22.4 KB
Newer Older
# GDM Configuration file.  You can use gdmsetup program to graphically
2 3 4
# edit this, or you can optionally just edit this file by hand.  Note that
# gdmsetup does not tweak every option here, just the ones most users
# would care about.  Rest is for special setups and distro specific
5 6 7 8 9 10 11 12
# tweaks.  If you edit this file, you should send the HUP or USR1 signal to
# the daemon so that it restarts: (Assuming you have not changed PidFile)
#   kill -USR1 `cat /var/run/`
# (HUP will make gdm restart immediately while USR1 will make gdm not kill
# existing sessions and will only restart gdm after all users log out)
# You can also use the gdm-restart and gdm-safe-restart scripts which just
# do the above for you.
14 15 16 17
# For full reference documentation see the gnome help browser under
# GNOME|System category.  You can also find the docs in HTML form
# on
18 19 20 21 22 23
# NOTE: Some of these are commented out but still show their default values.
# If you wish to change them you must remove the '#' from the beginning of
# the line.  The commented out lines are lines where the default might
# change in the future, so set them one way or another if you feel
# strongly about it.
24 25
# Have fun! - George

Martin Peterson's avatar
Martin Peterson committed
27 28
# Automatic login, if true the first local screen will automatically logged
# in as user as set with AutomaticLogin key.

32 33 34 35 36
# Timed login, useful for kiosks.  Log in a certain user after a certain
# amount of time

38 39
# The gdm configuration program that is run from the login screen, you should
# probably leave this alone
#Configurator=@EXPANDED_GDMCONFIGDIR@/gdmsetup --disable-sound --disable-crash-dialog

42 43
# The chooser program.  Must output the chosen host on stdout, probably you
# should leave this alone
45 46

# The greeter for local (non-xdmcp) logins.  Change gdmlogin to gdmgreeter to
# get the new graphical greeter.
49 50

# The greeter for xdmcp logins, usually you want a less graphically intensive
# greeter here so it's better to leave this with gdmlogin

54 55 56 57
# Launch the greeter with an additional list of colon seperated gtk 
# modules. This is useful for enabling additional feature support 
# e.g. gnome accessibility framework. Only "trusted" modules should
# be allowed to minimise security holes
# By default these are the accessibility modules
61 62

# Default path to set.  The profile scripts will likely override this
# Default path for root.  The profile scripts will likely override this
66 67 68 69 70

# If you are having trouble with using a single server for a long time and
# want gdm to kill/restart the server, turn this on

71 72 73
# User and group used for running gdm GUI applicaitons.  By default this
# is set to user gdm and group gdm.  This user/group should have very
# limited permissions and access to ony the gdm directories and files.
Martin Peterson's avatar
Martin Peterson committed
76 77
# To try to kill all clients started at greeter time or in the Init script.
# doesn't always work, only if those clients have a window of their own
# You should probably never change this value unless you have a weird setup
82 83 84 85
# Note that a post login script is run before a PreSession script.
# It is run after the login is successful and before any setup is
# run on behalf of the user
Jiri (George) Lebl's avatar
Jiri (George) Lebl committed
Gregory Leblanc's avatar
Gregory Leblanc committed
89 90
# Distributions:  If you have some script that runs an X server in say
# VGA mode, allowing a login, could you please send it to me?
92 93 94
# if X keeps crashing on us we run this script.  The default one does a bunch
# of cool stuff to figure out what to tell the user and such and can
# run an X configuration program.
96 97
# Reboot, Halt and suspend commands, you can add different commands
# separated by a semicolon and gdm will use the first one it can find
98 99 100
# Probably should not touch the below this is the standard setup
Jiri (George) Lebl's avatar
Jiri (George) Lebl committed
103 104 105 106 107
# This is our standard startup script.  A bit different from a normal
# X session, but it shares a lot of stuff with that.  See the provided
# default for more information.
# This is a directory where .desktop files describing the sessions live
Jiri (George) Lebl's avatar
Jiri (George) Lebl committed
# It is really a PATH style variable since to allow actual
109 110 111
# interoperability with KDM.  Note that <sysconfdir>/dm/Sessions is there
# for backwards compatibility reasons with 2.4.4.x
# This is the default .desktop session.  One of the ones in SessionDesktopDir
# Better leave this blank and HOME will be used.  You can use syntax ~/ below
115 116
# to indicate home directory of the user.  You can also set this to something
# like /tmp if you don't want the authorizations to be in home directories.
117 118 119
# This is useful if you have NFS mounted home directories.  Note that if this
# is the home directory the UserAuthFBDir will still be used in case the home
# directory is NFS, see security/NeverPlaceCookiesOnNFS to override this behaviour.
# Fallback if home directory not writable
122 123
# The X server to use if we can't figure out what else to run.
# The maximum number of flexible X servers to run.
128 129 130 131
# And after how many minutes should we reap the flexible server if there is
# no activity and no one logged on.  Set to 0 to turn off the reaping.
# Does not affect Xnest flexiservers.
# the X nest command
134 135 136
# Automatic VT allocation.  Right now only works on Linux.  This way
# we force X to use specific vts.  turn VTAllocation to false if this
# is causing problems.
137 138
# Should double login be treated with a warning (and possibility to change
# vts on linux and freebsd systems for console logins)
Martin Peterson's avatar
Martin Peterson committed

143 144 145 146 147 148
# If true then the last login information is printed to the user before
# being prompted for password.  While this gives away some info on what
# users are on a system, it on the other hand should give the user an
# idea of when they logged in and if it doesn't seem kosher to them,
# they can just abort the login and contact the sysadmin (avoids running
# malicious startup scripts)

151 152 153 154
# Program used to play sounds.  Should not require any 'daemon' or anything
# like that as it will be run when no one is logged in yet.

155 156 157 158 159 160
# These are the languages that the console cannot handle because of font
# issues.  Here we mean the text console, not X.  This is only used
# when there are errors to report and we cannot start X.
# This is the default:

Gregory Leblanc's avatar
Gregory Leblanc committed
162 163 164
# If any distributions ship with this one off, they should be shot
# this is only local, so it's only for say kiosk use, when you
# want to minimize possibility of breakin
Gregory Leblanc's avatar
Gregory Leblanc committed
# If you want to be paranoid, turn this one off
# This will allow remote timed login
170 171
# 0 is the most restrictive, 1 allows group write permissions, 2 allows all
# write permissions
173 174 175
# Check if directories are owned by logon user.  Set to false, if you have, for
# example, home directories owned by some other user.
# Number of seconds to wait after a bad login
178 179
# Maximum size of a file we wish to read.  This makes it hard for a user to DoS
# us by using a large file.
181 182 183 184 185 186
# If true this will basically append -nolisten tcp to every X command line,
# a good default to have (why is this a "negative" setting? because if
# it is false, you could still not allow it by setting command line of
# any particular server).  It's probably better to ship with this on
# since most users will not need this and it's more of a security risk
# then anything else.
187 188 189
# Note: Anytime we find a -query or -indirect on the command line we do
# not add a "-nolisten tcp", as then the query just wouldn't work, so
# this setting only affects truly local sessions.
191 192 193 194 195 196 197
# By default never place cookies if we "detect" NFS.  We detect NFS
# by detecting "root-squashing".  It seems bad practice to place
# cookies on things that go over the network by default and thus we
# don't do it by default.  Sometimes you can however use safe remote
# filesystems where this is OK and you may want to have the cookie in your
# home directory.
Martin Peterson's avatar
Martin Peterson committed

199 200 201 202 203
# XDMCP is the protocol that allows remote login.  If you want to log into
# gdm remotely (I'd never turn this on on open network, use ssh for such
# remote usage that).  You can then run X with -query <thishost> to log in,
# or -indirect <thishost> to run a chooser.  Look for the 'Terminal' server
# type at the bottom of this config file.
Martin Peterson's avatar
Martin Peterson committed
Gregory Leblanc's avatar
Gregory Leblanc committed
# Distributions: Ship with this off.  It is never a safe thing to leave
206 207 208 209
# out on the net.  Setting up /etc/hosts.allow and /etc/hosts.deny to only
# allow local access is another alternative but not the safest.
# Firewalling port 177 is the safest if you wish to have xdmcp on.
# Read the manual for more notes on the security of XDMCP.
211 212
# Honour indirect queries, we run a chooser for these, and then redirect
# the user to the chosen host.  Otherwise we just log the user in locally.
# Maximum pending requests
215 216
# Maximum open XDMCP sessions at any point in time
# Maximum wait times
220 221
# How many times can a person log in from a single host.  Usually better to
223 224 225
# keep low to fend off DoS attacks by running many logins from a single
# host.  This is now set at 2 since if the server crashes then gdm doesn't
# know for some time and wouldn't allow another session.
227 228
# The number of seconds after which a non-responsive session is logged off.
# Better keep this low.
# The port.  177 is the standard port so better keep it that way
Gregory Leblanc's avatar
Gregory Leblanc committed
# Willing script, none is shipped and by default we'll send
233 234 235 236
# hostname system id.  But if you supply something here, the
# output of this script will be sent as status of this host so that
# the chooser can display it.  You could for example send load,
# or mail details for some user, or some such.
Martin Peterson's avatar
Martin Peterson committed

240 241 242
# The specific gtkrc file we use.  It should be the full path to the gtkrc
# that we need.  Unless you need a specific gtkrc that doesn't correspond to
# a specific theme, then just use the GtkTheme key
244 245 246 247 248 249 250 251 252 253 254 255 256

# The GTK+ theme to use for the gui
# If to allow changing the GTK+ (widget) theme from the greeter.  Currently
# this only affects the standard greeter as the graphical greeter does
# not yet have this ability
# Comma separated list of themes to allow.  These must be the names of the
# themes installed in the standard locations for gtk themes.  You can
# also specify 'all' to allow all installed themes.  These should be just
# the basenames of the themes such as 'Thinice' or 'LowContrast'.

# Maximum size of an icon, larger icons are scaled down
258 259
260 261

# Greeter has a nice title bar that the user can move
# Configuration is available from the system menu of the greeter
266 267
# Face browser is enabled.  This only works currently for the
# standard greeter as it is not yet enabled in the graphical greeter.
Jiri (George) Lebl's avatar
Jiri (George) Lebl committed
# The default picture in the browser
271 272 273 274
# User ID's less than the MinimalUID value will not be included in the
# face browser or in the gdmselection list for Automatic/Timed login.
# They will not be displayed regardless of the settings for
# Include and Exclude.
276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292
# Users listed in Include will be included in the face browser and in
# the gdmsetup selection list for Automatic/Timed login.  Users
# should be separated by commas.
# Users listed in Exclude are excluded from the face browser and from
# the gdmsetup selection list for Automatic/Timed login.  Excluded 
# users will still be able to log in, but will have to type their
# username.  Users should be separated by commas.  
# By default, an empty include list means display no users.  By setting
# IncludeAll to true, the password file will be scanned and all users 
# will be displayed except users excluded via the Exclude setting and
# user ID's less than MinimalUID.  Scanning the password file can be
# slow on systems with large numbers of users and this feature should 
# not be used in such environments.  The setting of IncludeAll does
# nothing if Include is set to a non-empty value.
# If user or user.png exists in this dir it will be used as his picture
295 296 297
# File which contains the locale we show to the user.  Likely you want to use
# the one shipped with gdm and edit it.  It is not a standard locale.alias file,
# although gdm will be able to read a standard locale.alias file as well.
# Logo shown in the standard greeter
301 302
# The standard greeter should shake if a user entered the wrong username or
# password.  Kind of cool looking
304 305 306 307
# The Actions menu (formerly system menu) is shown in the greeter, this is the
# menu that contains reboot, shutdown, suspend, config and chooser.  None of
# these is available if this is off.  They can be turned off individually
# however
309 310 311 312
# Should the chooser button be shown.  If this is shown, GDM can drop into
# chooser mode which will run the xdmcp chooser locally and allow the user
# to connect to some remote host.  Local XDMCP does not need to be enabled
# however
314 315
# Welcome is for all console logins and RemoteWelcome is for remote logins
# (through XDMCP).
316 317 318 319 320 321 322 323 324 325 326
# DefaultWelcome and DefaultRemoteWelcome set the string for Welcome
# to "Welcome" and for DefaultWelcome to "Welcome to %n", and properly
# translate the message to the appropriate language.  Note that %n gets
# translated to the hostname of the machine.  These default values can
# be overridden by setting DefaultWelcome and/or DefaultRemoteWelcome to
# false, and setting the Welcome and DefaultWelcome values as desired.
# Just make sure the strings are in utf-8 Note to distributors, if you
# wish to have a different Welcome string and wish to have this
# translated you can have entries such as "Welcome[cs]=Vitejte na %n".
327 328
#RemoteWelcome=Welcome to %n
329 330
# Don't allow user to move the standard greeter window.  Only makes sense
# if TitleBar is on
332 333 334
# Set a position rather then just centering the window.  If you enter
# negative values for the position it is taken as an offset from the
# right or bottom edge.
335 336 337
338 339
# Xinerama screen we use to display the greeter on.  Not for true
# multihead, currently only works for Xinerama.
341 342
# Background settings for the standard greeter:
# Type can be 0=None, 1=Image, 2=Color
343 344 345
347 348
# XDMCP session should only get a color, this is the sanest setting since
# you don't want to take up too much bandwidth
350 351
# Program to run to draw the background in the standard greeter.  Perhaps
# something like an xscreensaver hack or some such.
# if this is true then the background program is run always, otherwise
# it is only run when the BackgroundType is 0 (None)
356 357 358
# Show the Failsafe sessions.  These are much MUCH nicer (focus for xterm for
# example) and more failsafe then those supplied by scripts so distros should
# use this rather then just running an xterm from a script.
359 360
361 362 363 364
# Normally there is a session type called 'Last' that is shown which refers to
# the last session the user used.  If off, we will be in 'switchdesk' mode where
# the session saving stuff is disabled in GDM
# Always use 24 hour clock no matter what the locale.
366 367 368 369
# Use circles in the password field.  Looks kind of cool actually,
# but only works with certain fonts.
370 371 372
# Do not show any visible feedback in the password field. This is standard
# for instance in console, xdm and ssh.
# These two keys are for the new greeter.  Circles is the standard
374 375 376 377
# shipped theme.  If you want gdm to select a random theme from a list
# then provide a list that is delimited by /: to the GraphicalThemes key and 
# set GraphicalThemeRand to true.  Otherwise use GraphicalTheme and specify
# just one theme.
382 383 384 385 386 387
# If InfoMsgFile points to a file, the greeter will display the contents of the
# file in a modal dialog box before the user is allowed to log in.
# If InfoMsgFile is present then InfoMsgFont can be used to specify the font
# to be used when displaying the contents of the file.
#InfoMsgFont=Sans 24
388 389 390 391 392 393
# If SoundOnLogin is true, then the greeter will beep when login is ready
# for user input.  If SoundOnLogin is a file and the greeter finds the
# 'play' executable (see daemon/SoundProgram) it will play that file
# instead of just beeping
394 395 396 397 398 399 400 401
# If SoundOnLoginSuccess, then the greeter will play a sound (as above)
# when a user successfully logs in
# If SoundOnLoginFailure, then the greeter will play a sound (as above)
# when a user fails to log in

# The chooser is what's displayed when a user wants an indirect XDMCP
# session, or selects Run XDMCP chooser from the system menu
Martin Peterson's avatar
Martin Peterson committed
# Default image for hosts
# Directory with host images, they are named by the hosts: host or host.png
Jiri (George) Lebl's avatar
Jiri (George) Lebl committed
# Time we scan for hosts (well only the time we tell the user we are
411 412
# scanning actually, we continue to listen even after this has
# expired)
414 415 416
# A comma separated lists of hosts to automatically add (if they answer to
# a query of course).  You can use this to reach hosts that broadcast cannot
# reach.
# Broadcast a query to get all hosts on the current network that answer
419 420 421 422 423 424
# Set it to true if you want to send a multicast query to hosts.
# It is an IPv6 multicast address.It is hardcoded here and will be replaced when
# officially registered xdmcp multicast address of TBD will be available
# Allow adding random hosts to the list by typing in their names
Martin Peterson's avatar
Martin Peterson committed
427 428

Gregory Leblanc's avatar
Gregory Leblanc committed
# This will enable debugging into the syslog, usually not neccessary
430 431
# and it creates a LOT of spew of random stuff to the syslog.  However it
# can be useful in determining when something is going very wrong.
433 434

435 436 437 438
# These are the standard servers.  You can add as many you want here
# and they will always be started.  Each line must start with a unique
# number and that will be the display number of that server.  Usually just
# the 0 server is used.
439 440
441 442 443 444 445 446 447
# Note the VTAllocation and FirstVT keys on linux and freebsd.
# Don't add any vt<number> arguments if VTAllocation is on, and set FirstVT to
# be the first vt available that your gettys don't grab (gettys are usually
# dumb and grab even a vt that has already been taken).  Using 7 will work
# pretty much for all linux distributions.  VTAllocation is not currently
# implemented on anything but linux and freebsd.  Feel free to send patches.
# X servers will just not get any extra arguments then.
# If you want to run an X terminal you could add an X server such as this
450 451 452
#0=Terminal -query serverhostname
# or for a chooser (optionally serverhostname could be localhost)
#0=Terminal -indirect serverhostname
453 454 455 456
# If you wish to run the XDMCP chooser on the local display use the following
# line

458 459 460 461
## Note:
# is your X server not listening to TCP requests?  Perhaps you should look
# at the security/DisallowTCP setting!

# Definition of the standard X server.
463 464
name=Standard server
467 468 469 470 471 472

# To use this server type you should add -query host or -indirect host
# to the command line
name=Terminal server
# Add -terminate to make things behave more nicely
command=@X_SERVER@ @X_CONFIG_OPTIONS@ -terminate
# Make this not appear in the flexible servers (we need extra params
475 476 477 478 479
# anyway, and terminate would be bad for xdmcp choosing).  You can
# make a terminal server flexible, but not with an indirect query.
# If you need flexible indirect query server, then you must get rid
# of the -terminate and the only way to kill the flexible server will
# then be by Ctrl-Alt-Backspace
480 481 482
# Not local, we do not handle the logins for this X server
483 484 485 486 487

# To use this server type you should add -query host or -indirect host
# to the command line
name=Chooser server
489 490 491 492 493 494 495 496
# Make this not appear in the flexible servers for now, but if you
# wish to allow a chooser server then make this true.  This is the
# only way to make a flexible chooser server that behaves nicely.
# Run the chooser instead of the greeter.  When the user chooses a
# machine they will get this same server but run with
# "-terminate -query hostname"