GDM has powerful configuration management. System default configuration is stored in the GDM System Defaults Configuration File and user changes to the default configuration are stored in the GDM Custom Configuration File. This allows sysadmins to store the GDM System Defaults Configuration File on a shared filesystem, so a single file can be used to control configuration for multiple machines. GDM also supports per-display configuration for GUI-related keys.
The gdmsetup is a GUI program you can use to edit the GDM configuration. This program may also be launched directly from the login screen if the greeter/ConfigAvailable key is set to "true" Not all keys in the GDM configuration file are supported in the GUI, so you may need to edit the configuration files by hand to edit these keys. If you believe running root-owned GUI's causes security risk, then you would want to always edit the files by hand. This program does not support setting per-display configuration, so per-display configuration files must be set up by hand.
Aside from the GDM System Defaults Configuration File, the other GDM
configuration files are located, by default, in the
<etc>/gdm/
folder or its subdirectories.
Note that the location of many configuration files are defined in the
GDM configuration files, so check the GDM System Defaults Configuration
File and the GDM Custom Configuration File if the files are not in the
locations specified in this document.
Listing of the config directory contents:
custom.conf locale.alias Xsession XKeepsCrashing modules/ Init/ PostLogin/ PreSession/ PostSession/
locale.alias
is a file which looks much like the
system locale alias but, in fact, is not the same. This is a list
of all languages that may be on your system. All languages are
checked to see if they exist before displaying them in the Language
Selection dialog in the login GUI. Only those that exist are displayed.
Xsession
is a script which sets up a user session
and then executes the user's choice of session. Note that the session
script is typically started via the desktop
file associated with the session the user has picked. Some
sessions may start the user's session via a different mechanism than
the Xsession
script, so please check the
appropriate desktop
before assuming a session
startup issue is being caused by this file.
XKeepsCrashing
is a script which gets run when the
X server keeps crashing and we cannot recover. The shipped default
script will work with most Linux distributions and can run the X
configuration application provided the person on the console knows the
root password.
Accessibility modules are configured in the modules/
subdirectory, and are a separate topic. Read the default files provided,
they have adequate documentation. Again normally the default install
is given in the files with factory
in their name,
and those files are not read, they are just there for you so you can
always revert to default config.
Files describing available GDM session follow the freedesktop.org
desktop file specification. The .desktop
-style
files are installed to <etc>/X11/sessions/
.
This directory is also read by the KDE desktop manager (KDM) for common
configuration. Next the directory
<share>/gdm/BuiltInSessions/
is read for
GDM specific built-in sessions (KDM hardcodes these at time of
this writing). Lastly the default setup will also read
<share>/xsessions/
(which should be
<share>/xsessions/
if you really wish to
cooperate with KDM) where desktop packages can install their session
files. The directories under the <etc>
should
be reserved for configuration. The desktop file specification approach
makes it easy for package management systems to install window managers
and different session types without requiring the sysadmin to edit files.
See the SessionDesktopDir
configuration key for
changing the paths. It used to be that GDM stored its built in
sessions in <etc>/dm/Sessions/
but this is
deprecated as of 2.5.90.0. Note that prior to version 2.4.4.2 only the
<etc>/dm/Sessions/
was being read.
A session can be disabled (if it was installed in
<share>/xsessions/
) by adding an identically
named .desktop
to one of the directories earlier in
the path (likely <etc>/X11/sessions
) and using
Hidden=true
in that file.
GDM uses the optional key X-Gdm-XserverArgs
in
session files to specify additional arguments to be passed to the
X server. For example, the entry
X-Gdm-XserverArgs=-depth 16
will start the
X server with a color depth of 16 bits. Any such additional arguments
are ignored when using a Nested display (when GDM is launched in a
window).
In this section we will explain the Init
,
PostLogin
, PreSession
and
PostSession
directories as they are very similar.
When the X server has been successfully started, GDM will try to run
the script called Init/<displayname>
. I.e.
Init/:0
for the first attached display. If this
file is not found, GDM will attempt to to run
Init/<hostname>
. I.e.
Init/somehost
.
If this still is not found, GDM will try
Init/XDMCP
for all XDMCP logins or
Init/Flexi
for all on demand flexible
displays. If none of the above were found, GDM will run
Init/Default
. The script will be run as root and
GDM blocks until it terminates. Use the Init/*
script for applications that are supposed to run alongside with the GDM
login window. xconsole for instance. Commands to set the background
etc. go in this file too.
It is up to the sysadmin to decide whether clients started by the Init
script should be killed before starting the user session. This is
controlled with the KillInitClients
configuration
option.
When the user has been successfully authenticated GDM tries the
scripts in the PostLogin
directory in the same
manner as for the Init
directory. This is done
before any session setup is done, and so this would be the script where
you might setup the home directory if you need to (though you should
use the pam_mount
module if you can for this).
You have the $USER
and
$DISPLAY
environment variables set for this
script, and again it is run as root. The script should return 0 on
success as otherwise the user won't be logged in. This is not true for
failsafe session however.
After the user session has been setup from the GDM side of things, GDM
will run the scripts in the PreSession
directory,
again in the same manner as the Init
directory.
This script can be used for session management or accounting, for
example. The $USER
environment variable contains
the login of the authenticated user and $DISPLAY
is set to the current display. The script should return 0 on success.
Any other value will cause GDM to terminate the current login process.
This is not true for failsafe sessions however. Also
$X_SERVERS
environmental variable is set and this
points to a fake generated X servers file for use with the sessreg
accounting application.
After this the base Xsession
script is run with
the selected session executable as the first argument. This is run as
the user, and really this is the user session. The available session
executables are taken from the Exec=
line in the
.desktop
files in the path specified by
SessionDesktopDir
. Usually this path is
<etc>/X11/sessions/:<etc>/dm/Sessions:/usr/share/xsessions/
.
The first found file is used. The user either picks from these
sessions or GDM will look inside the file ~/.dmrc
for the stored preference.
This script should really load the user's profile and generally do all
the voodoo that is needed to launch a session. Since many systems
reset the language selections done by GDM, GDM will also set the
$GDM_LANG
variable to the selected language. You
can use this to reset the language environmental variables after you
run the user's profile. If the user elected to use the system language,
then $GDM_LANG
is not set.
When the user terminates his session, the
PostSession
script will be run. Again operation
is similar to Init
, PostLogin
and PreSession
. Again the script will be run with
root privileges, the slave daemon will block and the
$USER
environment variable will contain the name
of the user who just logged out and $DISPLAY
will
be set to the display the user used, however note that the X server for
this display may already be dead and so you shouldn't try to access it.
Also $X_SERVERS
environmental variable is set and
this points to a fake generated X servers file for use with the sessreg
accounting application.
Note that the PostSession
script will be run
even when the display fails to respond due to an I/O error or
similar. Thus, there is no guarantee that X applications will work
during script execution.
Except for the Xsession
script all of these
scripts will also have the environment variable
$RUNNING_UNDER_GDM
set to
yes
, so that you could perhaps use similar
scripts for different display managers. The
Xsession
will always have the
$GDMSESSION
set to the basename of the
session that the user chose to run without the
.desktop
extension. In addition
$DESKTOP_SESSION
is also set to the same value
and in fact this will also be set by KDM in future versions.
Neither of the Init
,
PostLogin
, PreSession
or
PostSession
scripts are necessary and can be left
out. The Xsession
script is however required as
well as at least one session .desktop
file.
GDM uses two configuration files: the GDM System Defaults Configuration
File (<share>/gdm/defaults.conf
) and the
GDM Custom Configuration File
(<etc>/gdm/custom.conf
). The GDM System
Defaults File contains the default configuration choices for GDM, and
should not be modified by the user. The GDM Custom Configuration File
is where users may specify their custom configuration choices.
If a configuration option is not defined in either file, GDM will
default to the value described in the comments in the GDM System
Defaults Configuration File.
Both configuration files are divided into sections each containing variables that define the behavior for a specific part of the GDM suite. Refer to the comments in the GDM System Defaults Configuration File for additional information about each configuration setting.
GDM also supports per-display configuration for parameters in the
"gui", "greeter" sections of the configuration file
Also the security/PamStack key may be customized per-display.
Per-display configuration is specified by creating a file named
<etc>/gdm/custom.conf<display num>
.
In this file the section and keys to use on this display can be
specified. For example, configuration overrides for display
":103" would be stored in the file
<etc>/gdm/custom.conf:0
. Per-display
configuration is supported in GDM 2.14.6 and later.
To change configuration by hand, edit the GDM Custom Configuration File or per-display configuration file and make sure the keyname=value pair you want is included in the appropriate section. For example, to change the value for the "Greeter" key in the "daemon" section, make sure the daemon section of the GDM Custom Configuration File or per-display configuration file includes the "[daemon]" section followed by the key and value change desired. As in this example:
[daemon] Greeter=/usr/lib/gdmgreeter
The gdmsetup command can be used to modify the GDM Custom Configuration File. Note the gdmsetup is intended to be run as root, so users who feel it is insecure to run GUI programs as root should edit the configuration files by hand.
The GDM daemon --config argument may instead be used to specify a different configuration file location. The GDM daemon must be restarted to change the configuration file being used. Also when building GDM, the location of the configuration files may be specified via the --with-defaults-conf and --with-custom-conf configuration options.
Previous to GDM 2.13.0.4 only the
<etc>/gdm/gdm.conf
existed. For best
backwards compatibility, this file will be used instead of the GDM
Custom Configuration File if it exists on your system. If upgrading
to the new version of GDM, "make install" will check to see
if the <etc>/gdm/gdm.conf
file is different
than the <etc>/gdm/factory-gdm.conf
file.
If so, the <etc>/gdm/gdm.conf
file will be
automatically copied to
<etc>/gdm/custom.conf
to preserve any
configuration changes.
Distributions should edit the GDM System Defaults Configuration File to establish default configuration values, so that they are preserved as defaults and not modified by users modifying the GDM Custom Configuration File. Note that distributions may modify the GDM System Defaults Configuration File on update to improve usability, security, etc. So any changes made to this file may be lost.
The GDM System Defaults Configuration File and the GDM Custom
Configuration File follow the standard .ini
style
configuration file syntax. Keywords in brackets define sections,
strings before an equal sign (=) are variables and the data after
equal sign represents their value. Empty lines or lines starting with
the hash mark (#) are ignored. The graphical configurator will try to
preserve both comments (lines with a hash mark) and the overall
structure of the file so you can intermix using the GUI or hand
editing the configuration file.
The following configuration keys are supported in GDM:
[daemon]
AddGtkModules=false
If true, then enables gdmgreeter or gdmlogin to be launched with additional Gtk+ modules. This is useful when extra features are required such as accessible login. Note that only "trusted" modules should be used to minimize security issues.
If true, then the registry daemon at-spi-registryd will be launched by gdmgreeter or gdmlogin starting with version GDM 2.17.
Usually this is used for accessibility modules. The modules
which are loaded are specified with the
GtkModulesList
key.
AllowLogoutActions=HALT;REBOOT;SHUTDOWN;SUSPEND;CUSTOM_CMD
Specify which actions are supported by the QUERY_LOGOUT_ACTION,
SET_LOGOUT_ACTION, and SET_SAFE_LOGOUT_ACTION
gdmflexiserver commands. Valid values are
HALT, REBOOT, SHUTDOWN, SUSPEND, and CUSTOM_CMD and these
should be separated by semicolons. This allows certain
options to be disabled if desired. Refer to the related
SystemCommandsInMenu
and
RBACSystemCommandKeys
configuration
options.
AlwaysLoginCurrentSession=true
If true, then when the user logs in and already has an existing session, then they are connected to that session rather than starting a new session. This only works for sessions running on VTs (Virtual Terminals) started with gdmflexiserver, and not with XDMCP. Note that VTs are not supported on all operating systems.
AutomaticLoginEnable=false
If the user given in AutomaticLogin should be logged in upon
first bootup. No password will be asked. This is useful
for single user workstations where console security is not an
issue and also could be useful for public terminals. Refer
also to TimedLogin
.
AutomaticLogin=
This user should be automatically logged in on first bootup. AutomaticLoginEnable must be true and this must be a valid user for this to happen. "root" can never be autologged in however and gdm will just refuse to do it even if you set it up.
The following control chars are recognized within the specified name:
%% — the `%' character
%d — display's name
%h — display's hostname
Alternatively, the name may end with a vertical bar |, the pipe symbol. The name is then used as a application to execute which returns the desired username on standard output. If an empty or otherwise invalid username is returned, automatic login is not performed. This feature is typically used when several remote displays are used as internet kiosks, with a specific user to automatically login for each display.
BaseXsession=<etc>/gdm/Xsession
This is the base X session file. When a user logs in, this
script will be run with the selected session as the first
argument. The selected session will be the
Exec=
from the
.desktop
file of the session.
If you wish to use the same script for several different
display managers, and wish to have some of the script run only
for GDM, then you can check the presence of the
GDMSESSION
environmental variable. This
will always be set to the basename of
.desktop
(without the extension) file that
is being used for this session, and will only be set for GDM
sessions. Previously some scripts were checking for
GDM_LANG
, but that is only set when the
user picks a non-system default language.
This script should take care of doing the "login" for
the user and so it should source the
<etc>/profile
and friends. The
standard script shipped with GDM sources the files in this
order: <etc>/profile
then
~/.profile
then
<etc>/xprofile
and finally
~/.xprofile
. Note that different
distributions may change this however. Sometimes users
personal setup will be in ~/.bash_profile
,
however broken that is.
Chooser=<bin>/gdmchooser
Full path and name of the chooser executable followed by optional arguments.
Configurator=<bin>/gdmsetup --disable-sound --disable-crash-dialog
The pathname to the configurator binary. If the greeter
ConfigAvailable
option is set to true then
run this binary when somebody chooses Configuration from the
Actions menu. Of course GDM will first ask for root password
however. And it will never allow this to happen from a remote
display.
ConsoleCannotHandle=am,ar,az,bn,el,fa,gu,hi,ja,ko,ml,mr,pa,ta,zh
These are the languages that the console cannot handle because of font issues. Here we mean the text console, not X. This is only used when there are errors to report and we cannot start X.
ConsoleNotify=true
If false, gdm will not display a message dialog on the console when an error happens.
DefaultPath=defaultpath (value set by configure)
Specifies the path which will be set in the user's session.
This value will be overridden with the value from
/etc/default/login
if it contains
"ROOT=<pathname>". If the
/etc/default/login
file exists, but
contains no value for ROOT, the value as defined in the GDM
configuration will be be used.
DefaultSession=gnome.desktop
The session that is used by default if the user does not have
a saved preference and has picked 'Last' from the list of
sessions. Note that 'Last' need not be displayed, see
the ShowLastSession
key.
DisplayInitDir=<etc>/gdm/Init
Directory containing the display init scripts. See the ``The Script Directories'' section for more info.
DisplayLastLogin=true
If true then the last login information is printed to the user before being prompted for password. While this gives away some info on what users are on a system, it on the other hand should give the user an idea of when they logged in and if it doesn't seem kosher to them, they can just abort the login and contact the sysadmin (avoids running malicious startup scripts). This was added in version 2.5.90.0.
This is for making GDM conformant to CSC-STD-002-85, although
that is purely theoretical now. Someone should read that spec
and ensure that this actually conforms (in addition to other
places in GDM). See
http://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-002-85.html
for more info.
DoubleLoginWarning=true
If true, GDM will warn the user if they are already logged in on another virtual terminal. On systems where GDM supports checking the X virtual terminals, GDM will let the user switch to the previous login virtual terminal instead of logging in.
DynamicXServers=false
If true, the GDM daemon will honor requests to manage
displays via the /tmp/.gdm_socket
socket connection. Displays can be created, started,
and deleted with the appropriate commands. The
gdmdynamic
command is a convenient
method to send these messages.
FailsafeXServer=
An X command line in case we can't start the normal X server.
should probably be some sort of a script that runs an
appropriate low resolution X server that will just work.
This is tried before the XKeepsCrashing
script is run.
FirstVT=7
On systems where GDM supports automatic VT (virtual terminal)
allocation, this is the first vt to try. Usually standard text
logins are run on the lower vts. See also
VTAllocation
.
FlexibleXServers=5
The maximum number of allowed flexible displays. These are
displays that can be run using the
/tmp/.gdm_socket
socket connection.
This is used for both full flexible displays and for nested
displays (refer to the Xnest
configuration
option).
FlexiReapDelayMinutes=5
After how many minutes of inactivity at the login screen
should a flexi display be reaped. This is only in effect
before a user logs in. Also it does not affect nested displays
(refer to the Xnest
configuration
option). To turn off this behavior set this value to 0. This
was added in version 2.5.90.0.
Greeter=<bin>/gdmlogin
Full path and name of the greeter executable followed by
optional arguments. This is the greeter used for all displays
except for the XDMCP remote displays. See also
RemoteGreeter
Group=gdm
The group name under which gdmlogin,
gdmgreeter,
gdmchooser and the internal
failsafe GTK+ dialogs are run. Also see
User
. This user will have access to all
the X authorization files, and perhaps to other internal GDM
data and it should not therefore be a user such as nobody, but
rather a dedicated user. The ServAuthDir
is owned by this group. The ownership and permissions of
ServAuthDir
should be
root.gdm
and 1770.
GtkModulesList=module-1:module-2:...
A colon separated list of Gtk+ modules that
gdmgreeter or gdmlogin
will be invoked with if AddGtkModules
is
true. The format is the same as the standard Gtk+ module
interface.
HaltCommand=<sbin>/shutdown -h now
Full path and arguments to command to be executed when user selects "Shut Down" from the Actions menu. This can be a ';' separated list of commands to try. If a value is missing, the shut down command is not available. Note that the default for this value is not empty, so to disable "Shut Down" it must be set to an empty value.
KillInitClients=true
Determines whether GDM should kill X clients started by the init scripts when the user logs in.
LogDir=<var>/log/gdm
Directory containing the log files for the individual displays. By default this is the same as the ServAuthDir.
PreFetchProgram=command
Program to be run by the GDM greeter/login program when the initial screen is displayed. The purpose is to provide a hook where files which will be used after login can be preloaded to speed performance for the user. The program will be called once only, the first time a greeter is displayed. The gdmprefetch command may be used. This utility will load any libraries passed in on the command line, or if the argument starts with a "@" character, it will process the file assuming it is an ASCII file containing a list of libraries, one per line, and load each library in the file.
PostLoginScriptDir=<etc>/gdm/PostLogin
Directory containing the scripts run right after the user logs in, but before any session setup is done. See the ``The Script Directories'' section for more info.
PostSessionScriptDir=<etc>/gdm/PostSession
Directory containing the scripts run after the user logs out. See the ``The Script Directories'' section for more info.
PreSessionScriptDir=<etc>/gdm/PreSession
Directory containing the scripts run before the user logs in. See the ``The Script Directories'' section for more info.
RBACSystemCommandKeys
Support RBAC (Role Based Access Control) for system commands
(Shutdown, Reboot, Suspend, etc.). This feature is only
functional if GDM is compiled with RBAC support. Specify the
RBAC key used to determine if the user has permission to use
the action via the QUERY_LOGOUT_ACTION, SET_LOGOUT_ACTION, and
SET_SAFE_LOGOUT_ACTION gdmflexiserver
commands. Valid actions are HALT, REBOOT, SUSPEND, and
CUSTOM_CMD. The greeter will only display the command if the
gdm user (User
configuration key) has
RBAC permissions to use the action. RBAC keys for multiple
actions can be specified by separating them with semicolons.
The format for each is "Action:RBAC key". If an action is not
specified, it is assumed that all users have permission to use
this action. For example, a valid value for this
configuration option would be
"HALT:key.for.halt;REBOOT:key.for.reboot". Refer to
the related AllowLogoutActions
and
SystemCommandsInMenu
configuration
options.
RebootCommand=<sbin>/shutdown -r now
Full path and optional arguments to the command to be executed when user selects Restart from the Actions menu. This can be a ';' separated list of commands to try. If missing, the restart command is not available. Note that the default for this value is not empty so to disable restart you must set this explicitly to an empty value.
RemoteGreeter=<bin>/gdmlogin
Full path and name of the greeter executable followed by
optional arguments. This is used for all remote XDMCP
sessions. It is useful to have the less graphically demanding
greeter here if you use the Themed Greeter for your main
greeter. See also the Greeter
key.
RootPath=defaultpath (value set by configure)
Specifies the path which will be set in the root's
session and the {Init,PostLogin,PreSession,PostSession} scripts
executed by GDM. This value will be overridden with the value
from /etc/default/login
if it
contains "SUROOT=<pathname>". If the
/etc/default/login
file exists, but
contains no value for SUROOT, the value as defined in the GDM
configuration will be used.
ServAuthDir=<var>/gdm
Directory containing the X authentication files for the
individual displays. Should be owned by
root.gdm
with permissions 1770, where
gdm
is the GDM group as defined by the
Group
option. That is should be owned by
root, with gdm
group having full write
permissions and the directory should be sticky and others
should have no permission to the directory. This way the GDM
user can't remove files owned by root in that directory, while
still being able to write its own files there. GDM will
attempt to change permissions for you when it's first run if
the permissions are not the above. This directory is also used
for other private files that the daemon needs to store. Other
users should not have any way to get into this directory and
read/change it's contents. Anybody who can read this directory
can connect to any display on this computer.
SessionDesktopDir=<etc>/X11/sessions/:<etc>/dm/Sessions/:<share>/xsessions/
Directory containing the .desktop
files
which are the available sessions on the system. Since 2.4.4.2
this is treated like a PATH type variable and the first file
found is used.
SoundProgram=<bin>/play
(or<bin>/audioplay
on Solaris)
Application to use when playing a sound. Currently used for
playing the login sound, see the
SoundOnLoginFile
key. Supported since
2.5.90.0.
StandardXServer=/dir/to/X (value assigned by configuration file)
Full path and arguments to the standard X server command. This is used when gdm cannot find any other definition, and it's used as the default and failsafe fallback in a number of places. This should be able to run some sort of X server.
SuspendCommand=
Full path and arguments to command to be executed when user selects Suspend from the Actions menu. If empty there is no such menu item. Note that the default for this value is not empty so to disable suspend you must set this explicitly to an empty value.
SuspendCommand=HALT;REBOOT;SHUTDOWN;SUSPEND;CUSTOM_CMD
Specify which system commands are available in the greeter
menu. Valid values are HALT, REBOOT, SHUTDOWN, SUSPEND, and
CUSTOM_CMD and these should be separated by semicolons. This
can be useful if you want to disable some options in the menu,
but still have them available to authenticated users via the
SET_LOGOUT_ACTION or SET_SAFE_LOGOUT_ACTION
gdmflexiserver commands. For example, the
GNOME panel uses these commands to provide Shutdown, Reboot,
and Suspend in the application menu. Therefore if you turn
off these options in the greeter, these options can still be
available to users who have authenticated via the GNOME panel.
Refer to the related
AllowLogoutActions
and
RBACSystemCommandKeys
configuration
options.
TimedLoginEnable=false
If the user given in TimedLogin
should be
logged in after a number of seconds (set with
TimedLoginDelay
) of inactivity on the
login screen. This is useful for public access terminals or
perhaps even home use. If the user uses the keyboard or
browses the menus, the timeout will be reset to
TimedLoginDelay
or 30 seconds, whichever
is higher. If the user does not enter a username but just
hits the ENTER key while the login program is requesting the
username, then GDM will assume the user wants to login
immediately as the timed user. Note that no password will be
asked for this user so you should be careful, although if using
PAM it can be configured to require password entry before
allowing login.
TimedLogin=
This is the user that should be logged in after a specified
number of seconds of inactivity. This can never be
"root" and gdm will refuse to log in root this way.
The same features as for AutomaticLogin
are supported. The same control chars and piping to a
application are supported.
TimedLoginDelay=30
Delay in seconds before the TimedLogin
user will be logged in. It must be greater then or equal to 10.
User=gdm
The username under which gdmlogin,
gdmgreeter,
gdmchooser and the internal
failsafe GTK+ dialogs are run. Also see
Group
. This user will have access to all
the X authorization files, and perhaps to other internal GDM
data and it should not therefore be a user such as nobody, but
rather a dedicated user.
UserAuthDir=
The directory where user's .Xauthority
file should be saved. When nothing is specified the user's
home directory is used. This is tilde expanded so you
can set it to things like: ~/authdir/
.
If you do not use the tilde expansion, then the filename
created will be random, like in
UserAuthFBDir
. This way many users can
have the same authentication directory. For example you might
want to set this to /tmp
when user has the
home directory on NFS, since you really don't want cookie files
to go over the wire. The users should really have write
privileges to this directory, and this directory should really
be sticky and all that, just like the /tmp
directory.
Normally if this is the user's home directory GDM will still
refuse to put cookies there if it thinks it is NFS (by testing
root-squashing). This can be changed by setting
NeverPlaceCookiesOnNFS
in the
[security]
section to false.
UserAuthFBDir=/tmp
If GDM fails to update the user's
.Xauthority
file a fallback cookie is
created in this directory.
UserAuthFile=.Xauthority
Name of the file used for storing user cookies.
VTAllocation=true
On systems where GDM supports automatic VT (virtual terminal)
allocation (currently Linux and FreeBSD only), you can have
GDM automatically append the vt argument to the X server
executable. This way races that come up from each X server
managing it's own vt allocation can be avoided. See also
FirstVT
.
XKeepsCrashing=<etc>/gdm/XKeepsCrashing
A script to run in case X keeps crashing. This is for running
An X configuration or whatever else to make the X configuration
work. See the script that came with the distribution for an
example. The distributed XKeepsCrashing
script is tested on Red Hat, but may work elsewhere. Your
system integrator should make sure this script is up to date
for your particular system.
In case FailsafeXServer
is setup, that
will be tried first. and this only used as a backup if even
that X server keeps crashing.
Xnest=<bin>/X11/Xephyr -audit 0
The full path and arguments to the nested X server command, which can be Xephyr, Xnest, or similar program. This command is used for starting nested displays allowing the user to start new login screens in a nested window. Xephyr is recommended since it works best and better supports modern X server extensions. Therefore GDM will set the default configuration to use Xephyr if available. If Xephyr is not available, then Xnest will be used if it is available.
XnestUnscaledFontPath=true
Set to true if the nested X server command program supports the
":unscaled" suffix in the FontPath (passed to nested X server
command via the -fp argument). Some Xnest (e.g. Xsun Xnest)
programs do not, and it is necessary to set this to false for
such nested X server commands to work with GDM. Refer to the
Xnest
configuration option.
[security]
AllowRoot=true
Allow root (privileged user) to log in through GDM. Set this to false if you want to disallow such logins.
On systems that support PAM, this parameter is not as useful as you can use PAM to do the same thing, and in fact do even more. However it is still followed, so you should probably leave it true for PAM systems.
AllowRemoteRoot=false
Allow root (privileged user) to log in remotely through GDM. This value should be set to true to allow such logins. Remote logins are any logins that come in through the XDMCP.
On systems that support PAM, this parameter is not as useful since you can use PAM to do the same thing, and do even more.
This value will be overridden and set to false if the
/etc/default/login
file exists and
contains "CONSOLE=/dev/login", and set to true if the
/etc/default/login
file exists and
contains any other value or no value for CONSOLE.
AllowRemoteAutoLogin=false
Allow the timed login feature to work for remote displays.
In other words, remote connections via XDMCP will be allowed to
log into the "TimedLogin" user after the delay
defined by TimedLoginDelay
.
Note that this can make a system quite insecure, and thus is off by default.
CheckDirOwner=true
By default GDM checks the ownership of the home directories
before writing to them, this prevents security issues in case
of bad setup. However in some instances home directories will
be owned by a different user and in this case it is necessary
to turn this option on. You will also most likely have to
turn the RelaxPermissions
key to at least
value 1 since in such a scenario home directories are likely
to be group writable. Supported since 2.6.0.4.
SupportAutomount=false
By default GDM checks the ownership of the home directories before writing to them, this prevents security issues in case of bad setup. However, when home directories are managed by automounter, they are often not mounted before they are accessed. This option works around subtleties of Linux automounter.
DisallowTCP=true
If true, then always append -nolisten tcp
to the command line when starting attached X servers, thus
disallowing TCP connection. This is a more secure
configuration if not using remote connections.
NeverPlaceCookiesOnNFS=true
Normally if this is true (which is by default), GDM will not place cookies into the user's home directory if this directory is on NFS. Well, GDM will consider any filesystem with root-squashing an NFS filesystem. Sometimes however the remote file system can have root squashing and be safe (perhaps by using encryption). In this case set this to 'false'. Note that this option appeared in version 2.4.4.4 and is ignored in previous versions.
PasswordRequired=false
If true, this will cause PAM_DISALLOW_NULL_AUTHTOK to be
passed as a flag to pam_authenticate and pam_acct_mgmt,
disallowing NULL password. This setting will only take
effect if PAM is being used by GDM. This value will be
overridden with the value from
/etc/default/login
if it contains
"PASSREQ=[YES|NO]". If the
/etc/default/login
file exists, but
contains no value for PASSREQ, the value as defined in the GDM
configuration will be used.
RelaxPermissions=0
By default GDM ignores files and directories writable to other users than the owner.
Changing the value of RelaxPermissions makes it possible to alter this behavior:
0 - Paranoia option. Only accepts user owned files and directories.
1 - Allow group writable files and directories.
2 - Allow world writable files and directories.
RetryDelay=1
The number of seconds GDM should wait before reactivating the entry field after a failed login.
UserMaxFile=65536
GDM will refuse to read/write files bigger than this number (specified in bytes).
In addition to the size check GDM is extremely picky about
accessing files in user directories. It will not follow
symlinks and can optionally refuse to read files and
directories writable by other than the owner. See the
RelaxPermissions
option for more info.
UtmpLineAttached=/dev/console (or /dev/dtlocal on Solaris)
When doing Utmp processing for attached displays, GDM sets the
ut_line to the device associated with the Virtual Terminal (VT)
if it is being used. Otherwise, it will use the value
specified with the display in the
[servers]
section if a value is provided.
If not, then the default value specified in UtmpLineAttached is
used for attached displays. The value can contain
"%d" which is translated to the DISPLAY value or
"%h" which is translated to the hostname. This value
must begin with /dev/
.
UtmpLineRemote= (or /dev/dtremote on Solaris)
When doing Utmp processing, GDM sets the ut_line to this value
for remote displays. The value can contain "%d"
which is translated to the DISPLAY value or "%h"
which is translated to the hostname. This value must begin
with /dev/
.
PseudoDevice=false (or true on Solaris)
If the device associated with a display does not exist, then
GDM will create a symlink to /dev/null
, or
touch it if it is a symlink to /dev/null
.
Some programs such as last,
finger, or who access the
utmp database and may assume that the device points to an
actual file. Creating such symlinks ensures that such programs
work properly.
[xdmcp]
DisplaysPerHost=1
To prevent attackers from filling up the pending queue, GDM
will only allow one connection for each remote computer. If
you want to provide display services to computers with more
than one screen, you should increase the
DisplaysPerHost
value accordingly.
Note that the number of attached DISPLAYS allowed is not limited. Only remote connections via XDMCP are limited by this configuration option.
Enable=false
Setting this to true enables XDMCP support allowing remote displays/X terminals to be managed by GDM.
gdm
listens for requests on UDP port 177.
See the Port option for more information.
If GDM is compiled to support it, access from remote displays
can be controlled using the TCP Wrappers library. The service
name is gdm
You should add
gdm:.my.domain
to your <etc>/hosts.allow
, depending
on your TCP Wrappers configuration. See the
hosts.allow(5)
man page for details.
Please note that XDMCP is not a particularly secure protocol and that it is a good idea to block UDP port 177 on your firewall unless you really need it.
EnableProxy=false
Setting this to true enables support for running XDMCP sessions on a local proxy X server. This may improve the performance of XDMCP sessions, especially on high latency networks, as many X protocol operations can be completed without going over the network.
Note, however, that this mode will significantly increase the burden on the machine hosting the XDMCP sessions
See the FlexiProxy
and
FlexiProxyDisconnect
options for further
details on how to configure support for this feature.
HonorIndirect=true
Enables XDMCP INDIRECT choosing (i.e. remote execution of
gdmchooser
) for X-terminals which don't
supply their own display browser.
MaxPending=4
To avoid denial of service attacks, GDM has fixed size queue of pending connections. Only MaxPending displays can start at the same time.
Please note that this parameter does *not* limit the number of remote displays which can be managed. It only limits the number of displays initiating a connection simultaneously.
MaxPendingIndirect=4
GDM will only provide MaxPendingIndirect
displays with host choosers simultaneously. If more queries
from different hosts come in, the oldest ones will be
forgotten.
MaxSessions=16
Determines the maximum number of remote display connections which will be managed simultaneously. I.e. the total number of remote displays that can use your host.
MaxWait=30
When GDM is ready to manage a display an ACCEPT packet is sent to it containing a unique session id which will be used in future XDMCP conversations.
GDM will then place the session id in the pending queue waiting for the display to respond with a MANAGE request.
If no response is received within MaxWait seconds, GDM will declare the display dead and erase it from the pending queue freeing up the slot for other displays.
MaxWaitIndirect=30
The MaxWaitIndirect parameter determines the maximum number of
seconds between the time where a user chooses a host and the
subsequent indirect query where the user is connected to the
host. When the timeout is exceeded, the information about the
chosen host is forgotten and the indirect slot freed up for
other displays. The information may be forgotten earlier if
there are more hosts trying to send indirect queries then
MaxPendingIndirect
.
Port=177
The UDP port number gdm
should listen to
for XDMCP requests. Don't change this unless you know what
you are doing.
PingIntervalSeconds=15
Interval in which to ping the X server in seconds. If the X server doesn't return before the next time we ping it, the connection is stopped and the session ended. This is a combination of the XDM PingInterval and PingTimeout, but in seconds.
Note that GDM in the past used to have a
PingInterval
configuration key which was
also in minutes. For most purposes you'd want this setting
to be lower then one minute however since in most cases where
XDMCP would be used (such as terminal labs), a lag of more
than 15 or so seconds would really mean that the terminal was
turned off or restarted and you would want to end the session.
FlexiProxyReconnect=
Setting this option enables experimental support for session migration with XDMCP sessions. This enables users to disconnect from their session and later reconnect to that same session, possibly from a different terminal.
In order to use this feature, you must have a nested X server available which supports disconnecting from its parent X server and reconnecting to another X server. Currently, the Distributed Multihead X (DMX) server supports this feature to some extent and other projects like NoMachine NX are busy implementing it.
This option should be set to the path of a command which will handle reconnecting the XDMCP proxy to another backend display. A sample implementation for use with DMX is supplied.
ProxyXServer=
The X server command line for a XDMCP proxy. Any nested X server like Xnest, Xephyr or Xdmx should work fairly well.
Willing=<etc>/gdm/Xwilling
When the machine sends a WILLING packet back after a QUERY it sends a string that gives the current status of this server. The default message is the system ID, but it is possible to create a script that displays customized message. If this script doesn't exist or this key is empty the default message is sent. If this script succeeds and produces some output, the first line of it's output is sent (and only the first line). It runs at most once every 3 seconds to prevent possible denial of service by flooding the machine with QUERY packets.
[gui]
AllowGtkThemeChange=true
If to allow changing the GTK+ (widget) theme from the greeter. Currently this only affects the standard greeter as the graphical greeter does not yet have this ability. The theme will stay in effect on this display until changed and will affect all the other windows that are put up by GDM. Supported since 2.5.90.2.
GtkRC=
Path to a gtkrc
to read when GDM puts up
a window. You should really now use the
GtkTheme
key for just setting a theme.
GtkTheme=Default
A name of an installed theme to use by default. It will be used in the greeter, chooser and all other GUI windows put up by GDM. Supported since 2.5.90.2.
GtkThemesToAllow=all
Comma separated list of themes to allow. These must be the
names of the themes installed in the standard locations for
GTK+ themes. You can also specify 'all' to allow all installed
themes. This is related to the
AllowGtkThemeChange
key. Supported since
2.5.90.2.
MaxIconWidth=128
Specifies the maximum icon width (in pixels) that the face browser will display. Icons larger than this will be scaled. This also affects icons in the XDMCP chooser.
MaxIconHeight=128
Specifies the maximum icon height (in pixels) that the face browser will display. Icons larger than this will be scaled. This also affects icons in the XDMCP chooser.
[greeter]
BackgroundColor=#76848F
If the BackgroundType is 2, use this color in the background of the greeter. Also use it as the back of transparent images set on the background and if the BackgroundRemoteOnlyColor is set and this is a remote display. This only affects the GTK+ Greeter.
BackgroundProgramInitialDelay=30
The background application will be started after at least that many seconds of inactivity.
RestartBackgroundProgram=true
If set the background application will be restarted when it has exited, after the delay described below has elapsed. This option can be useful when you wish to run a screen saver application when no user is using the computer.
BackgroundProgramRestartDelay=30
The background application will be restarted after at least that many seconds of inactivity.
BackgroundImage=somefile.png
If the BackgroundType is 1, then display this file as the background in the greeter. This only affects the GTK+ Greeter.
BackgroundProgram=<bin>/xeyes
If set this command will be run in the background while the login window is being displayed. Note that not all applications will run this way, since GDM does not usually have a home directory. You could set up home directory for the GDM user if you wish to run applications which require it. This only affects the GTK+ Greeter.
BackgroundRemoteOnlyColor=true
On remote displays only set the color background. This is to
make network load lighter. The
BackgroundProgram
is also not run. This
only affects the GTK+ Greeter.
BackgroundScaleToFit=true
Scale background image to fit the screen. This only affects the GTK+ Greeter.
BackgroundType=2
The type of background to set. 0 is none, 1 is image and color, 2 is color and 3 is image. This only affects the GTK+ Greeter.
Browser=true
Set to true to enable the face browser. See the ``The GTK+ Greeter'' section for more information on the face browser. This option only works for the GTK+ Greeter. For the Themed Greeter, the face browser is enabled by choosing a theme which includes a face browser
ChooserButton=true
If true, add a chooser button to the Actions menu that will restart the current X server with a chooser. XDMCP does not need to be enabled on the local computer for this to work.
ConfigAvailable=false
If true, allows the configurator to be run from the greeter.
Note that the user will need to type in the root password
before the configurator will be started. This is set to
false by default for additional security. See the
Configurator
option in the daemon
section.
DefaultFace=<share>/pixmaps/nophoto.png
If a user has no defined face image, GDM will use the
"stock_person" icon defined in the current GTK+
theme. If no such image is defined, the image specified by
DefaultFace
will be used. The image must
be in a gdk-pixbuf supported format and the file must be
readable to the GDM user.
Include=
Comma separated list of users to be included in the face
browser and in the gdmsetup selection list
for Automatic/Timed login.
See also Exclude
,
IncludeAll
, and
MinimalUID
.
Exclude=bin,daemon,adm,lp,sync,shutdown,halt,mail,...
Comma separated list of users to be excluded from the face
browser and from the gdmsetup selection list
for Automatic/Timed login. Excluded users will still be able to
log in, but will have to type their username.
See also Include
,
IncludeAll
, and
MinimalUID
.
IncludeAll=false
By default, an empty include list means display no users.
By setting IncludeAll to true, the password file will be
scanned and all users will be displayed aside from users
excluded via the Exclude setting and user ID's less than
MinimalUID. Scanning the password file can be slow on
systems with large numbers of users and this feature should
not be used in such environments.
See also Include
,
Exclude
, and
MinimalUID
.
GlobalFaceDir=<share>/pixmaps/faces/
Systemwide directory for face files. The sysadmin can place icons for users here without touching their homedirs. Faces are named after their users' logins.
I.e. <GlobalFaceDir>/johndoe
would
contain the face icon for the user ``johndoe''. No image format
extension should be specified.
The face images must be stored in gdk-pixbuf supported formats and they must be readable for the GDM user.
A user's own icon file will always take precedence over the sysadmin provided one.
GraphicalTheme=circles
The graphical theme that the Themed Greeter should use. it
should refer to a directory in the theme directory set by
GraphicalThemeDir
.
GraphicalThemes=circles
The graphical themes that the Themed Greeter should use is the
Mode is set on Random Themes. This is a "/:"
delimited list. It should refer to a directory in the theme
directory set by GraphicalThemeDir
. This
is only used if GraphicalThemeRand
is set
to true.
GraphicalThemeRand=false
Whether the graphical greeter will use Only One Theme or Random
Theme mode. Only One Theme mode uses themes listed by
GraphicalTheme
, Random Themes mode uses
themes listed by GraphicalThemes
. A value
of false sets greeter to use Only One Theme mode, a value of
true sets the greeter to use Random Theme mode.
GraphicalThemeDir=<share>/gdm/themes/
The directory where themes for the Themed Greeter are installed.
GraphicalThemedColor=#76848F
Use this color in the background of the Themed Greeter. This only affects the Themed Greeter.
InfoMsgFile=/path/to/infofile
If present and /path/to/infofile specifies an existing and readable text file (e.g. <etc>/infomsg.txt) the contents of the file will be displayed in a modal dialog box before the user is allowed to login. This works both with the standard and the themable greeters.
InfoMsgFont=fontspec
If present and InfoMsgFile (see above) is used, this specifies the font to use when displaying the contents of the InfoMsgFile text file. For example fontspec could be Sans 24 to get a sans serif font of size 24 points. This works both with the standard and the themable greeters.
LocaleFile=<etc>/gdm/locale.alias
File in format similar to the GNU locale format with entries for all supported languages on the system. The format is described above or in a comment inside that file.
LockPosition=true
If true the position of the login window of the GTK+ Greeter cannot be changed even if the title bar is turned on.
Logo=<share>/pixmaps/gnome-logo-large.png
Image file to display in the logo box. The file must be in a gdk-pixbuf supported format and it must be readable by the GDM user. If no file is specified the logo feature is disabled. This only affects the GTK+ Greeter.
ChooserButtonLogo=<share>/pixmaps/gnome-logo-large.png
Image file to display in the file chooser button in gdmsetup. This key is modified by gdmsetup and should not be manually modified by the user. This only affects the Login Window Preferences (gdmsetup).
MinimalUID=100
The minimal UID that GDM should consider a user. All
users with a lower UID will be excluded from the face browser.
See also Include
,
Exclude
, and
IncludeAll
.
PositionX=200
The horizontal position of the login window of the GTK+ Greeter.
PositionY=100
The vertical position of the login window of the GTK+ Greeter.
Quiver=true
Controls whether gdmlogin should shake the display when an incorrect username/password is entered. This only affects the GTK+ Greeter.
DefaultRemoteWelcome=true
If set to true, the value "Welcome to %n" is used for
the RemoteWelcome
. This value is
translated into the appropriate language for the user. If set
to false, the RemoteWelcome
setting is
used. This string can use the same special character sequences
as explained in the "Text Node" section of the
"Themed Greeter" chapter. This explains the meaning
of "%n".
RemoteWelcome=Welcome to %n
Controls which text to display next to the logo image in the
greeter for remote XDMCP sessions. The same expansion is
done here as in the Welcome
string.
This string can use the same special character sequences as
explained in the "Text Node" section of the
"Themed Greeter" chapter.
chapter.
RunBackgroundProgramAlways=false
If this is true then the background application is run always,
otherwise it is only run when the
BackgroundType
is 0 (None)
This only affects the GTK+ Greeter.
SetPosition=true
If true the position of the login window of the GTK+ Greeter
is determined by PositionX
/ PositionY
.
ShowGnomeFailsafeSession=true
Should the greeter show the Gnome Failsafe session in th sessions list.
ShowLastSession=true
Should the greeter show the 'Last' session in the session list.
If this is off, then GDM is in the so called 'switchdesk' mode
which for example Red Hat uses. That is, the users can't pick
the last session and will just then get the default session
(see DefaultSession
) unless then pick
something else for this session only. So if this is off, this
really circumvents saving of the last session.
ShowXtermFailsafeSession=true
Should the greeter show the Xterm Failsafe session in the sessions list.
SoundOnLogin=true
If true, the greeter will play a sound or beep when it is
ready for a login. See also the
SoundOnLoginFile
key.
Supported since 2.5.90.0.
SoundOnLoginSuccess=true
If true, the greeter will play a sound after a successful login
attempt. See also the
SoundOnLoginSuccessFile
key.
SoundOnLoginFailure=true
If true, the greeter will play a sound after a failed login
attempt. See also the
SoundOnLoginFailureFile
key.
SoundOnLoginFile=/path/to/sound.wav
The file that will be played using the specified sound
application (by default that is
/usr/bin/play
) instead of a beep when the
greeter is ready for a login. See also the
SoundOnLogin
key and the
SoundProgram
key. Supported since
2.5.90.0.
SoundOnLoginSuccessFile=/path/to/sound.wav
The file that will be played using the specified sound
application (by default that is
/usr/bin/play
) after a successful login
attempt. See also the SoundOnLoginSuccess
key and the SoundProgram
key.
SoundOnLoginFailureFile=/path/to/sound.wav
The file that will be played using the specified sound
application (by default that is
/usr/bin/play
) after a failed login
attempt. See also the SoundOnLoginFailure
key and the SoundProgram
key.
SystemMenu=true
Turns the Actions menu (which used to be called System menu) on or off. If this is off then one of the actions will be available anywhere. These actions include Shutdown, Restart, Configure, XDMCP chooser and such. All of those can however be turned off individually. Shutdown, Restart and Suspend can be turned off by just setting the corresponding keys to empty. Note that the actions menu is only shown on attached displays. It would not be safe or even desirable on remote logins, so you do not have to worry about remote users having these privileges.
Note that if this is off none of the actions will be available even if a theme for a graphical greeter mistakenly shows them. Also note that sometimes a graphical theme may not show all the available actions as buttons and you may have to press F10 to see the menu.
TitleBar=true
Display the title bar in the greeter. This only affects the GTK+ Greeter.
Use24Clock=auto
Select the use of 24 hour clock. Some locales do not
support 12 hour format (like Finnish, that is
fi_FI
), and in those locales this
setting has no effect at all.
Possible values are "auto" (default), "true", and "false". If this is set to "auto" or left empty, then time format is chosen from locale settings. Locale settings are based on the language in use, thus it is changed by setting environment variables LANGUAGE (GNU extension), LANG, LC_MESSAGES or LC_ALL in the GDM's runtime environment. Priorities between the mentioned environment variables can be found from your system's C library manual.
UseInvisibleInEntry=false
Do not show any visual feedback is the password entry.
This is the standard in console and xdm. Settings this
option discards the UseCirclesInEntry
option.
DefaultWelcome=true
If set to true, the value "Welcome" is used for the
Welcome
. This value is translated
into the appropriate language for the user. If set to
false, the Welcome
setting is used.
Welcome=Welcome
Controls which text to display next to the logo image in the standard greeter. The following control chars are supported:
%% — the `%' character
%d — display's hostname
%h — Fully qualified hostname
%m — machine (processor type)
%n — Nodename (i.e. hostname without .domain)
%r — release (OS version)
%s — sysname (i.e. OS)
This string is only used for attached displays. For remote
XDMCP displays we use RemoteWelcome
.
In the Themed Greeter the location of this text depends on the theme. Unless the theme uses the stock welcome string somewhere this string will not be displayed at all.
XineramaScreen=0
If the Xinerama extension is active the login window will be centered on this physical screen (use 0 for the first screen, 1 for the second...).
[chooser]
AllowAdd=true
If true, allow the user to add arbitrary hosts to the chooser. This way the user could connect to any host that responds to XDMCP queries from the chooser.
Broadcast=true
If true, the chooser will broadcast a query to the local
network and collect responses. This way the chooser will
always show all available managers on the network. If you
need to add some hosts not local to this network, or if you
don't want to use a broadcast, you can list them explicitly
in the Hosts
key.
Multicast=true
If true and IPv6 is enabled, the chooser will send a multicast
query to the local network and collect responses from the hosts
who have joined multicast group. If you don't want to send a
multicast, you can specify IPv6 address in the Hosts
key. The host will respond if it is listening to
XDMCP requests and IPv6 is enabled there.
MulticastAddr=ff02::1
This is the Link-local Multicast address and is hardcoded here.
DefaultHostImage=<share>/pixmaps/nohost.png
File name for the default host icon. This image will be displayed if no icon is specified for a given host. The file must be in a gdk-pixbuf supported format and it must be readable for the GDM user.
HostImageDir=<share>/hosts
Repository for host icon files. The sysadmin can place icons
for remote hosts here and they will appear in
gdmchooser
.
The file name must match the fully qualified name (FQDN) for the host. The icons must be stored in gdk-pixbuf supported formats and they must be readable to the GDM user.
Hosts=host1,host2
The hosts which should be listed in the chooser. The chooser
will only list them if they respond. This is done in addition
to broadcast (if Broadcast
is set), so you
need not list hosts on the local network. This is useful if
your networking setup doesn't allow all hosts to be reachable
by a broadcast packet.
ScanTime=4
Specifies how many seconds the chooser should wait for replies to its BROADCAST_QUERY. Really this is only the time in which we expect a reply. We will still add hosts to the list even if they reply after this time.
[debug]
Enable=false
Setting to true sends debug ouput to the syslog. This can be useful for tracking down problems with GDM. This output tends to be verbose so should not be turned on for general use.
Gestures=false
Setting to true sends debug ouput concerning the accessibility gesture listeners to the syslog. This can be useful for tracking down problems with them not working properly. This output tends to be verbose so should not be turned on for general use.
You can create up to 10 different commands. Gaps between command numbers are allowed and their relative positioning within the section and with respect to each other is not important as long as they conform to the permitted range of [0-9].
[customcommand]
CustomCommand[0-9]=
Full path and arguments to command to be executed when user
selects n-th
"Custom Command"
from the Actions menu. This can be a ';' separated list of
commands to try. If the value is empty or missing, then the
custom command is not available. By default this value is not
enabled, so to enable "Custom Command" it must be
set to a nonempty value. [0-9] represents the
CustomCommand
suffix and can be an
integer between 0 and 9.
CustomCommandIsPersistent[0-9]=
Specifies if n-th
"Custom
Command" will appear outside the login manager, for
example on the desktop through the Log Out/Shut Down dialogs.
If not specified the default value is "false". This
option is only valid if corresponding
CustomCommand
is defined. [0-9] represents
CustomCommand
suffix and can be an integer
between 0 and 9.
CustomCommandLabel[0-9]=
Specifies the stock label that will be displayed on the
n-th
"Custom Command"
buttons and menu items. If not specified the default value is
"Custom_[0-9]". This option is only valid if
corresponding CustomCommand
is defined.
[0-9] represents CustomCommand
suffix
and can be an integer between 0 and 9. This option can't contain
any semicolon characters (i.e. ";").
CustomCommandLRLabel[0-9]=
Specifies the stock label that will be displayed on the
n-th
"Custom Command"
list items and radio buttons. If not specified the default
value is "Execute custom command _[0-9]". This
option is only valid if corresponding
CustomCommand
is defined. [0-9]
represents CustomCommand
suffix and
can be an integer between 0 and 9.
CustomCommandNoRestart[0-9]=
Specifies if gdm will be stopped/restarted once
n-th
"Custom Command"
has been executed. If not specified the default value is
"false". This option is only valid if corresponding
CustomCommand
is defined. [0-9]
represents CustomCommand
suffix and
can be an integer between 0 and 9. In addition when
corresponding CustomCommandIsPersistent
is set to true, setting CustomCommandNoRestart to false will
place corresponding CustomCommand
in the
Shut Down dialog set of actions, setting it to true will place
corresponding
CustomCommand
in the Log Out dialog set of
actions.
CustomCommandText[0-9]=
Specifies the message that will be displayed on the warning
dialog box once n-th
"Custom Command" button/menu item/radio button/list
item has been activated. If not specified the default value is
"Are you sure?". This option is only valid if
corresponding CustomCommand
is defined.
[0-9] represents CustomCommand
suffix and
can be an integer between 0 and 9.
CustomCommandTooltip[0-9]=
Specifies the message that will be displayed on tooltips for
n-th
"Custom Command"
entries. If not specified the default value is "Execute
custom command [0-9]". This option is only valid if
corresponding CustomCommand
is defined.
[0-9] represents CustomCommand
suffix and
can be an integer between 0 and 9.
GDM needs to be provided with information about each X servers that
will be used. You can have as many different definitions as you wish,
each identified with a unique name. The name
Standard
is required. If you do not specify
this server, GDM will assume default values for a 'Standard' server
and the path given by daemon/StandardXServer
.
Standard
is used as the default,
in situations when no other server has been defined.
Servers are defined by sections named server-
followed by the identifier of this server. This should be a simple
ASCII string with no spaces. The GUI configuration program allows
users to edit the servers defined in the GDM configuration files
but currently does not allow adding or deleting entries. Like
normal configuration options, server-
sections in the <etc>/gdm/custom.conf
file override values in the
<share>/gdm/defaults.conf
file. In other
words, if a server-Standard
section is defined
in <etc>/gdm/custom.conf
, then that
will be used and the section in the
<share>/gdm/defaults.conf
file will be
ignored.
[server-Standard]
name=Standard server
The name that will be displayed to the user.
command=/path/to/X
The command to execute, with full path to the binary of the X
server, and any extra arguments needed. Normally it is not
necessary to add a -nolisten tcp
argument
since the addition of this argument is controlled by the
DisallowTCP
GDM configuration option.
flexible=true
Indicates if this server is available as a choice when a user wishes to run a flexible, on demand server.
handled=true
Indicates that GDM should run the login window on this server
and allow a user to log in. If set to false, then GDM will
just run this server and wait for it to terminate. This can be
useful to run an X terminal using GDM. When this is done you
should normally also add -terminate
to the
command line of the server to make the server terminate after
each session. Otherwise the control of the slave will never
come back to GDM and, for example, soft restarts won't work.
This is because GDM assumes there is a login in progress for
the entire time this server is active.
chooser=false
Indicates that GDM should instead of a login window run a chooser on this window and allow the user to choose which server to log into.
priority=0
Indicates that the X server should be started at a different process priority. Values can be any integer value accepted by the setpriority C library function (normally between -20 and 20) with 0 being the default. For highly interactive applications, -5 yields good responsiveness. The default value is 0 and the setpriority function is not called if the value is 0.
The attached (also known as local or static) display configuration
specifies what displays should be always managed by GDM. GDM will
restart the X server on the display if it dies, for example. There
may be as many attached displays that are managed as you wish.
Typically each display is associated with a real display. On a
typical single-display machine this section would only contain one
key 0
that corresponds to DISPLAY
:0
.
The GUI configuration program allows users to edit the attached
display configuration defined in the GDM configuration files
and allows the user to add or delete entries. Like normal
configuration options, the [servers]
section in the <etc>/gdm/custom.conf
file overrides values in the
<share>/gdm/defaults.conf
file.
[servers]
0=Standard [device=/dev/foo]
The key cooresponds to the DISPLAY to be managed, so that
key 0
cooresponds to DISPLAY
:0
. On a multi-display machine you
can configure GDM to manage a login program on other displays
by adding additional keys. For example, adding key
1
would cause GDM to manage DISPLAY
:1
.
The first word of the value corresponds to a X server
definition in the "X Server Definitions" section
of the configuration file. For example, the following entry
means that DISPLAY :0
will start an X
server as defined in the
[server-Standard]
section:
[servers] 0=Standard
The first word of the value can also be set to the string "inactive" to indicate that this DISPLAY should not be managed. This can be used in the GDM Custom Configuration File to turn off a DISPLAY that is defined in the GDM System Defaults Configuration File.
The optional device argument is used to specify the device that
is associated with the DISPLAY. When using Virtual Terminals
(VT), this value is ignored and GDM will use the correct
device name associated with the VT. If not using VT, then GDM
will use the value specified by this optional argument. If
the device argument is not defined, then GDM will use the
default setting for attached displays defined in the
UtmpLineAttached
configuration section.
For the main display (typically DISPLAY
:0
), /dev/console
is
a reasonable value. For other displays it is probably best
to not include this argument unless you know the specific
device associated with the DISPLAY. The device value can
contain "%d" which is translated to the DISPLAY value
or "%h" which is translated to the hostname.
There are some per user configuration settings that control how GDM
behaves. GDM is picky about the file ownership and permissions of
the user files it will access, and will ignore files if they are not
owned by the user or files that have group/world write permission.
It will also ignore the user if the user's $HOME directory is not
owned by the user or if the user's $HOME directory has group/world
write permission. files must also be smaller than the
UserMaxFile
value as defined in the GDM
configuration. If it seems that GDM is not properly accessing
user configuration settings, the problem is most likely
caused by one of these checks failing.
First there is the ~/.dmrc
file. In
theory this file should be shared between GDM and KDM, so users only
have to configure things once. This is a standard
.ini
style configuration file. It has one section
called [Desktop]
which has two keys:
Session
and Language
.
The Session
key specifies the basename of the
session .desktop
file that the user wishes to
normally use (without the .desktop
extension, in
other words). The Language
key specifies the
language that the user wishes to use by default. If either of these
keys is missing, the system default is used. The file would normally
look as follows:
[Desktop] Session=gnome Language=cs_CZ.UTF-8
Normally GDM will write this file when the user logs in for the first time, and rewrite it if the user chooses to change their default values on a subsequent login.
If the GDM Face Browser is turned on, then the file
$HOME/.face
is accessed. This file should be a
standard image that GTK+ can read, such as PNG or JPEG. It also must
be smaller than the MaxIconWidth
and
MaxIconHeight
values defined in the GDM
configuration or it will be ignored. Users can run the
gdmphotosetup program to specify a face image
and it will copy the file to the $HOME/.face
location and scale it so its longest dimension is not larger than the
MaxIconWidth
or MaxIconHeight
values. gdmphotosetup takes care to not change
the aspect ratio of the image.
Face images can also be placed in the global face directory, which is
specified by the GlobalFaceDir
configuration
option ( normally <share>/pixmaps/faces/
)
and the filename should be the name of the user, optionally with a
.png
, .jpg
, etc. appended.