gdm(1m) Maintenance Commands gdm(1m)NAME
gdm, gdm-binary - GDM (GNOME Display Manager)
SYNOPSISgdm | gdm-binary [--fatal-warnings] [--help] [--timed-exit] [--version]
DESCRIPTION
GDM is the GNOME Display Manager, a program used for login session man‐
agement. GDM supports managing the console display, other attached
displays, XDMCP displays, and flexible (or on-demand) displays. Flexi‐
ble displays make use of the Virtual Terminals (VT) interfaces to allow
user switching, so that multiple users can run simultaneous sessions
sharing the same console. GDM uses ConsoleKit to manage what sessions
are active on the system. GDM supports a number of configuration
interfaces which are described in later sections of this manpage.
The gdm-binary program is the actual program which manages the displays
on the system, while gdm is a wrapper script that launches the gdm-
binary program and passes along any options. Before launching gdm-
binary, the gdm wrapper script sources the system profile(4) file to
set standard system environment variables, and sets the LANG and
LC_MESSAGES environment variables to support internationalization.
For each display that GDM is configured to manage, the gdm-binary pro‐
gram will launch a slave daemon which does the work to actually manage
the display. The slave daemon will start the login greeter GUI pro‐
gram, the program that the user interacts with. Refer the the "Login
Greeter GUI" section below for more information about how the user
interface works.
If Virtual Terminals are supported on your system, you can start a
flexible display via the "User Switcher" panel applet. You may need to
add this applet to your panel to make use of it. You can also use the
gdmflexiserver(1) command to start flexible displays from the command
line.
If you wish to stop the GDM service, you can either send a TERM signal
to the main GDM daemon, or run the gdm-stop(1m) command. On Solaris,
the GDM service is managed by the smf(5) service management facility
under the service identifier svc:/application/graphical-login/gdm. On
Solaris, it is recommended that you use the svcadm(1m) utility to
enable and disable the "gdm" service instead of using the gdm-stop(1m)
command.
GDM supports libaudit and Solaris auditing. Refer to the "System
Administration Guide: Security Services" and the audit(1m) manpage for
more information. On Solaris, GDM also uses logindevperm(4) to ensure
that device permissions are set properly for the user on login.
OPTIONS
The following options are supported by gdm and gdm-binary:
--fatal-warnings Make all warnings fatal. Useful for debugging.
--help Display detailed usage message.
--timed-exit Exit after 30 seconds. Useful for debugging.
--version Display the GDM version.
ENVIRONMENT VARIABLES
See environ(5) for descriptions of environment variables.
When the following description refers to "scripts", these are referring
to the GDM Init, PostLogin, PreSession, and PostSession scripts.
DESKTOP_SESSION
For any user session started by GDM, this environment variable is
set to the session name the user has chosen in the login GUI, such
as "gnome" to indicate that the /usr/share/xsession/gnome.desktop
session file was used to launch the session.
DISPLAY
When running scripts and for any user session started by GDM, this
environment variable is set to the Xserver display value associated
with the session.
DESKTOP_SESSION
For any user session started by GDM, this environment variable is
set to the keyboard layout that the user has chosen in the login
GUI.
HOME
When running scripts and for any user session started by GDM, this
environment variable is set to the home directory associated with
the user.
LANG
For any user session started by GDM, this environment variable is
set to the langauge choice selected when the user logged in.
REMOTE_HOST
When running scripts, this environment variable is set to the host‐
name if the session is non-local (e.g. XDMCP).
RUNNING_UNDER_GDM
When running scripts, this environment variable is set to "true",
so that they can identify when they are executed by the GDM
process.
SHELL
When running scripts and for any user session started by GDM, this
environment variable is set to the shell associated with the ses‐
sion.
USER
When running scripts and for any user session started by GDM, this
environment variable is set to the username associated with the
session.
USERNAME
When running scripts and for any user session started by GDM, this
environment variable is set to the username associated with the
session.
XAUTHORITY
When running scripts and for any user session started by GDM, this
environment variable is set to the Xserver Xauthority file being
used by the session.
XDG_SESSION_COOKIE
This environment variable is provided by ConsoleKit, and this value
is set for any user session started by GDM so that ConsoleKit can
properly identify the session.
EXTENDED DESCRIPTION
Login Greeter GUI
The login greeter GUI allows the user to specify how their user session
should be started and ensures that the user authenticates before gain‐
ing access to their user session. Authentication can be disabled if
desired.
GDM makes use of pam(3PAM) to manage how the user authenticates (for
example, by entering a username and password, via a SmartCard, finger‐
print reader, etc.). If authentication is not desired, then GDM pro‐
vides two configuration options which can be used to bypass it: "Auto‐
matic Login" and "Timed Login". These are not enabled by default, but
can be turned on if desired.
The Automatic Login feature will cause GDM to bypass the login greeter
GUI entirely and immediately start a session for the user specified in
the GDM configuration. The Timed Login feature will display the login
greeter GUI for a number of seconds specified in the GDM configuration.
If no user logs in before the timeout, then GDM will automatically
start the user session for the user specified in the GDM configuration.
Timed Login is useful if you wish to have the opportunity to login as a
different user on some occasions. Obviously neither Automatic Login or
Timed Login are secure, and they should only be used on systems where
the security provided by authentication is not needed.
GDM normally uses a PAM stack named "gdm". When Automatic Login or
Timed Login is enabled, then GDM instead uses a PAM stack named "gdm-
autologin". Note that Automatic Login and Timed Login will not work
properly if the "gdm-autologin" PAM stack is not defined in your PAM
configuration.
The login greeter GUI provides two mechanisms for specifying which user
is logging into the system. Either the "Face Browser" can be used, or
GDM can prompt the user with the requests specified by the system PAM
configuration. By default, this means entering both the username and
password by hand.
The Face Browser is designed to work when PAM is configured to allow
users to select their username, so it is not useful with certain PAM
configurations (such as when the username is identified via a SmartCard
or fingerprint). The Face Browser obviously exposes usernames to any‐
one with access to the machine, so users may wish to disable it if this
is considered a security issue.
When the Face Browser is enabled, a list of users will appear in the
login greeter GUI. An icon for each user is shown, and users can spec‐
ify what icon is associated with their user. If the user has an image
file named ~/.face, then GDM will associate this image with the user.
If the user does not have such an image file, a default icon is dis‐
played. Image files must be no larger than 64K in size, or they are
ignored by GDM.
The login greeter GUI can be configured to provide "Shutdown",
"Restart", and "Suspend" buttons which allow the user to shutdown,
restart, or suspend the system if desired. On Solaris, the buttons
will only be available if the "solaris.system.shutdown" authorization
name is specified for the "gdm" user in the /etc/user_attr file. For
example, the /etc/user_attr file should include the following line to
make these buttons available from the GDM login GUI screen.
gdm::::type=normal;auths=solaris.system.shutdown
While the login greeter GUI is displayed, a panel is provided at the
bottom of the screen which provides useful information, interfaces that
allow the user to specify how their session should be started, and
interfaces to help the user navigate the login screen. These include:
· A clock, showing the date and time.
· What type of session to run.
· An alternative language to use.
· An alternative keyboard layout (if supported).
· The ability to launch assistive technology programs if desired.
· The ability to monitor the system battery (if using a system with
a battery).
The login greeter GUI also allows the user to take a screenshot. If
the user presses the keybindng associated with printing the screen,
then the gdm-screenshot is run to take the screenshot.
Accessibility
GDM supports accessibility. Users can click on the accessibility icon
on the panel to specify which assistive programs should be launched
with the login GUI programs. It is also possible to configure a system
so that needed assistive programs should always be launched.
Note that accessibility support requires that the Xserver supports the
XKB extension. If the accessibility icon does not appear in the panel,
then this is likely the problem. Enabling the XKB extension in the
Xserver, if possible, should correct this problem.
Security
The GDM login GUI programs are run with a dedicated user id and group
id. By default "gdm" is used for both the user id and group id, but
these values are configurable. The reason for using this special user
and group is to make sure that the GDM user interfaces run as a user
without unnecessary privileges, so that in the unlikely case that some‐
one finds a weakness in the GUI, they will not gain access to a privi‐
leged account on the machine.
Note that the GDM user and group do have some privileges beyond what a
normal user has. This user and group has access to the Xserver autho‐
rization directory which contains all of the Xserver authorization
files and other private information. This means that someone who gains
the GDM user/group privileges can then connect to any running Xserver
session. Do not, under any circumstances, make the GDM user/group a
user/group that might be easy to get access to, such as the user
"nobody".
File permissions are set on the authorization files so that only the
user has read and write access to ensure that users are unable to
access the authorization files belonging to other users.
XDMCP
XDMCP (X Display Manager Control Protocol) displays the login screen
and resulting session on a remote machine over the network interface.
By default, XDMCP is disabled in GDM. However, GDM can be configured
to enable XDMCP so that users can log into the system from remote
hosts. By default, GDM listens to UDP port 177, although this can be
configured. GDM responds to QUERY and BROADCAST_QUERY requests by
sending a WILLING packet to the originator.
GDM provides configuration options that make GDM more resistant to
denial-of-service attacks on the XDMCP service. The default values
should work for most systems, but several protocol parameters, hand‐
shaking timeouts, and so on can be fine-tuned to make it more secure.
It is not recommended that you modify the XDMCP configuration unless
you know what you are doing.
GDM grants access to the hosts specified in the GDM service section of
your TCP Wrappers configuration file. Refer to the libwrap(3) manpage
for more information. GDM does not support remote display access con‐
trol on systems without TCP Wrapper support.
GDM can also be configured to honor INDIRECT queries and present a host
chooser to the remote display. GDM remembers the user's choice and for‐
wards subsequent requests to the chosen manager. GDM also supports an
extension to the protocol which makes GDM forget the redirection once
the user's connection succeeds. This extension is only supported if
both daemons are GDM. This extension is transparent and is ignored by
XDM or other daemons that implement XDMCP.
GDM only supports the MIT-MAGIC-COOKIE-1 authentication system. Because
of this, the cookies are transmitted as clear text. Therefore, you
should be careful about the network where you use this. That is, be
careful about where your XDMCP connection is going. Note that if snoop‐
ing is possible, an attacker could snoop your password as you log in,
so a better XDMCP authentication would not help you much anyway. If
snooping is possible and undesirable, you should use ssh(1) for tunnel‐
ing an X connection, rather then using GDM's XDMCP. Think of XDMCP as a
sort of graphical telnet, with the same security issues.
GDM Configuration
ConsoleKit interfaces are used to configure how GDM should manage dis‐
plays in a multiseat environment, so to configure multiseat please
refer to the console-kit-daemon(1m) manpage.
GDM also provides a number of configuration interfaces which allow the
user to specify how GDM should operate. The configuration available
for the GDM daemon and the GDM login greeter GUI are described below.
GDM also provides scripting interfaces and other interfaces to config‐
ure how sessions are started which are described in the "GDM Login
Scripts and Session Files" section of this manpage.
The default system configuration for the GDM daemon is stored in the
file /etc/gdm/gdm.schemas, and accessed by GDM via GConf. Users are
not recommended to modify this file since it may be overwritten on
upgrade. Instead users should override these settings by specifying
values in the /etc/gdm/custom.conf file, which is in standard INI for‐
mat.
The settings below are in "group/key=default_value type" format. The
type can be string, integer, or boolean. To override the
"xdmcp/Enable" value, you would modify the /etc/gdm/custom.conf so it
contains these lines:
[xdmcp]
Enable=true
The following keys are supported for configuring the GDM daemon:
chooser/Multicast=false (boolean)
If true and IPv6 is enabled, the chooser will send a multicast
query to the local network and collect responses from the hosts who
have joined multicast group.
chooser/MulticastAddr=ff02::1 (string)
This is the Link-local Multicast address.
daemon/TimedLoginEnable=false (boolean)
If the user given in TimedLogin should be logged in after a number
of seconds (set with TimedLoginDelay) of inactivity on the login
screen. This is useful for public access terminals or perhaps even
home use. If the user uses the keyboard or browses the menus, the
timeout will be reset to TimedLoginDelay or 30 seconds, whichever
is higher. If the user does not enter a username but just hits the
ENTER key while the login program is requesting the username, then
GDM will assume the user wants to login immediately as the timed
user. Note that no password will be asked for this user so you
should be careful, although if using PAM it can be configured to
require password entry before allowing login.
daemon/TimedLogin= (string)
This is the user that should be logged in after a specified number
of seconds of inactivity. If the value ends with a vertical bar |
(the pipe symbol), then GDM will execute the program specified and
use whatever value is returned on standard out from the program as
the user. The program is run with the DISPLAY environment variable
set so that it is possible to specify the user in a per-display
fashion. For example if the value is "/usr/bin/getloginuser|", then
the program /usr/bin/getloginuser will be run to get the user
value.
daemon/TimedLoginDelay=30 (integer)
Delay in seconds before the TimedLogin user will be logged in.
daemon/AutomaticLoginEnable=false (boolean)
If true, the user given in AutomaticLogin should be logged in
immediately. This feature is like timed login with a delay of 0
seconds.
daemon/AutomaticLogin= (string)
This is the user that should be logged in immediately if Automati‐
cLoginEnable is true. If the value ends with a vertical bar | (the
pipe symbol), then GDM will execute the program specified and use
whatever value is returned on standard out from the program as the
user. The program is run with the DISPLAY environment variable set
so that it is possible to specify the user in a per-display fash‐
ion. For example if the value is "/usr/bin/getloginuser|", then the
program /usr/bin/getloginuser will be run to get the user value.
daemon/User=gdm (string)
The username under which the greeter and other GUI programs are
run.
daemon/Group=gdm (string)
The group id used to run the login GUI programs
debug/Enable=false (boolean)
If true, then GDM will provide debug output in the system log,
which is either /var/log/messages or /var/adm/messages depending on
your system.
greeter/IncludeAll=false (boolean)
If true, then the face browser will show all users on the local
machine. If false, the face browser will only show users who have
recently logged in.
When this key is true, GDM will call fgetpwent() to get a list of
local users on the system. Anyusers with a user id less than 500
(or 100 if running on Solaris) are filtered out. The Face Browser
also will display any users that have previously logged in on the
system (for example NIS/LDAP users). It gets this list via calling
the ck-history(1) ConsoleKit interface. It will also filter out any
users which do not have a valid shell (valid shells are any shell
that getusershell() returns - /sbin/nologin or /bin/false are con‐
sidered invalid shells even if getusershell() returns them).
If false, then GDM more simply only displays users that have previ‐
ously logged in on the system (local or NIS/LDAP users) by calling
the ck-history(1) ConsoleKit interface.
greeter/Include= (string)
Set to a list of users to always include in the Face Browser. This
value is set to a list of users separated by commas. By default,
the value is empty.
greeter/Exclude=bin,root,daemon,adm,lp,sync,shut‐
down,halt,mail,news,uucp,operator,nobody,nobody4,noaccess,post‐
gres,pvm,rpm,nfsnobody,pcap (string)
Set to a list of users to always exclude in the Face Browser. This
value is set to a list of users separated by commas. Note that the
setting in the custom.conf overrides the default value, so if you
wish to add additional users to the list, then you need to set the
value to the default value with additional users appended to the
list.
greeter/ShowLast=false (boolean)
If true, then the session, language and layout dialogs in the login
greeter GUI will show the option "Last" by default. The users
default settings in their ~/.dmrc file will be used. If no set‐
tings exist in this file, then the system defaults will be used.
Note that GDM normally caches the user's ~/.dmrc in the
/var/cache/gdm directory. Turning on this feature causes GDM to
avoid using the cache, and instead accesses the user's configura‐
tion settings from their ~/.dmrc file after pam_setcred(3PAM) is
called. This feature is useful in situations where users might log
into multiple servers and the system administrator wants to avoid
situations where the user's cached settings might become inconsis‐
tant across different servers.
security/DisallowTCP=false (boolean)
If true, then always append "-nolisten tcp" to the Xserver command
line when starting attached Xservers, thus disallowing TCP connec‐
tion. This is a more secure configuration if you are not using
remote connections. Note that on Solaris, the options/tcp_listen
property of the x11-server service also controls whether this
option is appended to the Xserver command line. The GDM configura‐
tion value is set to "false" by default on Solaris to defer control
of this feature to this x11-server property. Refer to the
Xserver(1) manpage for more information.
xdmcp/DisplaysPerHost=1 (integer)
To prevent attackers from filling up the pending queue, GDM will
only allow one connection for each remote computer. If you want to
provide display services to computers with more than one screen,
you should increase this value. Note that the number of attached
DISPLAYS allowed is not limited. Only remote connections via XDMCP
are limited by this configuration option.
xdmcp/Enable=false (boolean)
Setting this to true enables XDMCP support allowing remote dis‐
plays/X terminals to be managed by GDM. If GDM is compiled to sup‐
port it, access from remote displays can be controlled using the
TCP Wrappers library.
xdmcp/HonorIndirect=true (boolean)
Enables XDMCP INDIRECT choosing for X-terminals which do not supply
their own display browser.
xdmcp/MaxPending=4 (integer)
To avoid denial of service attacks, GDM has fixed size queue of
pending connections. Only MaxPending displays can start at the same
time. Please note that this parameter does not limit the number of
remote displays which can be managed. It only limits the number of
displays initiating a connection simultaneously.
xdmcp/MaxSessions=16 (integer)
Determines the maximum number of remote display connections which
will be managed simultaneously. I.e. the total number of remote
displays that can use your host.
xdmcp/MaxWait=30 (integer)
When GDM is ready to manage a display an ACCEPT packet is sent to
it containing a unique session id which will be used in future
XDMCP conversations. GDM will then place the session id in the
pending queue waiting for the display to respond with a MANAGE
request. If no response is received within MaxWait seconds, GDM
will declare the display dead and erase it from the pending queue
freeing up the slot for other displays.
xdmcp/MaxWaitIndirect=30 (integer)
The MaxWaitIndirect parameter determines the maximum number of sec‐
onds between the time where a user chooses a host and the subse‐
quent indirect query where the user is connected to the host. When
the timeout is exceeded, the information about the chosen host is
forgotten and the indirect slot freed up for other displays. The
information may be forgotten earlier if there are more hosts trying
to send indirect queries then MaxPendingIndirect.
xdmcp/PingIntervalSeconds=15 (integer)
Interval in which to ping the Xserver in seconds. If the Xserver
does not respond before the next time we ping it, the connection is
stopped and the session ended. This is a combination of the XDM
PingInterval and PingTimeout, but in seconds.
xdmcp/Port=177 (integer)
The UDP port number gdm should listen to for XDMCP requests.
xdmcp/Willing=/etc/gdm/Willing (string)
When the machine sends a WILLING packet back after a QUERY it sends
a string that gives the current status of this server. The default
message is the system ID, but it is possible to create a script
that displays customized message. If this script does not exist or
this key is empty the default message is sent. If this script suc‐
ceeds and produces some output, the first line of it's output is
sent (and only the first line). It runs at most once every 3 sec‐
onds to prevent possible denial of service by flooding the machine
with QUERY packets.
The default system configuration for the GDM login greeter GUI is
stored in the system GConf schemas directory in the file gdm-simple-
greeter.schemas, and accessed by GDM via GConf. Users are not recom‐
mended to modify this file file since it may be overwritten on upgrade.
Instead users should override these settings by modifying the GConf
configuration for the GDM user (the user specified in the Daemon/User
configuration key above), normally the "gdm" user. Users can use the
gconftool-2(1) or gconf-editor(1) programs to set these values, if
desired. Refer to the EXAMPLES section of this manpage for more infor‐
mation about how to use these tools to change common settings.
GDM will use the GCONF_DEFAULT_SOURCE_PATH environment variable to
ensure that each display uses it's own GConf configuration. This way
changes in GConf will only affect the greeter in a per-seat manner.
The following keys are supported for configuring the GDM login greeter
GUI and are in "GConf key=default_value (gconf_data_type)" format:
/apps/gdm/simple-greeter/banner_message_enable=false (boolean)
Controls whether the banner message text is displayed.
/apps/gdm/simple-greeter/banner_message_text=NULL (string)
Specifies the text banner message to show on the greeter window.
/apps/gdm/simple-greeter/disable_restart_buttons=false (boolean)
Controls whether to show the restart buttons in the login window.
/apps/gdm/simple-greeter/disable_user_list=true (boolean)
If true, then the face browser with known users is not shown in the
login window.
/apps/gdm/simple-greeter/logo_icon_name=computer (string)
Set to the themed icon name to use for the greeter logo.
/apps/gdm/simple-greeter/wm_use_compiz=false (boolean)
Controls whether compiz is used as the window manager instead of
metacity.
/desktop/gnome/interface/accessibility=true (boolean)
Controls whether the Accessibility infrastructure will be started
with the GDM GUI. This is needed for many accessibility technology
programs to work.
/desktop/gnome/applications/at/screen_magnifier_enabled=false (boolean)
If set, then the assistive tools linked to this GConf key will be
started with the GDM GUI program. By default this is a screen mag‐
nifier application.
/desktop/gnome/applications/at/screen_keyboard_enabled=false (boolean)
If set, then the assistive tools linked to this GConf key will be
started with the GDM GUI program. By default this is an on-screen
keyboard application.
/desktop/gnome/applications/at/screen_reader_enabled=false (boolean)
If set, then the assistive tools linked to this GConf key will be
started with the GDM GUI program. By default this is a screen
reader application.
On Solaris, GDM also supports the CONSOLE, PASSREQ, PATH, and SUPATH
configuration options in /etc/default/login. Refer to the login(1)
manpage for details.
Logging
GDM logs error and debug information to the system syslog file.
Output from the Xservers started by GDM is stored in the GDM log direc‐
tory, /var/log/gdm. The Xserver output for each display is saved in a
file display.log, where display is the DISPLAY value for the associated
display.
Output from the GDM login greeter GUI is saved in a file display-
greeter.log and output from the GDM slave daemon is saved in a file
display-slave.log. Again, the display is the DISPLAY value for the
associated display.
Four older versions of each file are also stored, by appending 1
through 4 to the filename. These files are rotated, as new sessions on
that display are started.
The output from the user session is saved in a file ~/.xsession-errors.
The user session output is redirected before the PreSession script is
started.
Note that if the session is a failsafe session, or if GDM cannot open
this file for some reason, a fallback file is created named /tmp/xses-
user.XXXXXX, where XXXXXX are random characters.
If you run a system with quotas set, consider using the PostSession
script to delete the ~/.xsession-errors file, so that this log file is
not stored unnecessarily.
EXAMPLES
Note that the user should change user to the "gdm" user before running
the following gconftool-2(1) commands. For example, the
su(1m) command could be used. Configuration changes will only take
effect if they apply to the "gdm" user.
Example 1: To Enable Face Browser for all GDM login greeter GUI
example% gconftool-2 --direct --config-source xml:readwrite:/var/lib/gdm/.gconf.mandatory -t bool -s /apps/gdm/simple-greeter/disable_user_list false
Example 2: To Change the Background Image to stream.jpg for the GDM
login greeter GUI
example% gconftool-2 --direct --config-source xml:readwrite:/var/lib/gdm/.gconf.mandatory -t string -s /desktop/gnome/background/picture_filename /usr/share/pixmaps/backgrounds/opensolaris/stream.jpg
Example 3: To Disable Face Browser for StaticSeat1 GDM login greeter
GUI
example% gconftool-2 --direct --config-source xml:readwrite:/var/lib/gdm/StaticSeat1/.gconf -t bool -s /apps/gdm/simple-greeter/disable_user_list true
EXIT STATUS
The following exit values are returned:
0 Application exited successfully
>0 Application exited with failure
FILES
The following files are used by this application:
/usr/sbin/gdm
Wrapper script that launches GNOME Display Manager
/usr/sbin/gdm-binary
Executable for GNOME Display Manager.
GDM Login Scripts and Session Files
The following GDM login integration interfaces are discussed below:
· /etc/gdm/Init/Default
· /etc/gdm/Init/display
· /etc/gdm/PostLogin/Default
· /etc/gdm/PostLogin/display
· /etc/gdm/PreSession/Default
· /etc/gdm/PreSession/display
· /etc/gdm/Xsession
· /etc/X11/xinit/xinitrc.d
· /etc/profile
· ~/profile
· /etc/X11/xinit/xinitrc.d
· /etc/gdm/PostSession/Default
· /etc/gdm/PostSession/display
The following session files are also discussed below:
· /usr/share/gdm/autostart/LoginWindow/*.desktop
· /usr/share/xsessions/*.desktop
· ~/.dmrc(default user session)
The Init, PostLogin, PreSession, and PostSession scripts all work as
described below.
For each type of script, the default one which will be executed is
called "Default" and is stored in a directory associated with the
script type. So the default Init script is /etc/gdm/Init/Default. A
per-display script can be provided, and if it exists it will be run
instead of the default script. Such scripts are stored in the same
directory as the default script and have the same name as the Xserver
DISPLAY value for that display. For example, if the /etc/gdm/Init/:0
script exists, it will be run for DISPLAY ":0".
All of these scripts are run with root privilege and return 0 if run
successfully, and a non-zero return code if there was any failure that
should cause the login session to be aborted. Also note that GDM will
block until the scripts finish, so if any of these scripts hang, this
will cause the login process to also hang.
When the Xserver for the login GUI has been successfully started, but
before the login GUI is actually displayed, GDM will run the Init
script. This script is useful for starting programs that should be run
while the login screen is showing, or for doing any special initializa‐
tion if required.
After the user has been successfully authenticated GDM will run the
PostLogin script. This is done before any session setup has been done,
including before the pam_open_session(3PAM) call. This script is useful
for doing any session initialization that needs to happen before the
session starts. For example, you might setup the user's $HOME directory
if needed.
After the user session has been initialized, GDM will run the PreSes‐
sion script. This script is useful for doing any session initialization
that needs to happen after the session has been initialized. It can be
used for session management or accounting, for example.
When a user terminates their session, GDM will run the PostSession
script. Note that the Xserver will have been stopped by the time this
script is run, so it should not be accessed.
Note that the PostSession script will be run even when the display
fails to respond due to an I/O error or similar. Thus, there is no
guarantee that X applications will work during script execution.
All of the above scripts will set the RUNNING_UNDER_GDM environment
variable to "yes". If the scripts are also shared with other display
managers, this allows you to identify when GDM is calling these
scripts, so you can run specific code when GDM is used.
The /usr/share/gdm/autostart/LoginWindow directory contains .desktop
files. Any .desktop files in this directory will cause the associated
program to automatically start with the login GUI greeter. By default,
GDM is shipped with files which will autostart the gdm-simple-greeter
login GUI greeter itself, the gnome-power-manager application, the
gnome-settings-daemon, and the metacity window manager. These programs
are needed for the greeter program to work. In addition, desktop files
are provided for starting various AT programs if the associated acces‐
sibility configuration GConf keys are set.
The administrator can customize .desktop files. For example, an
xterm.desktop file can be useful when debugging the GDM login greeter.
A .desktop file to launch xterm(1) would look as follows:
[Desktop Entry]
Name=Xterm
Comment=Xterm
Exec=/usr/X11/bin/xterm
OnlyShowIn=GNOME;
Terminal=false
Type=Application
X-GNOME-Autostart-Phase=Applications
X-GNOME-AutoRestart=true
The user's default session and language choices are stored in the
~/.dmrc file. When a user logs in for the first time, this file is cre‐
ated with the user's initial choices. The user can change these default
values by simply changing to a different value when logging in. GDM
will remember this change for subsequent logins.
The session types which are available in the GDM login greeter GUI are
specified by .desktop files. These desktop files are in standard INI
format and the executable that will be run to start the session is
specified by the "Exec" key in the file. Desktop files are normally
stored in the /usr/share/xsessions directory. However, GDM will search
for desktop files in the following directories in this order:
/etc/X11/sessions/, /etc/dm/Sessions, /usr/share/xsessions, and
/usr/share/gdm/BuiltInSessions.
The /etc/gdm/Xsession script is called between the PreSession and the
PostSession scripts. This script does not support per-display like the
other scripts. This script is used for actually starting the user ses‐
sion. This script is run as the user, and it will run whatever session
was specified by the Desktop session file the user selected to start.
The /etc/gdm/Xsession script will source /etc/profile, ~/.profile, and
all scripts in the /etc/X11/xinit/xinitrc.d directory before starting
the user session. Refer to the profile(4) manpage for more informa‐
tion.
Configuration Files
/etc/gdm/gdm.schemas
GDM default daemon configuration.
/etc/gdm/custom.conf
GDM daemon configuration customization.
/etc/gconf/schemas/gdm-simple-greeter.schemas
GDM default login greeter GUI configuration.
/etc/default/login
On Solaris, GDM supports the CONSOLE, PASSREQ, PATH, and SUPATH
configuration options. Refer to the login(1) manpage for details.
~gdm/.gconf.mandatory
The GDM user's mandatory GConf settings.
~gdm/.gconf
The GDM user's GConf settings.
~gdm/seat/.gconf
The per-seat GDM user's GConf settings.
~gdm/.gconf.path
This file specifies the GDM user's mandatory GConf settings direc‐
tory.
Logging
/var/log/gdm/display.log
Xserver output for each display.
/var/log/gdm/display-greeter.log
GDM login greeter GUI output for each display.
/var/log/gdm/display-slave.log
GDM slave daemon output for each display.
~/.xsession-errors
Output from the user session.
GDM Xauthority files
/var/run/gdm
Stores the Xserver authentication files for each managed session.
Face Browser
/usr/share/pixmaps/faces
Global directory for face images.
~/.face
User-defined icon to be used by GDM face browser.
GDM user cache
/var/cache/gdm
GDM copies the user's ~/.dmrc and ~/.face files to
/var/cache/gdm/username, so that they can be accessed on subsequent
logins without accessing the user's $HOME directory before pam_set‐
cred(3PAM) is called.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │system/display-manager/gdm │
├─────────────────────────────┼─────────────────────────────┤
│Interface stability │Volatile │
├─────────────────────────────┼─────────────────────────────┤
│/etc/X11/gdm/custom.conf │Volatile │
├─────────────────────────────┼─────────────────────────────┤
│~gdm/.gconf.mandatory │Volatile │
├─────────────────────────────┼─────────────────────────────┤
│~gdm/.gconf │Volatile │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSO
More information can be found at:
http://library.gnome.org/admin/gdm
Latest version of the GNOME Desktop User Guide for your platform.
gdmdynamic(1), gdmflexiserver(1), gdm-screenshot(1), gconftool-2(1),
gconf-editor(1), login(1), ssh(1), Xorg(1), Xserver(1), audit(1m), con‐
sole-kit-daemon(1m), gdm-stop(1m), svcadm(1m), libwrap(3), pam(3PAM),
logindevperm(4), pam.conf(4), profile(4), user_attr(4), attributes(5),
environ(5), smf(5)NOTES
This man page written by Martin K. Petersen <mkp@mkp.net>, George Lebl
<jirka@5z.com>, and Brian Cameron <brian.cameron@sun.com>. Copyright
(c) 1998, 1999 by Martin K. Petersen. Copyright (c) 2001, 2003, 2004
by George Lebl. Copyright (c) 2003 by Red Hat, Inc. Copyright (c)
2006, 2009 by Sun Microsystems, Inc.
SunOS 5.11 28 Dec 2009 gdm(1m)