The gdmsetup application can be used to configure GDM. If you believe running root-owned GUI's causes security risk, then you would want to always edit the files by hand and not use gdmsetup. Editing the files by hand is explained in the "Configuration" section of this document. Note that gdmsetup does not support changing of all configuration variables, so it may be necessary to edit the files by hand for some configurations.
The gdmsetup program has five tabs: Local, Remote, Accessibility, Security, and Users, described below. In parenthesis is information about which GDM configuration key is affected by each GUI choice. Refer to the "Configuration" section of this manual and the comments in the GDM System Defaults Configuration File for additional details about each key.
The Local tab is used for controlling the appearance of GDM for attached (also known as local or static) displays. Attached displays are non-XDMCP remote connections, for example. The choices available in this tab depend on the setting of the "Style" combobox. This combobox is used to determine whether the "Plain" or "Themed" greeter GUI is used. The differences between these greeter programs are explained in the "Overview" section of this document.
If the "Style" choice is "Plain", then GDM will use the gdmlogin program as the GUI (daemon/Greeter). When this choice is selected, gdmsetup allows the user to select whether the background is an image or solid color (greeter/BackgroundType). If image is selected, there is a file selection button to pick the image file (greeter/BackgroundImage) and a checkbox to scale the image to fit the screen (greeter/BackgroundImageScaleToFit). If solid color is selected, there is a button available to allow the color selection (greeter/BackgroundColor). Also, the user may select the logo image that appears in gdmlogin (greeter/Logo).
If the "Style" choice is "Plain with face browser", then the gdmlogin program is used as the GUI (daemon/Greeter) and the face browser is turned on (greeter/Browser). The Face Browser is explained in the "Overview" section. Otherwise, the choices are the same as when the "Style" choice is "Plain". Additional setup in the Users tab may be necessary to choose which users appear in the Face Browser.
If the "Style" choice is "Themed", then the gdmgreeter program is used as the GUI (daemon/Greeter). When this choice is selected, gdmsetup allows the user to select the theme to be used (greeter/GraphicalTheme). Note that the checkbox to the left of the theme's name must be checked for a theme to be selected. Information about the theme's author and copyright are shown for the highlighted theme. The "Remove" button can be used to delete the highlighted theme. The "Add" button can be used to add new themes to the system. For a new theme to be added it must be in tar or compressed tar format. The "Background color" displayed when GDM starts (and if the theme has transparent elements) can be selected (greeter/GraphicalThemedColor). The "Theme" combo box may be set to "Random from selected" to display a random theme for each login (greeter/GraphicalThemeRand and greeter/GraphicalThemes). To use random themes, select each theme that you wish to be displayed. By default this combobox is set to "Selected only", so that only a single theme may be selected and be used.
If the "Style" choice is "Themed with face browser", then the gdmgreeter program is used as the GUI (daemon/Greeter) and the face browser is turned on (greeter/Browser) if supported by the theme. The Face Browser is explained in the Overview section. Otherwise, the choices are the same as when the "Style" choice is "Themed". Additional setup in the Users tab may be necessary to choose which users appear in the Face Browser.
Regardless of the "Style" choice, the user may also select whether the Actions menu is visible (greeter/SystemMenu), whether the Actions menu includes the choice to start gdmsetup (greeter/ConfigAvailable), and whether the Action menu includes the choice to start gdmchooser to run a remote XDMCP login session (greeter/ChooserButton). The welcome message for attached DISPLAYS may be specified (greeter/DefaultWelcome and greeter/Welcome). The welcome message may contain the character sequences described in the "Text Node" subsection of the "Themed Greeter" section of this manual. These character sequences allow the welcome message to contain things like the display or host name.
The Remote tab controls the appearance of the GDM for users logging in via XDMCP. By default XDMCP is disabled, and users should be comfortable with the XDMCP-related sections of the Security section of this document before enabling it. This tab includes a "Style" combobox which can be used to turn on XDMCP and control the appearance of GDM for remote users (gui/RemoteGreeter and xdmcp/Enable). The user may specify to use either the same greeter as used on the Local tab, or the other Greeter program. If the Face Browser setting is true on the Local tab, then it will also be true for the Remote tab. If the Face Browser setting is false on the Local tab, then it will also be false for the Remote tab. It is recommended that the "Plain" GUI be used for remote connections since it is more lightweight and tends to have better performance across a network.
If Remote login is enabled, then the welcome message for remote DISPLAYs may be specified (greeter/DefaultRemoteWelcome and greeter/RemoteWelcome). This welcome message is separate from the one shown for attached displays defined in the Local tab and can have a different value. The welcome message may contain the character sequences described in the "Text Node" subsection of the "Themed Greeter" section of this manual. These character sequences allow the welcome message to contain things like the display or host name.
If the "Style" choice is "Same as Local" and the local selection is "Plain" or "Plain with face browser", then the user may select whether background images should be displayed for remote logins (greeter/BackgroundRemoteOnlyColor).
If the "Style" choice is enabled and set to a different value than the Local tab, then the user has the same configuration choices as found on the Local tab except that the System Menu choices are not available since this is never available for remote logins for security purposes.
If Remote login is enabled, there is a "Configure XDMCP" button which displays a dialog allowing the user to set XDMCP configuration, including whether indirect requests are honored (xdmcp/HonorIndirect), UDP port (xdmcp/Port), maximum pending requests (xdmcp/MaxPending), maximum pending indirect requests (xmdcp/MaxPendingIndirect), maximum remote sessions (xdmcp/MaxSessions), maximum wait time (xdmcp/MaxWait), maximum indirect wait time (xdmcp/MaxWaitIndirect), displays per host (xdmcp/DisplaysPerHost), and ping interval (xdmcp/PingIntervalSeconds). The default settings are standard settings and should only be changed by someone who understands the ramifications of the change.
The Accessibility tab is used to turn on Accessibility features in GDM. "Enable accessible login" (daemon/AddGtkModules and daemon/GtkModulesList) turns on GDM's gesture listeners which are explained in the "Accessibility" section of this document. There is also a checkbox to allow users to change the theme when using the Plain greeter (gui/AllowGtkThemeChange). This feature allows GDM users to switch the theme to the HighContrast or LowContrast themes if needed. The user may also select whether GDM should play a sound when the login screen is ready, when login is successful and when login has failed. File chooser buttons are used to select the sound file to be played, and the "Play" button can be used to sample the sound.
The Security tab allows the user to turn on Automatic and Timed login, which user is logged in via an automatic or timed login, and the timed login delay (daemon/AutomaticLoginEnable, daemon/AutomaticLogin, daemon/TimedLoginEnable, daemon/TimedLogin, and daemon/TimedLoginDelay). If automatic login is turned on, then the specified user will immediately log in on reboot without GDM asking for username/password. If the user logs out of their session, GDM will start and ask for username and password to log back in. If TimedLogin is turned on, then GDM will log into the specified user after a specified number of seconds. The user may enable Timed Login for remote (XDMCP) connections by checking the "Allow remote timed logins" checkbox.
On this tab, the user may select whether the system administrator user can log in, and whether the system administrator user can log in via remote (XDMCP) connections (security/AllowRoot and security/AllowRemoteRoot). The user may turn on GDM debug (debug/Enable) which causes debug messages to be sent to the system log. Debug should only be used when diagnosing a problem and not be left on when not needed. The "Deny TCP connections to X server" choice will disable X forwarding if selected (security/DisallowTCP). A login retry delay (security/RetryDelay) can be set to cause GDM to wait a number of seconds after a failed login.
The "Configure X Server" button can be used to specify how GDM manages each display. The "Servers" combobox shows what server definitions are available (Standard, Terminal, and Chooser by default). Refer to the "X Server Definitions" section of the "Configuration" section for more information about how to create new Server Definitions.
For any server type, the user may modify the "Server Name" (server/name), the "Command" (server/command) to be used to launch the X server, whether the server type will "Launch" (server/chooser) the greeter or chooser GUI after starting the X server, whether GDM handles this type (normally only set to false when logging into a Terminal session type), and whether the session type supports "Flexible" (server/flexible) sessions.
The "Servers To Start" section shows what server type is displayed for each display on the machine. Users may click on the "Add/Modify" button to add a new display to the list or to modify a selected display. This simply corresponds each physical display with the Server Definition to be used for managing that display. The "Remove" button may be used to remove a display from the list.
The Users tab controls which users appear in the Face Browser. If the "Include all users from /etc/password" checkbox is selected, then all users (with a userid above greeter/MinimalUID and not in the Exclude list) are displayed. If this checkbox is not selected, then users must be added to the "Include" list. Users in the "Exclude" list are never displayed. The "Add" and "Remove" buttons are used to add a new user to the list or remove a selected user from the list. The "Apply User Changes" button must be pressed after the "Include" and "Exclude" lists have been modified. The left and right arrow buttons between the "Include" and "Exclude" lists can be used to move a selected user from one list to the other.