# GDM Configuration file. You can use gdmsetup program to graphically # edit this, or you can optionally just edit this file by hand. Note that # gdmsetup does not tweak every option here, just the ones most users # would care about. Rest is for special setups and distro specific # tweaks. If you edit this file, you should run: # /etc/init.d/gdm reload or /etc/init.d/gdm restart # For full reference documentation see the gnome help browser under # GNOME|System category. You can also find the docs in HTML form on # http://www.gnome.org/projects/gdm/ # # NOTE: Some of these are commented out but still show their default values. # If you wish to change them you must remove the '#' from the beginning of # the line. The commented out lines are lines where the default might # change in the future, so set them one way or another if you feel # strongly about it. # # Have fun! - George [daemon] # Automatic login, if true the first local screen will automatically logged # in as user as set with AutomaticLogin key. AutomaticLoginEnable=false AutomaticLogin= # Timed login, useful for kiosks. Log in a certain user after a certain # amount of time TimedLoginEnable=false TimedLogin= TimedLoginDelay=30 # The gdm configuration program that is run from the login screen, you should # probably leave this alone #Configurator=/usr/sbin/gdmsetup --disable-sound --disable-crash-dialog # The chooser program. Must output the chosen host on stdout, probably you # should leave this alone Chooser=/usr/lib/gdm/gdmchooser # The greeter for local (non-xdmcp) logins. Change gdmlogin to gdmgreeter to # get the new graphical greeter. Greeter=/usr/lib/gdm/gdmgreeter # The greeter for xdmcp logins, usually you want a less graphically intensive # greeter here so it's better to leave this with gdmlogin RemoteGreeter=/usr/lib/gdm/gdmlogin # Launch the greeter with an additional list of colon seperated gtk # modules. This is useful for enabling additional feature support # e.g. gnome accessibility framework. Only "trusted" modules should # be allowed to minimise security holes AddGtkModules=false # By default these are the accessibility modules #GtkModulesList=gail:atk-bridge:/usr/lib/gtk-2.0/modules/libdwellmouselistener:/usr/lib/gtk-2.0/modules/libkeymouselistener # Default path to set. The profile scripts will likely override this DefaultPath=/usr/local/bin:/usr/local/sbin:/sbin:/usr/sbin:/bin:/usr/bin:/usr/bin/X11:/usr/games:/opt/SUNWut/bin # Default path for root. The profile scripts will likely override this RootPath=/usr/local/bin:/usr/local/sbin:/sbin:/usr/sbin:/bin:/usr/bin:/usr/bin/X11:/usr/games:/opt/SUNWut/bin:/opt/SUNWut/sbin # If you are having trouble with using a single server for a long time and # want gdm to kill/restart the server, turn this on AlwaysRestartServer=false # User and group used for running gdm GUI applicaitons. By default this # is set to user gdm and group gdm. This user/group should have very # limited permissions and access to ony the gdm directories and files. User=gdm Group=gdm # To try to kill all clients started at greeter time or in the Init script. # doesn't always work, only if those clients have a window of their own #KillInitClients=true LogDir=/var/log/gdm # You should probably never change this value unless you have a weird setup PidFile=/var/run/gdm.pid # Note that a post login script is run before a PreSession script. # It is run after the login is successful and before any setup is # run on behalf of the user PostLoginScriptDir=/etc/X11/gdm/SunRayPostLogin/ PreSessionScriptDir=/etc/X11/gdm/SunRayPreSession/ PostSessionScriptDir=/etc/X11/gdm/SunRayPostSession/ DisplayInitDir=/etc/X11/gdm/SunRayInit/ # Distributions: If you have some script that runs an X server in say # VGA mode, allowing a login, could you please send it to me? FailsafeXServer= # if X keeps crashing on us we run this script. The default one does a bunch # of cool stuff to figure out what to tell the user and such and can # run an X configuration program. XKeepsCrashing=/etc/gdm/XKeepsCrashing # Reboot, Halt and suspend commands, you can add different commands # separated by a semicolon and gdm will use the first one it can find RebootCommand=/bin/false HaltCommand=/bin/false SuspendCommand=/bin/false HibernateCommand=/bin/false # Probably should not touch the below this is the standard setup ServAuthDir=/var/lib/gdm # This is our standard startup script. A bit different from a normal # X session, but it shares a lot of stuff with that. See the provided # default for more information. BaseXsession=/etc/gdm/Xsession # This is a directory where .desktop files describing the sessions live # It is really a PATH style variable since 2.4.4.2 to allow actual # interoperability with KDM. Note that /dm/Sessions is there # for backwards compatibility reasons with 2.4.4.x SessionDesktopDir=/etc/X11/sessions/:/etc/dm/Sessions/:/usr/share/gdm/BuiltInSessions/:/usr/share/xsessions/ # This is the default .desktop session. One of the ones in SessionDesktopDir DefaultSession=default.desktop # Better leave this blank and HOME will be used. You can use syntax ~/ below # to indicate home directory of the user. You can also set this to something # like /tmp if you don't want the authorizations to be in home directories. # This is useful if you have NFS mounted home directories. Note that if this # is the home directory the UserAuthFBDir will still be used in case the home # directory is NFS, see security/NeverPlaceCookiesOnNFS to override this behaviour. UserAuthDir= # Fallback if home directory not writable UserAuthFBDir=/tmp UserAuthFile=.Xauthority # The X server to use if we can't figure out what else to run. StandardXServer=/usr/X11R6/bin/X # The maximum number of flexible X servers to run. FlexibleXServers=0 # And after how many minutes should we reap the flexible server if there is # no activity and no one logged on. Set to 0 to turn off the reaping. # Does not affect Xnest flexiservers. #FlexiReapDelayMinutes=5 # the X nest command Xnest=/usr/X11R6/bin/Xnest -br -audit 0 -name Xnest # Automatic VT allocation. Right now only works on Linux. This way # we force X to use specific vts. turn VTAllocation to false if this # is causing problems. FirstVT=7 VTAllocation=false # Should double login be treated with a warning (and possibility to change # vts on linux and freebsd systems for console logins) DoubleLoginWarning=true # Should a second login always resume the current session and # switch vts on linux and freebsd systems for console logins #AlwaysLoginCurrentSession=true # If true then the last login information is printed to the user before # being prompted for password. While this gives away some info on what # users are on a system, it on the other hand should give the user an # idea of when they logged in and if it doesn't seem kosher to them, # they can just abort the login and contact the sysadmin (avoids running # malicious startup scripts) DisplayLastLogin=false # Program used to play sounds. Should not require any 'daemon' or anything # like that as it will be run when no one is logged in yet. SoundProgram=/usr/lib/gdmplay # These are the languages that the console cannot handle because of font # issues. Here we mean the text console, not X. This is only used # when there are errors to report and we cannot start X. # This is the default: #ConsoleCannotHandle=am,ar,az,bn,el,fa,gu,hi,ja,ko,ml,mr,pa,ta,zh # This determines whether gdm will honor requests DYNAMIC requests from # the gdmdynamic command. DynamicXServers=true # This determines whether gdm will send notifications to the console #ConsoleNotify=true [security] # If any distributions ship with this one off, they should be shot # this is only local, so it's only for say kiosk use, when you # want to minimize possibility of breakin AllowRoot=false # If you want to be paranoid, turn this one off AllowRemoteRoot=false # This will allow remote timed login AllowRemoteAutoLogin=false # 0 is the most restrictive, 1 allows group write permissions, 2 allows all # write permissions RelaxPermissions=0 # Check if directories are owned by logon user. Set to false, if you have, for # example, home directories owned by some other user. CheckDirOwner=true # Number of seconds to wait after a bad login #RetryDelay=1 # Maximum size of a file we wish to read. This makes it hard for a user to DoS # us by using a large file. #UserMaxFile=65536 # If true this will basically append -nolisten tcp to every X command line, # a good default to have (why is this a "negative" setting? because if # it is false, you could still not allow it by setting command line of # any particular server). It's probably better to ship with this on # since most users will not need this and it's more of a security risk # then anything else. # Note: Anytime we find a -query or -indirect on the command line we do # not add a "-nolisten tcp", as then the query just wouldn't work, so # this setting only affects truly local sessions. DisallowTCP=false # By default never place cookies if we "detect" NFS. We detect NFS # by detecting "root-squashing". It seems bad practice to place # cookies on things that go over the network by default and thus we # don't do it by default. Sometimes you can however use safe remote # filesystems where this is OK and you may want to have the cookie in your # home directory. #NeverPlaceCookiesOnNFS=true # XDMCP is the protocol that allows remote login. If you want to log into # gdm remotely (I'd never turn this on on open network, use ssh for such # remote usage that). You can then run X with -query to log in, # or -indirect to run a chooser. Look for the 'Terminal' server # type at the bottom of this config file. [xdmcp] # Distributions: Ship with this off. It is never a safe thing to leave # out on the net. Setting up /etc/hosts.allow and /etc/hosts.deny to only # allow local access is another alternative but not the safest. # Firewalling port 177 is the safest if you wish to have xdmcp on. # Read the manual for more notes on the security of XDMCP. Enable=false # Honour indirect queries, we run a chooser for these, and then redirect # the user to the chosen host. Otherwise we just log the user in locally. #HonorIndirect=true # Maximum pending requests #MaxPending=4 #MaxPendingIndirect=4 # Maximum open XDMCP sessions at any point in time #MaxSessions=16 # Maximum wait times #MaxWait=15 #MaxWaitIndirect=15 # How many times can a person log in from a single host. Usually better to # keep low to fend off DoS attacks by running many logins from a single # host. This is now set at 2 since if the server crashes then gdm doesn't # know for some time and wouldn't allow another session. #DisplaysPerHost=2 # The number of seconds after which a non-responsive session is logged off. # Better keep this low. #PingIntervalSeconds=15 # The port. 177 is the standard port so better keep it that way #Port=177 # Willing script, none is shipped and by default we'll send # hostname system id. But if you supply something here, the # output of this script will be sent as status of this host so that # the chooser can display it. You could for example send load, # or mail details for some user, or some such. Willing=/etc/gdm/Xwilling [gui] # The specific gtkrc file we use. It should be the full path to the gtkrc # that we need. Unless you need a specific gtkrc that doesn't correspond to # a specific theme, then just use the GtkTheme key #GtkRC=/usr/share/themes/Default/gtk-2.0/gtkrc # The GTK+ theme to use for the gui GtkTheme=Human # If to allow changing the GTK+ (widget) theme from the greeter. Currently # this only affects the standard greeter as the graphical greeter does # not yet have this ability AllowGtkThemeChange=true # Comma separated list of themes to allow. These must be the names of the # themes installed in the standard locations for gtk themes. You can # also specify 'all' to allow all installed themes. These should be just # the basenames of the themes such as 'Thinice' or 'LowContrast'. #GtkThemesToAllow=Human,HighContrast,HighContrastInverse,LowContrast GtkThemesToAllow=all # Maximum size of an icon, larger icons are scaled down #MaxIconWidth=128 #MaxIconHeight=128 [greeter] # Greeter has a nice title bar that the user can move #TitleBar=true # Configuration is available from the system menu of the greeter ConfigAvailable=false # Face browser is enabled. This only works currently for the # standard greeter as it is not yet enabled in the graphical greeter. Browser=false # The default picture in the browser #DefaultFace=/usr/share/pixmaps/nobody.png # User ID's less than the MinimalUID value will not be included in the # face browser or in the gdmselection list for Automatic/Timed login. # They will not be displayed regardless of the settings for # Include and Exclude. MinimalUID=1000 # Users listed in Include will be included in the face browser and in # the gdmsetup selection list for Automatic/Timed login. Users # should be separated by commas. #Include= # Users listed in Exclude are excluded from the face browser and from # the gdmsetup selection list for Automatic/Timed login. Excluded # users will still be able to log in, but will have to type their # username. Users should be separated by commas. Exclude=bin,daemon,adm,lp,sync,shutdown,halt,mail,news,uucp,operator,nobody,gdm,postgres,pvm,rpm # By default, an empty include list means display no users. By setting # IncludeAll to true, the password file will be scanned and all users # will be displayed except users excluded via the Exclude setting and # user ID's less than MinimalUID. Scanning the password file can be # slow on systems with large numbers of users and this feature should # not be used in such environments. The setting of IncludeAll does # nothing if Include is set to a non-empty value. IncludeAll=true # If user or user.png exists in this dir it will be used as his picture #GlobalFaceDir=/usr/share/pixmaps/faces/ # File which contains the locale we show to the user. Likely you want to use # the one shipped with gdm and edit it. It is not a standard locale.alias file, # although gdm will be able to read a standard locale.alias file as well. LocaleFile=/etc/gdm/locale.conf # Logo shown in the standard greeter #Logo=/usr/share/pixmaps/gdmDebianLogo.xpm # The standard greeter should shake if a user entered the wrong username or # password. Kind of cool looking #Quiver=true # The Actions menu (formerly system menu) is shown in the greeter, this is the # menu that contains reboot, shutdown, suspend, config and chooser. None of # these is available if this is off. They can be turned off individually # however SystemMenu=false # The Actions in the Actions menu require the root password SecureSystemMenu=true # Should the chooser button be shown. If this is shown, GDM can drop into # chooser mode which will run the xdmcp chooser locally and allow the user # to connect to some remote host. Local XDMCP does not need to be enabled # however ChooserButton=false # Welcome is for all console logins and RemoteWelcome is for remote logins # (through XDMCP). # DefaultWelcome and DefaultRemoteWelcome set the string for Welcome # to "Welcome" and for DefaultWelcome to "Welcome to %n", and properly # translate the message to the appropriate language. Note that %n gets # translated to the hostname of the machine. These default values can # be overridden by setting DefaultWelcome and/or DefaultRemoteWelcome to # false, and setting the Welcome and DefaultWelcome values as desired. # Just make sure the strings are in utf-8 Note to distributors, if you # wish to have a different Welcome string and wish to have this # translated you can have entries such as "Welcome[cs]=Vitejte na %n". DefaultWelcome=true DefaultRemoteWelcome=true #Welcome=Welcome #RemoteWelcome=Welcome to %n # Don't allow user to move the standard greeter window. Only makes sense # if TitleBar is on #LockPosition=false # Set a position rather then just centering the window. If you enter # negative values for the position it is taken as an offset from the # right or bottom edge. #SetPosition=false #PositionX=0 #PositionY=0 # Xinerama screen we use to display the greeter on. Not for true # multihead, currently only works for Xinerama. #XineramaScreen=0 # Background settings for the standard greeter: # Type can be 0=None, 1=Image, 2=Color #BackgroundType=2 #BackgroundImage= #BackgroundScaleToFit=true BackgroundColor=#523921 # XDMCP session should only get a color, this is the sanest setting since # you don't want to take up too much bandwidth #BackgroundRemoteOnlyColor=true # Program to run to draw the background in the standard greeter. Perhaps # something like an xscreensaver hack or some such. #BackgroundProgram= # if this is true then the background program is run always, otherwise # it is only run when the BackgroundType is 0 (None) #RunBackgroundProgramAlways=false # Show the Failsafe sessions. These are much MUCH nicer (focus for xterm for # example) and more failsafe then those supplied by scripts so distros should # use this rather then just running an xterm from a script. #ShowGnomeFailsafeSession=true #ShowXtermFailsafeSession=true # Normally there is a session type called 'Last' that is shown which refers to # the last session the user used. If off, we will be in 'switchdesk' mode where # the session saving stuff is disabled in GDM #ShowLastSession=true # Always use 24 hour clock no matter what the locale. #Use24Clock=false # Use circles in the password field. Looks kind of cool actually, # but only works with certain fonts. UseCirclesInEntry=true # Do not show any visible feedback in the password field. This is standard # for instance in console, xdm and ssh. #UseInvisibleInEntry=false # These two keys are for the new greeter. Circles is the standard # shipped theme. If you want gdm to select a random theme from a list # then provide a list that is delimited by /: to the GraphicalThemes key and # set GraphicalThemeRand to true. Otherwise use GraphicalTheme and specify # just one theme. GraphicalTheme=Human #GraphicalThemes=circles/:happygnome GraphicalThemeDir=/usr/share/gdm/themes/ GraphicalThemeRand=false # If InfoMsgFile points to a file, the greeter will display the contents of the # file in a modal dialog box before the user is allowed to log in. #InfoMsgFile= # If InfoMsgFile is present then InfoMsgFont can be used to specify the font # to be used when displaying the contents of the file. #InfoMsgFont=Sans 24 # If SoundOnLogin is true, then the greeter will beep when login is ready # for user input. If SoundOnLogin is a file and the greeter finds the # 'play' executable (see daemon/SoundProgram) it will play that file # instead of just beeping SoundOnLogin=true SoundOnLoginFile=/usr/share/sounds/question.wav # If SoundOnLoginSuccess, then the greeter will play a sound (as above) # when a user successfully logs in #SoundOnLoginSuccess=false #SoundOnLoginSuccessFile= # If SoundOnLoginFailure, then the greeter will play a sound (as above) # when a user fails to log in #SoundOnLoginFailure=false #SoundOnLoginFailureFile= # The chooser is what's displayed when a user wants an indirect XDMCP # session, or selects Run XDMCP chooser from the system menu [chooser] # Default image for hosts #DefaultHostImg=/usr/share/pixmaps/nohost.png # Directory with host images, they are named by the hosts: host or host.png HostImageDir=/usr/share/hosts/ # Time we scan for hosts (well only the time we tell the user we are # scanning actually, we continue to listen even after this has # expired) #ScanTime=4 # A comma separated lists of hosts to automatically add (if they answer to # a query of course). You can use this to reach hosts that broadcast cannot # reach. Hosts= # Broadcast a query to get all hosts on the current network that answer Broadcast=true # Set it to true if you want to send a multicast query to hosts. Multicast=false # It is an IPv6 multicast address.It is hardcoded here and will be replaced when # officially registered xdmcp multicast address of TBD will be available #Multicast_Addr=ff02::1 # Allow adding random hosts to the list by typing in their names #AllowAdd=true [debug] # This will enable debugging into the syslog, usually not neccessary # and it creates a LOT of spew of random stuff to the syslog. However it # can be useful in determining when something is going very wrong. Enable=true [servers] # These are the standard servers. You can add as many you want here # and they will always be started. Each line must start with a unique # number and that will be the display number of that server. Usually just # the 0 server is used. 0=Standard #1=Standard # Note the VTAllocation and FirstVT keys on linux and freebsd. # Don't add any vt arguments if VTAllocation is on, and set FirstVT to # be the first vt available that your gettys don't grab (gettys are usually # dumb and grab even a vt that has already been taken). Using 7 will work # pretty much for all linux distributions. VTAllocation is not currently # implemented on anything but linux and freebsd. Feel free to send patches. # X servers will just not get any extra arguments then. # # If you want to run an X terminal you could add an X server such as this #0=Terminal -query serverhostname # or for a chooser (optionally serverhostname could be localhost) #0=Terminal -indirect serverhostname # # If you wish to run the XDMCP chooser on the local display use the following # line #0=Chooser ## Note: # is your X server not listening to TCP requests? Perhaps you should look # at the security/DisallowTCP setting! # Definition of the standard X server. [server-Standard] name=Standard server command=/usr/X11R6/bin/X -br -audit 0 flexible=false # To use this server type you should add -query host or -indirect host # to the command line [server-Terminal] name=Terminal server # Add -terminate to make things behave more nicely command=/usr/X11R6/bin/X -br -audit 0 -terminate # Make this not appear in the flexible servers (we need extra params # anyway, and terminate would be bad for xdmcp choosing). You can # make a terminal server flexible, but not with an indirect query. # If you need flexible indirect query server, then you must get rid # of the -terminate and the only way to kill the flexible server will # then be by Ctrl-Alt-Backspace flexible=false # Not local, we do not handle the logins for this X server handled=false # To use this server type you should add -query host or -indirect host # to the command line [server-Chooser] name=Chooser server command=/usr/X11R6/bin/X -br -audit 0 # Make this not appear in the flexible servers for now, but if you # wish to allow a chooser server then make this true. This is the # only way to make a flexible chooser server that behaves nicely. flexible=false # Run the chooser instead of the greeter. When the user chooses a # machine they will get this same server but run with # "-terminate -query hostname" chooser=true