How to Place a Security Message on the Desktop Login Screen

Language:

Choose from several methods to create a security message for users to review before authentication, after authentication, or both. The /etc/issue file displays before authentication, while the /etc/motd file displays after authentication.

For more information, click the System → Help menu from the desktop to bring up the GNOME Help Browser. You can also use the yelp command. Desktop login scripts are discussed in the GDM Login Scripts and Session Files section of the gdm(1M) man page.

Note - The sample message in this procedure does not satisfy U.S. government requirements and likely does not satisfy your security policy. Consult with your company's legal counsel about the content of the security message.

Before You Begin

To create a file, you must assume the root role. To modify an existing file, you must become an administrator who is assigned the solaris.admin.edit/path-to-existing-file authorization.

Place a security message on the desktop login screen before authentication by using one of the following options.
The options that create a dialog box before authentication use the security message in the /etc/issue file from Step 1 of How to Place a Security Message in Banner Files.
- OPTION 1: Modify a GDM initialization script to display the security message in a dialog box.
  The /etc/gdm directory contains three initialization scripts that display the security message before authentication and after authentication.
```
# pfedit /etc/gdm/Init/Default
/usr/bin/zenity --text-info --width=800 --height=300 \
--title="Security Message"  --filename=/etc/issue
```
  For information about editing system files as a non-root user, see the pfedit(1M) man page.
- OPTION 2: Modify the login window to display the security message above the entry field.
  The login window expands to fit your message. This method does not point to the /etc/issue file. You must type the text into the GUI.
  
  Note - The login window, gdm-greeter-login-window.ui, is overwritten by the pkg fix and pkg update commands. To preserve your changes, copy the file to a configuration files directory, and merge its changes with the new file after upgrading the system. For more information, see the pkg(5) man page.
  1. Change directory to the login window user interface.
```
# cd /usr/share/gdm
```
  2. (Optional)Save a copy of the original login window UI.
```
# cp gdm-greeter-login-window.ui /etc/gdm/gdm-greeter-login-window.ui.orig
```
  3. Add a label to the login window by using the GNOME Toolkit interface designer.
    The glade-3 program opens the GTK+ interface designer. You type the security message into a label that displays above the user entry field.
```
# /usr/bin/glade-3 /usr/share/gdm/gdm-greeter-login-window.ui
```
    To review the guide for the interface designer, click Development in the GNOME Help Browser. The glade-3(1) man page is listed under Applications in the Manual Pages.
  4. (Optional)Save a copy of the modified login window UI.
```
# cp gdm-greeter-login-window.ui /etc/gdm/gdm-greeter-login-window.ui.site
```
Place a security message on the desktop login screen after authentication by using one of the following options.
The file that creates a dialog box after authentication use the security message in the /etc/motd file from Step 2 of How to Place a Security Message in Banner Files.
- OPTION 1: Place a security message on the desktop after authentication.
```
# pfedit /etc/gdm/PreSession/Default
/usr/bin/zenity --text-info --width=800 --height=300 \
--title="Security Message"  --filename=/etc/motd
```
  Note - The dialog box can be covered by windows in the user's workspace.
- OPTION 2: Create a desktop file that displays the security message in an additional window after authentication.
```
# pfedit /usr/share/gdm/autostart/LoginWindow/banner.desktop
[Desktop Entry]
Type=Application
Name=Banner Dialog
Exec=/usr/bin/zenity --text-info --width=800 --height=300 \
--title="Security Message" \
--filename=/etc/motd
OnlyShowIn=GNOME;
X-GNOME-Autostart-Phase=Application
```
  To reach the workspace after being authenticated in the login window, the user must close the security message window. For the options to the zenity command, see the zenity(1) man page.

Example 2-1 Creating a Short Warning Message at Desktop Login

In this example, the administrator types a short message as an argument to the zenity command in the desktop file. The administrator also uses the –-warning option, which displays a warning icon with the message.

# pfedit /usr/share/gdm/autostart/LoginWindow/bannershort.desktop
[Desktop Entry]
Type=Application
Name=Banner Dialog
Exec=/usr/bin/zenity --warning --width=800  --height=150 --title="Security Message" \
--text="This system serves authorized users only. Activity is monitored and reported."
OnlyShowIn=GNOME;
X-GNOME-Autostart-Phase=Application