
display value associated with the session.
SunOS 5.11 Last change: 28 Dec 2009 2
Maintenance Commands gdm(1m)
DESKTOP_SESSION
For any user session started by GDM, this environment
variable is set to the keyboard layout that the user has
chosen in the login GUI.
HOME
When running scripts and for any user session started by
GDM, this environment variable is set to the home direc-
tory associated with the user.
LANG
For any user session started by GDM, this environment
variable is set to the langauge choice selected when the
user logged in.
REMOTE_HOST
When running scripts, this environment variable is set
to the hostname if the session is non-local (e.g.
XDMCP).
RUNNING_UNDER_GDM
When running scripts, this environment variable is set
to "true", so that they can identify when they are exe-
cuted by the GDM process.
SHELL
When running scripts and for any user session started by
GDM, this environment variable is set to the shell asso-
ciated with the session.
USER
When running scripts and for any user session started by
GDM, this environment variable is set to the username
SunOS 5.11 Last change: 28 Dec 2009 3
Maintenance Commands gdm(1m)
associated with the session.
USERNAME
When running scripts and for any user session started by
GDM, this environment variable is set to the username
associated with the session.
XAUTHORITY
When running scripts and for any user session started by
GDM, this environment variable is set to the Xserver
Xauthority file being used by the session.
XDG_SESSION_COOKIE
This environment variable is provided by ConsoleKit, and
this value is set for any user session started by GDM so
that ConsoleKit can properly identify the session.
EXTENDED DESCRIPTION
Login Greeter GUI
The login greeter GUI allows the user to specify how their
user session should be started and ensures that the user
authenticates before gaining access to their user session.
Authentication can be disabled if desired.
GDM makes use of pam(3PAM) to manage how the user authenti-
cates (for example, by entering a username and password, via
a SmartCard, fingerprint reader, etc.). If authentication
is not desired, then GDM provides two configuration options
which can be used to bypass it: "Automatic Login" and "Timed
Login". These are not enabled by default, but can be turned
on if desired.
The Automatic Login feature will cause GDM to bypass the
login greeter GUI entirely and immediately start a session
for the user specified in the GDM configuration. The Timed
Login feature will display the login greeter GUI for a
number of seconds specified in the GDM configuration. If no
user logs in before the timeout, then GDM will automatically
start the user session for the user specified in the GDM
configuration. Timed Login is useful if you wish to have
the opportunity to login as a different user on some
SunOS 5.11 Last change: 28 Dec 2009 4
Maintenance Commands gdm(1m)
occasions. Obviously neither Automatic Login or Timed Login
are secure, and they should only be used on systems where
the security provided by authentication is not needed.
GDM normally uses a PAM stack named "gdm". When Automatic
Login or Timed Login is enabled, then GDM instead uses a PAM
stack named "gdm-autologin". Note that Automatic Login and
Timed Login will not work properly if the "gdm-autologin"
PAM stack is not defined in your PAM configuration.
The login greeter GUI provides two mechanisms for specifying
which user is logging into the system. Either the "Face
Browser" can be used, or GDM can prompt the user with the
requests specified by the system PAM configuration. By
default, this means entering both the username and password
by hand.
The Face Browser is designed to work when PAM is configured
to allow users to select their username, so it is not useful
with certain PAM configurations (such as when the username
is identified via a SmartCard or fingerprint). The Face
Browser obviously exposes usernames to anyone with access to
the machine, so users may wish to disable it if this is con-
sidered a security issue.
When the Face Browser is enabled, a list of users will
appear in the login greeter GUI. An icon for each user is
shown, and users can specify what icon is associated with
their user. If the user has an image file named ~/.face,
then GDM will associate this image with the user. If the
user does not have such an image file, a default icon is
displayed. Image files must be no larger than 64K in size,
or they are ignored by GDM.
The login greeter GUI can be configured to provide "Shut-
down", "Restart", and "Suspend" buttons which allow the user
to shutdown, restart, or suspend the system if desired. On
Solaris, the buttons will only be available if the
"solaris.system.shutdown" authorization name is specified
for the "gdm" user in the /etc/user_attr file. For example,
the /etc/user_attr file should include the following line to
make these buttons available from the GDM login GUI screen.
gdm::::type=normal;auths=solaris.system.shutdown
While the login greeter GUI is displayed, a panel is pro-
vided at the bottom of the screen which provides useful
information, interfaces that allow the user to specify how
their session should be started, and interfaces to help the
user navigate the login screen. These include:
+o
SunOS 5.11 Last change: 28 Dec 2009 5
Maintenance Commands gdm(1m)
A clock, showing the date and time.
+o What type of session to run.
+o An alternative language to use.
+o An alternative keyboard layout (if supported).
+o The ability to launch assistive technology programs if
desired.
+o The ability to monitor the system battery (if using a
system with a battery).
The login greeter GUI also allows the user to take a
screenshot. If the user presses the keybindng associated
with printing the screen, then the gdm-screenshot is run to
take the screenshot.
Accessibility
GDM supports accessibility. Users can click on the accessi-
bility icon on the panel to specify which assistive programs
should be launched with the login GUI programs. It is also
possible to configure a system so that needed assistive pro-
grams should always be launched.
Note that accessibility support requires that the Xserver
supports the XKB extension. If the accessibility icon does
not appear in the panel, then this is likely the problem.
Enabling the XKB extension in the Xserver, if possible,
should correct this problem.
Security
The GDM login GUI programs are run with a dedicated user id
and group id. By default "gdm" is used for both the user id
and group id, but these values are configurable. The reason
for using this special user and group is to make sure that
the GDM user interfaces run as a user without unnecessary
privileges, so that in the unlikely case that someone finds
a weakness in the GUI, they will not gain access to a
privileged account on the machine.
Note that the GDM user and group do have some privileges
beyond what a normal user has. This user and group has
access to the Xserver authorization directory which contains
all of the Xserver authorization files and other private
information. This means that someone who gains the GDM
user/group privileges can then connect to any running
Xserver session. Do not, under any circumstances, make the
GDM user/group a user/group that might be easy to get access
to, such as the user "nobody".
File permissions are set on the authorization files so that
only the user has read and write access to ensure that users
are unable to access the authorization files belonging to
other users.
SunOS 5.11 Last change: 28 Dec 2009 6
Maintenance Commands gdm(1m)
XDMCP
XDMCP (X Display Manager Control Protocol) displays the
login screen and resulting session on a remote machine over
the network interface. By default, XDMCP is disabled in
GDM. However, GDM can be configured to enable XDMCP so that
users can log into the system from remote hosts. By
default, GDM listens to UDP port 177, although this can be
configured. GDM responds to QUERY and BROADCAST_QUERY
requests by sending a WILLING packet to the originator.
GDM provides configuration options that make GDM more resis-
tant to denial-of-service attacks on the XDMCP service. The
default values should work for most systems, but several
protocol parameters, handshaking timeouts, and so on can be
fine-tuned to make it more secure. It is not recommended
that you modify the XDMCP configuration unless you know what
you are doing.
GDM grants access to the hosts specified in the GDM service
section of your TCP Wrappers configuration file. Refer to
the libwrap(3) manpage for more information. GDM does not
support remote display access control on systems without TCP
Wrapper support.
GDM can also be configured to honor INDIRECT queries and
present a host chooser to the remote display. GDM remembers
the user's choice and forwards subsequent requests to the
chosen manager. GDM also supports an extension to the proto-
col which makes GDM forget the redirection once the user's
connection succeeds. This extension is only supported if
both daemons are GDM. This extension is transparent and is
ignored by XDM or other daemons that implement XDMCP.
GDM only supports the MIT-MAGIC-COOKIE-1 authentication sys-
tem. Because of this, the cookies are transmitted as clear
text. Therefore, you should be careful about the network
where you use this. That is, be careful about where your
XDMCP connection is going. Note that if snooping is possi-
ble, an attacker could snoop your password as you log in, so
a better XDMCP authentication would not help you much any-
way. If snooping is possible and undesirable, you should use
ssh(1) for tunneling an X connection, rather then using
GDM's XDMCP. Think of XDMCP as a sort of graphical telnet,
with the same security issues.
GDM Configuration
ConsoleKit interfaces are used to configure how GDM should
manage displays in a multiseat environment, so to configure
multiseat please refer to the console-kit-daemon(1m) man-
page.
SunOS 5.11 Last change: 28 Dec 2009 7
Maintenance Commands gdm(1m)
GDM also provides a number of configuration interfaces which
allow the user to specify how GDM should operate. The con-
figuration available for the GDM daemon and the GDM login
greeter GUI are described below. GDM also provides script-
ing interfaces and other interfaces to configure how ses-
sions are started which are described in the "GDM Login
Scripts and Session Files" section of this manpage.
The default system configuration for the GDM daemon is
stored in the file /etc/gdm/gdm.schemas, and accessed by GDM
via GConf. Users are not recommended to modify this file
since it may be overwritten on upgrade. Instead users
should override these settings by specifying values in the
/etc/gdm/custom.conf file, which is in standard INI format.
The settings below are in "group/key=default_value type"
format. The type can be string, integer, or boolean. To
override the "xdmcp/Enable" value, you would modify the
/etc/gdm/custom.conf so it contains these lines:
[xdmcp]
Enable=true
The following keys are supported for configuring the GDM
daemon:
chooser/Multicast=false (boolean)
If true and IPv6 is enabled, the chooser will send a
multicast query to the local network and collect
responses from the hosts who have joined multicast
group.
chooser/MulticastAddr=ff02::1 (string)
This is the Link-local Multicast address.
daemon/TimedLoginEnable=false (boolean)
If the user given in TimedLogin should be logged in
after a number of seconds (set with TimedLoginDelay) of
inactivity on the login screen. This is useful for pub-
lic access terminals or perhaps even home use. If the
user uses the keyboard or browses the menus, the timeout
will be reset to TimedLoginDelay or 30 seconds, which-
ever is higher. If the user does not enter a username
but just hits the ENTER key while the login program is
requesting the username, then GDM will assume the user
SunOS 5.11 Last change: 28 Dec 2009 8
Maintenance Commands gdm(1m)
wants to login immediately as the timed user. Note that
no password will be asked for this user so you should be
careful, although if using PAM it can be configured to
require password entry before allowing login.
daemon/TimedLogin= (string)
This is the user that should be logged in after a speci-
fied number of seconds of inactivity. If the value ends
with a vertical bar | (the pipe symbol), then GDM will
execute the program specified and use whatever value is
returned on standard out from the program as the user.
The program is run with the DISPLAY environment variable
set so that it is possible to specify the user in a
per-display fashion. For example if the value is
"/usr/bin/getloginuser|", then the program
/usr/bin/getloginuser will be run to get the user value.
daemon/TimedLoginDelay=30 (integer)
Delay in seconds before the TimedLogin user will be
logged in.
daemon/AutomaticLoginEnable=false (boolean)
If true, the user given in AutomaticLogin should be
logged in immediately. This feature is like timed login
with a delay of 0 seconds.
daemon/AutomaticLogin= (string)
This is the user that should be logged in immediately if
AutomaticLoginEnable is true. If the value ends with a
vertical bar | (the pipe symbol), then GDM will execute
the program specified and use whatever value is returned
on standard out from the program as the user. The pro-
gram is run with the DISPLAY environment variable set so
that it is possible to specify the user in a per-display
fashion. For example if the value is
"/usr/bin/getloginuser|", then the program
/usr/bin/getloginuser will be run to get the user value.
SunOS 5.11 Last change: 28 Dec 2009 9
Maintenance Commands gdm(1m)
daemon/User=gdm (string)
The username under which the greeter and other GUI pro-
grams are run.
daemon/Group=gdm (string)
The group id used to run the login GUI programs
debug/Enable=false (boolean)
If true, then GDM will provide debug output in the sys-
tem log, which is either /var/log/messages or
/var/adm/messages depending on your system.
greeter/IncludeAll=false (boolean)
If true, then the face browser will show all users on
the local machine. If false, the face browser will only
show users who have recently logged in.
When this key is true, GDM will call fgetpwent() to get
a list of local users on the system. Anyusers with a
user id less than 500 (or 100 if running on Solaris) are
filtered out. The Face Browser also will display any
users that have previously logged in on the system (for
example NIS/LDAP users). It gets this list via calling
the ck-history(1) ConsoleKit interface. It will also
filter out any users which do not have a valid shell
(valid shells are any shell that getusershell() returns
- /sbin/nologin or /bin/false are considered invalid
shells even if getusershell() returns them).
If false, then GDM more simply only displays users that
have previously logged in on the system (local or
NIS/LDAP users) by calling the ck-history(1) ConsoleKit
interface.
greeter/Include= (string)
Set to a list of users to always include in the Face
Browser. This value is set to a list of users separated
by commas. By default, the value is empty.
SunOS 5.11 Last change: 28 Dec 2009 10
Maintenance Commands gdm(1m)
greeter/Exclude=bin,root,daemon,adm,lp,sync,shutdown,halt,mail,news,uucp,operator,nobody,nobody4,noaccess,postgres,pvm,rpm,nfsnobody,pcap
(string)
Set to a list of users to always exclude in the Face
Browser. This value is set to a list of users separated
by commas. Note that the setting in the custom.conf
overrides the default value, so if you wish to add addi-
tional users to the list, then you need to set the value
to the default value with additional users appended to
the list.
greeter/ShowLast=false (boolean)
If true, then the session, language and layout dialogs
in the login greeter GUI will show the option "Last" by
default. The users default settings in their ~/.dmrc
file will be used. If no settings exist in this file,
then the system defaults will be used. Note that GDM
normally caches the user's ~/.dmrc in the /var/cache/gdm
directory. Turning on this feature causes GDM to avoid
using the cache, and instead accesses the user's confi-
guration settings from their ~/.dmrc file after
pam_setcred(3PAM) is called. This feature is useful in
situations where users might log into multiple servers
and the system administrator wants to avoid situations
where the user's cached settings might become inconsis-
tant across different servers.
security/DisallowTCP=false (boolean)
If true, then always append "-nolisten tcp" to the
Xserver command line when starting attached Xservers,
thus disallowing TCP connection. This is a more secure
configuration if you are not using remote connections.
Note that on Solaris, the options/tcp_listen property of
the x11-server service also controls whether this option
is appended to the Xserver command line. The GDM confi-
guration value is set to "false" by default on Solaris
to defer control of this feature to this x11-server pro-
perty. Refer to the Xserver(1) manpage for more infor-
mation.
xdmcp/DisplaysPerHost=1 (integer)
To prevent attackers from filling up the pending queue,
GDM will only allow one connection for each remote
SunOS 5.11 Last change: 28 Dec 2009 11
Maintenance Commands gdm(1m)
computer. If you want to provide display services to
computers with more than one screen, you should increase
this value. Note that the number of attached DISPLAYS
allowed is not limited. Only remote connections via
XDMCP are limited by this configuration option.
xdmcp/Enable=false (boolean)
Setting this to true enables XDMCP support allowing
remote displays/X terminals to be managed by GDM. If
GDM is compiled to support it, access from remote
displays can be controlled using the TCP Wrappers
library.
xdmcp/HonorIndirect=true (boolean)
Enables XDMCP INDIRECT choosing for X-terminals which do
not supply their own display browser.
xdmcp/MaxPending=4 (integer)
To avoid denial of service attacks, GDM has fixed size
queue of pending connections. Only MaxPending displays
can start at the same time. Please note that this
parameter does not limit the number of remote displays
which can be managed. It only limits the number of
displays initiating a connection simultaneously.
xdmcp/MaxSessions=16 (integer)
Determines the maximum number of remote display connec-
tions which will be managed simultaneously. I.e. the
total number of remote displays that can use your host.
xdmcp/MaxWait=30 (integer)
When GDM is ready to manage a display an ACCEPT packet
is sent to it containing a unique session id which will
be used in future XDMCP conversations. GDM will then
place the session id in the pending queue waiting for
the display to respond with a MANAGE request. If no
response is received within MaxWait seconds, GDM will
SunOS 5.11 Last change: 28 Dec 2009 12
Maintenance Commands gdm(1m)
declare the display dead and erase it from the pending
queue freeing up the slot for other displays.
xdmcp/MaxWaitIndirect=30 (integer)
The MaxWaitIndirect parameter determines the maximum
number of seconds between the time where a user chooses
a host and the subsequent indirect query where the user
is connected to the host. When the timeout is exceeded,
the information about the chosen host is forgotten and
the indirect slot freed up for other displays. The
information may be forgotten earlier if there are more
hosts trying to send indirect queries then MaxPendingIn-
direct.
xdmcp/PingIntervalSeconds=15 (integer)
Interval in which to ping the Xserver in seconds. If the
Xserver does not respond before the next time we ping
it, the connection is stopped and the session ended.
This is a combination of the XDM PingInterval and
PingTimeout, but in seconds.
xdmcp/Port=177 (integer)
The UDP port number gdm should listen to for XDMCP
requests.
xdmcp/Willing=/etc/gdm/Willing (string)
When the machine sends a WILLING packet back after a
QUERY it sends a string that gives the current status of
this server. The default message is the system ID, but
it is possible to create a script that displays custom-
ized message. If this script does not exist or this key
is empty the default message is sent. If this script
succeeds and produces some output, the first line of
it's output is sent (and only the first line). It runs
at most once every 3 seconds to prevent possible denial
of service by flooding the machine with QUERY packets.
SunOS 5.11 Last change: 28 Dec 2009 13
Maintenance Commands gdm(1m)
The default system configuration for the GDM login greeter
GUI is stored in the system GConf schemas directory in the
file gdm-simple-greeter.schemas, and accessed by GDM via
GConf. Users are not recommended to modify this file file
since it may be overwritten on upgrade. Instead users
should override these settings by modifying the GConf confi-
guration for the GDM user (the user specified in the
Daemon/User configuration key above), normally the "gdm"
user. Users can use the gconftool-2(1) or gconf-editor(1)
programs to set these values, if desired. Refer to the
EXAMPLES section of this manpage for more information about
how to use these tools to change common settings.
GDM will use the GCONF_DEFAULT_SOURCE_PATH environment vari-
able to ensure that each display uses it's own GConf confi-
guration. This way changes in GConf will only affect the
greeter in a per-seat manner.
The following keys are supported for configuring the GDM
login greeter GUI and are in "GConf key=default_value
(gconf_data_type)" format:
/apps/gdm/simple-greeter/banner_message_enable=false
(boolean)
Controls whether the banner message text is displayed.
/apps/gdm/simple-greeter/banner_message_text=NULL (string)
Specifies the text banner message to show on the greeter
window.
/apps/gdm/simple-greeter/disable_restart_buttons=false
(boolean)
Controls whether to show the restart buttons in the
login window.
/apps/gdm/simple-greeter/disable_user_list=true (boolean)
If true, then the face browser with known users is not
shown in the login window.
SunOS 5.11 Last change: 28 Dec 2009 14
Maintenance Commands gdm(1m)
/apps/gdm/simple-greeter/logo_icon_name=computer (string)
Set to the themed icon name to use for the greeter logo.
/apps/gdm/simple-greeter/wm_use_compiz=false (boolean)
Controls whether compiz is used as the window manager
instead of metacity.
/desktop/gnome/interface/accessibility=true (boolean)
Controls whether the Accessibility infrastructure will
be started with the GDM GUI. This is needed for many
accessibility technology programs to work.
/desktop/gnome/applications/at/screen_magnifier_enabled=false
(boolean)
If set, then the assistive tools linked to this GConf
key will be started with the GDM GUI program. By default
this is a screen magnifier application.
/desktop/gnome/applications/at/screen_keyboard_enabled=false
(boolean)
If set, then the assistive tools linked to this GConf
key will be started with the GDM GUI program. By default
this is an on-screen keyboard application.
/desktop/gnome/applications/at/screen_reader_enabled=false
(boolean)
If set, then the assistive tools linked to this GConf
key will be started with the GDM GUI program. By default
this is a screen reader application.
On Solaris, GDM also supports the CONSOLE, PASSREQ, PATH,
and SUPATH configuration options in /etc/default/login.
Refer to the login(1) manpage for details.
SunOS 5.11 Last change: 28 Dec 2009 15
Maintenance Commands gdm(1m)
Logging
GDM logs error and debug information to the system syslog
file.
Output from the Xservers started by GDM is stored in the GDM
log directory, /var/log/gdm. The Xserver output for each
display is saved in a file display.log, where display is the
DISPLAY value for the associated display.
Output from the GDM login greeter GUI is saved in a file
display-greeter.log and output from the GDM slave daemon is
saved in a file display-slave.log. Again, the display is
the DISPLAY value for the associated display.
Four older versions of each file are also stored, by append-
ing 1 through 4 to the filename. These files are rotated, as
new sessions on that display are started.
The output from the user session is saved in a file
~/.xsession-errors. The user session output is redirected
before the PreSession script is started.
Note that if the session is a failsafe session, or if GDM
cannot open this file for some reason, a fallback file is
created named /tmp/xses-user.XXXXXX, where XXXXXX are random
characters.
If you run a system with quotas set, consider using the
PostSession script to delete the ~/.xsession-errors file, so
that this log file is not stored unnecessarily.
EXAMPLES
Note that the user should change user to the "gdm" user
before running the following gconftool-2(1) commands. For
example, the
su(1m) command could be used. Configuration changes will
only take effect if they apply to the "gdm" user.
Example 1: To Enable Face Browser for all GDM login greeter
GUI
example% gconftool-2 --direct --config-source xml:readwrite:/var/lib/gdm/.gconf.mandatory -t bool -s /apps/gdm/simple-greeter/disable_user_list false
Example 2: To Change the Background Image to stream.jpg for
the GDM login greeter GUI
example% gconftool-2 --direct --config-source xml:readwrite:/var/lib/gdm/.gconf.mandatory -t string -s /desktop/gnome/background/picture_filename /usr/share/pixmaps/backgrounds/opensolaris/stream.jpg
Example 3: To Disable Face Browser for StaticSeat1 GDM login
greeter GUI
SunOS 5.11 Last change: 28 Dec 2009 16
Maintenance Commands gdm(1m)
example% gconftool-2 --direct --config-source xml:readwrite:/var/lib/gdm/StaticSeat1/.gconf -t bool -s /apps/gdm/simple-greeter/disable_user_list true
EXIT STATUS
The following exit values are returned:
0 Application exited successfully
>0 Application exited with failure
FILES
The following files are used by this application:
/usr/sbin/gdm
Wrapper script that launches GNOME Display Manager
/usr/sbin/gdm-binary
Executable for GNOME Display Manager.
GDM Login Scripts and Session Files
The following GDM login integration interfaces are discussed
below:
+o /etc/gdm/Init/Default
+o /etc/gdm/Init/display
+o /etc/gdm/PostLogin/Default
+o /etc/gdm/PostLogin/display
+o /etc/gdm/PreSession/Default
+o /etc/gdm/PreSession/display
+o /etc/gdm/Xsession
+o /etc/X11/xinit/xinitrc.d
+o /etc/profile
+o ~/profile
+o /etc/X11/xinit/xinitrc.d
+o /etc/gdm/PostSession/Default
+o /etc/gdm/PostSession/display
The following session files are also discussed below:
+o /usr/share/gdm/autostart/LoginWindow/*.desktop
+o /usr/share/xsessions/*.desktop
+o ~/.dmrc(default user session)
SunOS 5.11 Last change: 28 Dec 2009 17
Maintenance Commands gdm(1m)
The Init, PostLogin, PreSession, and PostSession scripts all
work as described below.
For each type of script, the default one which will be exe-
cuted is called "Default" and is stored in a directory asso-
ciated with the script type. So the default Init script is
/etc/gdm/Init/Default. A per-display script can be pro-
vided, and if it exists it will be run instead of the
default script. Such scripts are stored in the same direc-
tory as the default script and have the same name as the
Xserver DISPLAY value for that display. For example, if the
/etc/gdm/Init/:0 script exists, it will be run for DISPLAY
":0".
All of these scripts are run with root privilege and return
0 if run successfully, and a non-zero return code if there
was any failure that should cause the login session to be
aborted. Also note that GDM will block until the scripts
finish, so if any of these scripts hang, this will cause the
login process to also hang.
When the Xserver for the login GUI has been successfully
started, but before the login GUI is actually displayed, GDM
will run the Init script. This script is useful for starting
programs that should be run while the login screen is show-
ing, or for doing any special initialization if required.
After the user has been successfully authenticated GDM will
run the PostLogin script. This is done before any session
setup has been done, including before the
pam_open_session(3PAM) call. This script is useful for doing
any session initialization that needs to happen before the
session starts. For example, you might setup the user's
$HOME directory if needed.
After the user session has been initialized, GDM will run
the PreSession script. This script is useful for doing any
session initialization that needs to happen after the ses-
sion has been initialized. It can be used for session
management or accounting, for example.
When a user terminates their session, GDM will run the Post-
Session script. Note that the Xserver will have been stopped
by the time this script is run, so it should not be
accessed.
Note that the PostSession script will be run even when the
display fails to respond due to an I/O error or similar.
Thus, there is no guarantee that X applications will work
during script execution.
SunOS 5.11 Last change: 28 Dec 2009 18
Maintenance Commands gdm(1m)
All of the above scripts will set the RUNNING_UNDER_GDM
environment variable to "yes". If the scripts are also
shared with other display managers, this allows you to iden-
tify when GDM is calling these scripts, so you can run
specific code when GDM is used.
The /usr/share/gdm/autostart/LoginWindow directory contains
.desktop files. Any .desktop files in this directory will
cause the associated program to automatically start with the
login GUI greeter. By default, GDM is shipped with files
which will autostart the gdm-simple-greeter login GUI
greeter itself, the gnome-power-manager application, the
gnome-settings-daemon, and the metacity window manager.
These programs are needed for the greeter program to work.
In addition, desktop files are provided for starting various
AT programs if the associated accessibility configuration
GConf keys are set.
The administrator can customize .desktop files. For example,
an xterm.desktop file can be useful when debugging the GDM
login greeter. A .desktop file to launch xterm(1) would look
as follows:
[Desktop Entry]
Name=Xterm
Comment=Xterm
Exec=/usr/X11/bin/xterm
OnlyShowIn=GNOME;
Terminal=false
Type=Application
X-GNOME-Autostart-Phase=Applications
X-GNOME-AutoRestart=true
The user's default session and language choices are stored
in the ~/.dmrc file. When a user logs in for the first time,
this file is created with the user's initial choices. The
user can change these default values by simply changing to a
different value when logging in. GDM will remember this
change for subsequent logins.
The session types which are available in the GDM login
greeter GUI are specified by .desktop files. These desktop
files are in standard INI format and the executable that
will be run to start the session is specified by the "Exec"
key in the file. Desktop files are normally stored in the
/usr/share/xsessions directory. However, GDM will search
for desktop files in the following directories in this
order: /etc/X11/sessions/, /etc/dm/Sessions,
/usr/share/xsessions, and /usr/share/gdm/BuiltInSessions.
The /etc/gdm/Xsession script is called between the PreSes-
sion and the PostSession scripts. This script does not
SunOS 5.11 Last change: 28 Dec 2009 19
Maintenance Commands gdm(1m)
support per-display like the other scripts. This script is
used for actually starting the user session. This script is
run as the user, and it will run whatever session was speci-
fied by the Desktop session file the user selected to start.
The /etc/gdm/Xsession script will source /etc/profile,
~/.profile, and all scripts in the /etc/X11/xinit/xinitrc.d
directory before starting the user session. Refer to the
profile(4) manpage for more information.
Configuration Files
/etc/gdm/gdm.schemas
GDM default daemon configuration.
/etc/gdm/custom.conf
GDM daemon configuration customization.
/etc/gconf/schemas/gdm-simple-greeter.schemas
GDM default login greeter GUI configuration.
/etc/default/login
On Solaris, GDM supports the CONSOLE, PASSREQ, PATH, and
SUPATH configuration options. Refer to the login(1)
manpage for details.
~gdm/.gconf.mandatory
The GDM user's mandatory GConf settings.
~gdm/.gconf
The GDM user's GConf settings.
~gdm/seat/.gconf
The per-seat GDM user's GConf settings.
SunOS 5.11 Last change: 28 Dec 2009 20
Maintenance Commands gdm(1m)
~gdm/.gconf.path
This file specifies the GDM user's mandatory GConf set-
tings directory.
Logging
/var/log/gdm/display.log
Xserver output for each display.
/var/log/gdm/display-greeter.log
GDM login greeter GUI output for each display.
/var/log/gdm/display-slave.log
GDM slave daemon output for each display.
~/.xsession-errors
Output from the user session.
GDM Xauthority files
/var/run/gdm
Stores the Xserver authentication files for each managed
session.
Face Browser
/usr/share/pixmaps/faces
Global directory for face images.
~/.face
User-defined icon to be used by GDM face browser.
SunOS 5.11 Last change: 28 Dec 2009 21
Maintenance Commands gdm(1m)
GDM user cache
/var/cache/gdm
GDM copies the user's ~/.dmrc and ~/.face files to
/var/cache/gdm/username, so that they can be accessed on
subsequent logins without accessing the user's $HOME
directory before pam_setcred(3PAM) is called.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | system/display-manager/gdm |
|_____________________________|_____________________________|
| Interface stability | Volatile |
|_____________________________|_____________________________|
| /etc/X11/gdm/custom.conf | Volatile |
|_____________________________|_____________________________|
| ~gdm/.gconf.mandatory | Volatile |
|_____________________________|_____________________________|
| ~gdm/.gconf | Volatile |
|_____________________________|_____________________________|
SEE ALSO
More information can be found at:
http://library.gnome.org/admin/gdm
Latest version of the GNOME Desktop User Guide for your
platform.
gdmdynamic(1), gdmflexiserver(1), gdm-screenshot(1),
gconftool-2(1), gconf-editor(1), login(1), ssh(1), Xorg(1),
Xserver(1), audit(1m), console-kit-daemon(1m), gdm-stop(1m),
svcadm(1m), libwrap(3), pam(3PAM), logindevperm(4),
pam.conf(4), profile(4), user_attr(4), attributes(5),
environ(5), smf(5)
NOTES
This man page written by Martin K. Petersen ,
George Lebl , and Brian Cameron
. Copyright (c) 1998, 1999 by Martin
K. Petersen. Copyright (c) 2001, 2003, 2004 by George Lebl.
Copyright (c) 2003 by Red Hat, Inc. Copyright (c) 2006,
2009 by Sun Microsystems, Inc.
SunOS 5.11 Last change: 28 Dec 2009 22