Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Thursday, June 13, 2019
 
 

gdm (8)

Name

gdm - GDM (GNOME Display Manager)

Synopsis

/usr/sbin/gdm [--help] [--fatal-warnings] [--timed-exit] [--version]

Description

gdm(8)                      System Manager's Manual                     gdm(8)



NAME
       gdm - GDM (GNOME Display Manager)

SYNOPSIS
       /usr/sbin/gdm [--help] [--fatal-warnings] [--timed-exit] [--version]

DESCRIPTION
       GDM is the GNOME Display Manager, a program used for login session man-
       agement.  GDM supports managing the  console  display,  other  attached
       displays, XDMCP displays, and flexible (or on-demand) displays.  Flexi-
       ble displays make use of the Virtual Terminals (VT) interfaces to allow
       user  switching,  so  that multiple users can run simultaneous sessions
       sharing the same console.  GDM uses ConsoleKit to manage what  sessions
       are  active  on  the  system.   GDM  supports a number of configuration
       interfaces which are described in later sections of this manpage.

       For each display that GDM is configured to manage, the gdm program will
       launch  a  slave daemon which does the work to actually manage the dis-
       play.  The slave daemon will start the login greeter GUI  program,  the
       program that the user interacts with.  Refer to the "Login Greeter GUI"
       section below for more information about how the user interface works.

       If Virtual Terminals are supported on your  system,  you  can  start  a
       flexible display via the "User Switcher" panel applet.  You may need to
       add this applet to your panel to make use of it.  You can also use  the
       gdmflexiserver(1)  command  to start flexible displays from the command
       line.

       On Oracle Solaris, the GDM service is managed  by  the  smf(7)  service
       management   facility   under   the  service  identifier  svc:/applica-
       tion/graphical-login/gdm.  On Oracle Solaris, it  is  recommended  that
       you  use  the svcadm(8) utility to enable and disable the "gdm" service
       instead of killing the daemon with a SIGTERM signal.

       GDM supports Oracle Solaris auditing.  Refer to the "System Administra-
       tion Guide: Security Services" and the audit(8) manpage for more infor-
       mation.  On Oracle Solaris, GDM also  uses  logindevperm(5)  to  ensure
       that device permissions are set properly for the user on login.

OPTIONS
       The following options are supported by gdm:

       --fatal-warnings              Make  all  warnings  fatal.   Useful  for
                                     debugging.

       --help                        Display detailed usage message.

       --timed-exit                  Exit after 30 seconds.  Useful for debug-
                                     ging.

       --version                     Display the GDM version.

ENVIRONMENT VARIABLES
       See environ(7) for descriptions of environment variables.

       When the following description refers to "scripts", these are referring
       to the GDM Init, PostLogin, PreSession, and PostSession scripts.

       DESKTOP_SESSION               For any user session started by GDM, this
                                     environment  variable  is set to the ses-
                                     sion name the  user  has  chosen  in  the
                                     login  GUI,  such  as "gnome" to indicate
                                     that the  /usr/share/xsession/gnome.desk-
                                     top  session  file was used to launch the
                                     session.

       DISPLAY                       When running scripts  and  for  any  user
                                     session  started by GDM, this environment
                                     variable is set to  the  Xserver  display
                                     value associated with the session.

       HOME                          When  running  scripts  and  for any user
                                     session started by GDM, this  environment
                                     variable  is  set  to  the home directory
                                     associated with the user.

       LANG                          For any user session started by GDM, this
                                     environment  variable  is set to the lan-
                                     gauge  choice  selected  when  the   user
                                     logged in.

       REMOTE_HOST                   When  running  scripts,  this environment
                                     variable is set to the  hostname  if  the
                                     session is non-local (e.g. XDMCP).

       RUNNING_UNDER_GDM             When  running  scripts,  this environment
                                     variable is set to "true", so  that  they
                                     can  identify  when  they are executed by
                                     the GDM process.

       SHELL                         When running scripts  and  for  any  user
                                     session  started by GDM, this environment
                                     variable is set to the  shell  associated
                                     with the session.

       USER                          When  running  scripts  and  for any user
                                     session started by GDM, this  environment
                                     variable  is  set to the username associ-
                                     ated with the session.

       USERNAME                      When running scripts  and  for  any  user
                                     session  started by GDM, this environment
                                     variable is set to the  username  associ-
                                     ated with the session.

       XAUTHORITY                    When  running  scripts  and  for any user
                                     session started by GDM, this  environment
                                     variable is set to the Xserver Xauthority
                                     file being used by the session.

       XDG_SESSION_COOKIE            This environment variable is provided  by
                                     ConsoleKit, and this value is set for any
                                     user session started by GDM so that  Con-
                                     soleKit  can  properly  identify the ses-
                                     sion.

EXTENDED DESCRIPTION
   Login Greeter GUI
       The login greeter GUI allows the user to specify how their user session
       should  be started and ensures that the user authenticates before gain-
       ing access to their user session.  Authentication can  be  disabled  if
       desired.

       GDM  makes  use  of pam(3PAM) to manage how the user authenticates (for
       example, by entering a username and password, via a SmartCard,  finger-
       print  reader,  etc.).  If authentication is not desired, then GDM pro-
       vides two configuration options which can be used to bypass it:  "Auto-
       matic  Login" and "Timed Login".  These are not enabled by default, but
       can be turned on if desired.

       The Automatic Login feature will cause GDM to bypass the login  greeter
       GUI  entirely and immediately start a session for the user specified in
       the GDM configuration.  The Timed Login feature will display the  login
       greeter GUI for a number of seconds specified in the GDM configuration.
       If no user logs in before the  timeout,  then  GDM  will  automatically
       start the user session for the user specified in the GDM configuration.
       Timed Login is useful if you wish to have the opportunity to login as a
       different user on some occasions.  Obviously neither Automatic Login or
       Timed Login are secure, and they should only be used on  systems  where
       the security provided by authentication is not needed.

       GDM  normally  uses  a  PAM stack named "gdm".  When Automatic Login or
       Timed Login is enabled, then GDM instead uses a PAM stack  named  "gdm-
       autologin".   Note  that  Automatic Login and Timed Login will not work
       properly if the "gdm-autologin" PAM stack is not defined  in  your  PAM
       configuration.

       The login greeter GUI provides two mechanisms for specifying which user
       is logging into the system.  Either the "Face Browser" can be used,  or
       GDM  can  prompt the user with the requests specified by the system PAM
       configuration.  By default, this means entering both the  username  and
       password by hand.

       The  Face  Browser  is designed to work when PAM is configured to allow
       users to select their username, so it is not useful  with  certain  PAM
       configurations (such as when the username is identified via a SmartCard
       or fingerprint).  The Face Browser obviously exposes usernames to  any-
       one with access to the machine, so users may wish to disable it if this
       is considered a security issue.

       When the Face Browser is enabled, a list of users will  appear  in  the
       login greeter GUI.  An icon for each user is shown, and users can spec-
       ify what icon is associated with their user.  If the user has an  image
       file  named  ~/.face, then GDM will associate this image with the user.
       If the user does not have such an image file, a default  icon  is  dis-
       played.   Image  files  must be no larger than 64K in size, or they are
       ignored by GDM.

       The  login  greeter  GUI  can  be  configured  to  provide  "Shutdown",
       "Restart",  and  "Suspend"  buttons  which  allow the user to shutdown,
       restart, or suspend the system if desired.  On Oracle Solaris, the but-
       tons will only be available if the "solaris.system.shutdown" authoriza-
       tion name is specified for the "gdm" user in the  /etc/user_attr  file.
       For  example, the /etc/user_attr file should include the following line
       to make these buttons available from the GDM login GUI screen.

       gdm::::type=normal;auths=solaris.system.shutdown

       While the login greeter GUI is displayed, a panel is  provided  at  the
       bottom of the screen which provides useful information, interfaces that
       allow the user to specify how their  session  should  be  started,  and
       interfaces to help the user navigate the login screen.  These include:

         o  A clock, showing the date and time.
         o  What type of session to run.
         o  An alternative language to use.
         o  An alternative keyboard layout (if supported).
         o  The ability to launch assistive technology programs if desired.
         o  The  ability to monitor the system battery (if using a system with
            a battery).


       The login greeter GUI also allows the user to take  a  screenshot.   If
       the  user  presses  the  keybindng associated with printing the screen,
       then the gdm-screenshot is run to take the screenshot.

   Accessibility
       GDM supports accessibility.  Users can click on the accessibility  icon
       on  the  panel  to  specify which assistive programs should be launched
       with the login GUI programs.  It is also possible to configure a system
       so that needed assistive programs should always be launched.

   Security
       The  GDM  login GUI programs are run with a dedicated user id and group
       id.  By default "gdm" is used for both the user id and  group  id,  but
       these  values are configurable.  The reason for using this special user
       and group is to make sure that the GDM user interfaces run  as  a  user
       without unnecessary privileges, so that in the unlikely case that some-
       one finds a weakness in the GUI, they will not gain access to a  privi-
       leged account on the machine.

       Note  that the GDM user and group do have some privileges beyond what a
       normal user has.  This user and group has access to the Xserver  autho-
       rization  directory  which  contains  all  of the Xserver authorization
       files and other private information.  This means that someone who gains
       the  GDM  user/group privileges can then connect to any running Xserver
       session.  Do not, under any circumstances, make the  GDM  user/group  a
       user/group  that  might  be  easy  to  get  access to, such as the user
       "nobody".

       File permissions are set on the authorization files so  that  only  the
       user  has  read  and  write  access  to ensure that users are unable to
       access the authorization files belonging to other users.

   XDMCP
       XDMCP (X Display Manager Control Protocol) displays  the  login  screen
       and  resulting  session on a remote machine over the network interface.
       By default, XDMCP is disabled in GDM.  However, GDM can  be  configured
       to  enable  XDMCP  so  that  users  can log into the system from remote
       hosts.  By default, GDM listens to UDP port 177, although this  can  be
       configured.   GDM  responds  to  QUERY  and BROADCAST_QUERY requests by
       sending a WILLING packet to the originator.

       GDM provides configuration options that  make  GDM  more  resistant  to
       denial-of-service  attacks  on  the  XDMCP service.  The default values
       should work for most systems, but several  protocol  parameters,  hand-
       shaking  timeouts,  and so on can be fine-tuned to make it more secure.
       It is not recommended that you modify the  XDMCP  configuration  unless
       you know what you are doing.

       GDM  grants access to the hosts specified in the GDM service section of
       your TCP Wrappers configuration file.  Refer to the libwrap(3)  manpage
       for  more information.  GDM does not support remote display access con-
       trol on systems without TCP Wrapper support.

       GDM can also be configured to honor INDIRECT queries and present a host
       chooser to the remote display. GDM remembers the user's choice and for-
       wards subsequent requests to the chosen manager. GDM also  supports  an
       extension  to  the protocol which makes GDM forget the redirection once
       the user's connection succeeds.  This extension is  only  supported  if
       both  daemons  are GDM. This extension is transparent and is ignored by
       XDM or other daemons that implement XDMCP.

       GDM only supports the MIT-MAGIC-COOKIE-1 authentication system. Because
       of  this,  the  cookies  are  transmitted as clear text. Therefore, you
       should be careful about the network where you use  this.  That  is,  be
       careful about where your XDMCP connection is going. Note that if snoop-
       ing is possible, an attacker could snoop your password as you  log  in,
       so  a  better  XDMCP  authentication would not help you much anyway. If
       snooping is possible and undesirable, you should use ssh(1) for tunnel-
       ing an X connection, rather then using GDM's XDMCP. Think of XDMCP as a
       sort of graphical telnet, with the same security issues.

   GDM Configuration
       ConsoleKit interfaces are used to configure how GDM should manage  dis-
       plays  in  a  multiseat  environment,  so to configure multiseat please
       refer to the console-kit-daemon(8) manpage.

       GDM also provides a number of configuration interfaces which allow  the
       user  to  specify  how GDM should operate.  The configuration available
       for the GDM daemon and the GDM login greeter GUI are  described  below.
       GDM  also provides scripting interfaces and other interfaces to config-
       ure how sessions are started which are  described  in  the  "GDM  Login
       Scripts and Session Files" section of this manpage.

       The  default  system  configuration for the GDM daemon is stored in the
       file /etc/gdm/gdm.schemas, and accessed by GDM via  GConf.   Users  are
       not  recommended  to  modify  this  file since it may be overwritten on
       upgrade.  Instead users should override these  settings  by  specifying
       values  in the /etc/gdm/custom.conf file, which is in standard INI for-
       mat.

       The settings below are in "group/key=default_value type"  format.   The
       type   can   be   string,   integer,   or  boolean.   To  override  the
       "xdmcp/Enable" value, you would modify the /etc/gdm/custom.conf  so  it
       contains these lines:

       [xdmcp]
       Enable=true

       The following keys are supported for configuring the GDM daemon:

       chooser/Multicast=false  (boolean)  If  true  and  IPv6 is enabled, the
       chooser will send a multicast query to the local  network  and  collect
       responses from the hosts who have joined multicast group.


       chooser/MulticastAddr=ff02::1 (string) This is the Link-local Multicast
       address.


       daemon/TimedLoginEnable=false (boolean) If the user given in TimedLogin
       should  be  logged in after a number of seconds (set with TimedLoginDe-
       lay) of inactivity on the login  screen.  This  is  useful  for  public
       access  terminals  or  perhaps even home use. If the user uses the key-
       board or browses the menus, the timeout will be reset to  TimedLoginDe-
       lay  or  30  seconds, whichever is higher. If the user does not enter a
       username but just hits  the  ENTER  key  while  the  login  program  is
       requesting  the  username, then GDM will assume the user wants to login
       immediately as the timed user. Note that no password will be asked  for
       this  user  so  you  should be careful, although if using PAM it can be
       configured to require password entry before allowing login.


       daemon/TimedLogin= (string) This is the user that should be  logged  in
       after  a  specified number of seconds of inactivity.  If the value ends
       with a vertical bar | (the pipe symbol), then GDM will execute the pro-
       gram  specified and use whatever value is returned on standard out from
       the program as the user. The program is run with the  DISPLAY  environ-
       ment  variable set so that it is possible to specify the user in a per-
       display fashion. For example if the value is  "/usr/bin/getloginuser|",
       then  the  program  /usr/bin/getloginuser  will  be run to get the user
       value.


       daemon/TimedLoginDelay=30 (integer) Delay in seconds before the  Timed-
       Login  user will be logged in.


       daemon/AutomaticLoginEnable=false  (boolean) If true, the user given in
       AutomaticLogin  should be logged in immediately.  This feature is  like
       timed login with a delay of 0 seconds.


       daemon/AutomaticLogin=  (string) This is the user that should be logged
       in immediately if AutomaticLoginEnable is true.  If the value ends with
       a  vertical  bar | (the pipe symbol), then GDM will execute the program
       specified and use whatever value is returned on standard out  from  the
       program  as  the  user. The program is run with the DISPLAY environment
       variable set so that it is possible to specify the user in  a  per-dis-
       play  fashion.  For  example  if the value is "/usr/bin/getloginuser|",
       then the program /usr/bin/getloginuser will be  run  to  get  the  user
       value.


       daemon/User=gdm (string) The username under which the greeter and other
       GUI programs are run.


       daemon/Group=gdm (string) The group id used to run the login  GUI  pro-
       grams


       debug/Enable=false  (boolean) If true, then GDM will provide debug out-
       put  in  the  system  log,  which  is   either   /var/log/messages   or
       /var/adm/messages depending on your system.


       greeter/IncludeAll=false  (boolean) If true, then the face browser will
       show all users on the local machine. If false, the  face  browser  will
       only show users who have recently logged in.

       When this key is true, GDM will call fgetpwent() to get a list of local
       users on the system.  Anyusers with a user id less than 500 (or 100  if
       running  on  Oracle  Solaris)  are filtered out.  The Face Browser also
       will display any users that have previously logged  in  on  the  system
       (for example NIS/LDAP users). It gets this list via calling the ck-his-
       tory(1) ConsoleKit interface. It will also filter out any  users  which
       do  not  have  a  valid shell (valid shells are any shell that getuser-
       shell() returns - /sbin/nologin or /bin/false  are  considered  invalid
       shells even if getusershell() returns them).

       If false, then GDM more simply only displays users that have previously
       logged in on the system (local or NIS/LDAP users) by  calling  the  ck-
       history(1) ConsoleKit interface.


       greeter/Include=  (string)  Set to a list of users to always include in
       the Face Browser.  This value is set to a list of  users  separated  by
       commas.  By default, the value is empty.


       greeter/Exclude=bin,root,daemon,adm,lp,sync,shut-
       down,halt,mail,news,uucp,operator,nobody,nobody4,noaccess,post-
       gres,pvm,rpm,nfsnobody,pcap  (string)  Set to a list of users to always
       exclude in the Face Browser.  This value is set to a list of users sep-
       arated  by  commas.  Note that the setting in the custom.conf overrides
       the default value, so if you wish to add additional users to the  list,
       then  you  need  to  set the value to the default value with additional
       users appended to the list.


       greeter/ShowLast=false (boolean) If true, then  the  session,  language
       and layout dialogs in the login greeter GUI will show the option "Last"
       by default.  The users default settings in their ~/.dmrc file  will  be
       used.  If no settings exist in this file, then the system defaults will
       be used.  Note that GDM normally  caches  the  user's  ~/.dmrc  in  the
       /var/cache/gdm  directory.  Turning on this feature causes GDM to avoid
       using the cache, and instead accesses the user's configuration settings
       from  their  ~/.dmrc file after pam_setcred(3PAM) is called.  This fea-
       ture is useful in  situations  where  users  might  log  into  multiple
       servers  and  the  system administrator wants to avoid situations where
       the user's cached settings might become inconsistent  across  different
       servers.


       security/DisallowTCP=false   (boolean)  If  true,  then  always  append
       "-nolisten tcp" to the Xserver  command  line  when  starting  attached
       Xservers,  thus disallowing TCP connection.  This is a more secure con-
       figuration if you are not using remote connections.  Note that on  Ora-
       cle  Solaris, the options/tcp_listen property of the x11-server service
       also controls whether this option is appended to  the  Xserver  command
       line.  The GDM configuration value is set to "false" by default on Ora-
       cle Solaris to defer control of this feature to this  x11-server  prop-
       erty.  Refer to the Xserver(1) manpage for more information.


       xdmcp/DisplaysPerHost=1  (integer) To prevent attackers from filling up
       the pending queue, GDM will only allow one connection for  each  remote
       computer.  If  you  want  to provide display services to computers with
       more than one seat, you should increase this value.  Note that the num-
       ber  of  attached DISPLAYS allowed is not limited.  Only remote connec-
       tions via XDMCP are limited by this configuration option.


       xdmcp/Enable=false (boolean) Setting this to true enables XDMCP support
       allowing  remote  displays/X terminals to be managed by GDM.  If GDM is
       compiled to support it, access from remote displays can  be  controlled
       using the TCP Wrappers library.


       xdmcp/HonorIndirect=true  (boolean) Enables XDMCP INDIRECT choosing for
       X-terminals which do not supply their own display browser.


       xdmcp/MaxPending=4 (integer) To avoid denial of  service  attacks,  GDM
       has  fixed  size queue of pending connections. Only MaxPending displays
       can start at the same time.  Please note that this parameter  does  not
       limit  the number of remote displays which can be managed. It only lim-
       its the number of displays initiating a connection simultaneously.


       xdmcp/MaxSessions=16 (integer) Determines the maximum number of  remote
       display  connections  which  will  be  managed simultaneously. I.e. the
       total number of remote displays that can use your host.


       xdmcp/MaxWait=30 (integer) When GDM is ready to  manage  a  display  an
       ACCEPT  packet  is sent to it containing a unique session id which will
       be used in future XDMCP conversations.  GDM will then place the session
       id  in the pending queue waiting for the display to respond with a MAN-
       AGE request.  If no response is received within  MaxWait  seconds,  GDM
       will declare the display dead and erase it from the pending queue free-
       ing up the slot for other displays.


       xdmcp/MaxWaitIndirect=30 (integer) The MaxWaitIndirect parameter deter-
       mines  the  maximum  number  of  seconds  between the time where a user
       chooses a host and the subsequent indirect query where the user is con-
       nected to the host. When the timeout is exceeded, the information about
       the chosen host is forgotten and the indirect slot freed up  for  other
       displays.  The  information  may be forgotten earlier if there are more
       hosts trying to send indirect queries then MaxPendingIndirect.


       xdmcp/PingIntervalSeconds=15 (integer) Interval in which  to  ping  the
       Xserver  in  seconds.  If  the Xserver does not respond before the next
       time we ping it, the connection is stopped and the session ended.  This
       is  a  combination of the XDM PingInterval and PingTimeout, but in sec-
       onds.


       xdmcp/Port=177 (integer) The UDP port number gdm should listen  to  for
       XDMCP requests.


       xdmcp/Willing=/etc/gdm/Willing  (string) When the machine sends a WILL-
       ING packet back after a QUERY it sends a string that gives the  current
       status  of this server. The default message is the system ID, but it is
       possible to create a script that displays customized message.  If  this
       script does not exist or this key is empty the default message is sent.
       If this script succeeds and produces some output,  the  first  line  of
       it's  output  is  sent  (and only the first line). It runs at most once
       every 3 seconds to prevent possible denial of service by  flooding  the
       machine with QUERY packets.


       The  default  system  configuration  for  the  GDM login greeter GUI is
       stored in the system GConf schemas directory in  the  file  gdm-simple-
       greeter.schemas,  and  accessed by GDM via GConf.  Users are not recom-
       mended to modify this file file since it may be overwritten on upgrade.
       Instead  users  should  override  these settings by modifying the GConf
       configuration for the GDM user (the user specified in  the  Daemon/User
       configuration  key  above), normally the "gdm" user.  Users can use the
       gconftool-2(1) or gconf-editor(1) programs  to  set  these  values,  if
       desired.  Refer to the EXAMPLES section of this manpage for more infor-
       mation about how to use these tools to change common settings.

       GDM will use  the  GCONF_DEFAULT_SOURCE_PATH  environment  variable  to
       ensure  that  each display uses it's own GConf configuration.  This way
       changes in GConf will only affect the greeter in a per-seat manner.

       The following keys are supported for configuring the GDM login  greeter
       GUI and are in "GConf key=default_value (gconf_data_type)" format:

       /apps/gdm/simple-greeter/banner_message_enable=false (boolean) Controls
       whether the banner message text is displayed.


       /apps/gdm/simple-greeter/banner_message_text=NULL  (string)   Specifies
       the text banner message to show on the greeter window.


       /apps/gdm/simple-greeter/disable_restart_buttons=false  (boolean)  Con-
       trols whether to show the restart buttons in the login window.


       /apps/gdm/simple-greeter/disable_user_list=true (boolean) If true, then
       the face browser with known users is not shown in the login window.


       /apps/gdm/simple-greeter/logo_icon_name=computer  (string)  Set  to the
       themed icon name to use for the greeter logo.


       /apps/gdm/simple-greeter/wm_use_compiz=false (boolean) Controls whether
       compiz is used as the window manager instead of metacity.


       /desktop/gnome/interface/accessibility=true  (boolean) Controls whether
       the Accessibility infrastructure will be started with the GDM GUI. This
       is needed for many accessibility technology programs to work.


       /desktop/gnome/applications/at/screen_magnifier_enabled=false (boolean)
       If set, then the assistive tools linked  to  this  GConf  key  will  be
       started with the GDM GUI program. By default this is a screen magnifier
       application.


       /desktop/gnome/applications/at/screen_keyboard_enabled=false  (boolean)
       If  set,  then  the  assistive  tools  linked to this GConf key will be
       started with the GDM GUI program. By default this is an on-screen  key-
       board application.


       /desktop/gnome/applications/at/screen_reader_enabled=false (boolean) If
       set, then the assistive tools linked to this GConf key will be  started
       with  the  GDM GUI program. By default this is a screen reader applica-
       tion.


       On Oracle Solaris, GDM also supports the CONSOLE,  PASSREQ,  PATH,  and
       SUPATH  configuration  options  in  /etc/default/login.   Refer  to the
       login(1) manpage for details.

   Logging
       GDM logs error and debug information to the system syslog file.

       Output from the Xservers started by GDM is stored in the GDM log direc-
       tory,  /var/log/gdm.  The Xserver output for each display is saved in a
       file display.log, where display is the DISPLAY value for the associated
       display.

       Output  from  the  GDM  login  greeter  GUI is saved in a file display-
       greeter.log and output from the GDM slave daemon is  saved  in  a  file
       display-slave.log.   Again,  the  display  is the DISPLAY value for the
       associated display.

       Four older versions of each  file  are  also  stored,  by  appending  1
       through  4 to the filename. These files are rotated, as new sessions on
       that display are started.

       The output from the user session is saved in a file ~/.xsession-errors.
       The  user  session output is redirected before the PreSession script is
       started.

       Note that if the session is a failsafe session, or if GDM  cannot  open
       this  file for some reason, a fallback file is created named /tmp/xses-
       user.XXXXXX, where XXXXXX are random characters.

       If you run a system with quotas set,  consider  using  the  PostSession
       script  to delete the ~/.xsession-errors file, so that this log file is
       not stored unnecessarily.

EXAMPLES
       Note that the user should change user to the "gdm" user before  running
       the following gconftool-2(1) commands.  For example, the
        su(8)  command  could  be  used.  Configuration changes will only take
       effect if they apply to the "gdm" user.

       Example 1: To Enable Face Browser for all GDM login greeter GUI

       example% gconftool-2 --direct --config-source xml:readwrite:/var/lib/gdm/.gconf.mandatory -t bool -s /apps/gdm/simple-greeter/disable_user_list false

       Example 2: To Change the Background Image for the GDM login greeter GUI

       example% gconftool-2 --direct --config-source xml:readwrite:/var/lib/gdm/.gconf.mandatory -t string -s /desktop/gnome/background/picture_filename /usr/share/backgrounds/solaris/Hexagons_Dark.png

       Example 3: To Disable Face Browser for StaticSeat1  GDM  login  greeter
       GUI

       example% gconftool-2 --direct --config-source xml:readwrite:/var/lib/gdm/StaticSeat1/.gconf -t bool -s /apps/gdm/simple-greeter/disable_user_list true

EXIT STATUS
       The following exit values are returned:

       0       Application exited successfully

       >0      Application exited with failure

FILES
       The following files are used by this application:

       /usr/sbin/gdm                 Executable for GNOME Display Manager.


   GDM Login Scripts and Session Files
       The following GDM login integration interfaces are discussed below:

         o  /etc/gdm/Init/Default
         o  /etc/gdm/Init/display
         o  /etc/gdm/PostLogin/Default
         o  /etc/gdm/PostLogin/display
         o  /etc/gdm/PreSession/Default
         o  /etc/gdm/PreSession/display
         o  /etc/gdm/Xsession
         o  /etc/X11/xinit/xinitrc.d
         o  /etc/profile
         o  ~/profile
         o  /etc/X11/xinit/xinitrc.d
         o  /etc/gdm/PostSession/Default
         o  /etc/gdm/PostSession/display

       The following session files are also discussed below:

         o  /usr/share/gdm/autostart/LoginWindow/*.desktop
         o  /usr/share/xsessions/*.desktop
         o  ~/.dmrc(default user session)

       The  Init,  PostLogin,  PreSession, and PostSession scripts all work as
       described below.

       For each type of script, the default one  which  will  be  executed  is
       called  "Default"  and  is  stored  in  a directory associated with the
       script type. So the default Init script  is  /etc/gdm/Init/Default.   A
       per-display  script  can  be  provided, and if it exists it will be run
       instead of the default script. Such scripts  are  stored  in  the  same
       directory  as  the default script and have the same name as the Xserver
       DISPLAY value for that display. For example,  if  the  /etc/gdm/Init/:0
       script exists, it will be run for DISPLAY ":0".

       All  of  these  scripts are run with root privilege and return 0 if run
       successfully, and a non-zero return code if there was any failure  that
       should  cause  the login session to be aborted. Also note that GDM will
       block until the scripts finish, so if any of these scripts  hang,  this
       will cause the login process to also hang.

       When  the  Xserver for the login GUI has been successfully started, but
       before the login GUI is actually  displayed,  GDM  will  run  the  Init
       script.  This script is useful for starting programs that should be run
       while the login screen is showing, or for doing any special initializa-
       tion if required.

       After  the  user  has  been successfully authenticated GDM will run the
       PostLogin script. This is done before any session setup has been  done,
       including before the pam_open_session(3PAM) call. This script is useful
       for doing any session initialization that needs to  happen  before  the
       session starts. For example, you might setup the user's $HOME directory
       if needed.

       After the user session has been initialized, GDM will run  the  PreSes-
       sion script. This script is useful for doing any session initialization
       that needs to happen after the session has been initialized. It can  be
       used for session management or accounting, for example.

       When  a  user  terminates  their  session, GDM will run the PostSession
       script. Note that the Xserver will have been stopped by the  time  this
       script is run, so it should not be accessed.

       Note  that  the  PostSession  script  will be run even when the display
       fails to respond due to an I/O error or  similar.  Thus,  there  is  no
       guarantee that X applications will work during script execution.

       All  of  the  above  scripts will set the RUNNING_UNDER_GDM environment
       variable to "yes". If the scripts are also shared  with  other  display
       managers,  this  allows  you  to  identify  when  GDM  is calling these
       scripts, so you can run specific code when GDM is used.

       The /usr/share/gdm/autostart/LoginWindow  directory  contains  .desktop
       files.   Any .desktop files in this directory will cause the associated
       program to automatically start with the login GUI greeter. By  default,
       GDM  is  shipped with files which will autostart the gdm-simple-greeter
       login GUI greeter  itself,  the  gnome-power-manager  application,  the
       gnome-settings-daemon,  and the metacity window manager. These programs
       are needed for the greeter program to work. In addition, desktop  files
       are  provided for starting various AT programs if the associated acces-
       sibility configuration GConf keys are set.

       The  administrator  can  customize  .desktop  files.  For  example,  an
       xterm.desktop  file can be useful when debugging the GDM login greeter.
       A .desktop file to launch xterm(1) would look as follows:

       [Desktop Entry]
       Name=Xterm
       Comment=Xterm
       Exec=/usr/X11/bin/xterm
       OnlyShowIn=GNOME;
       Terminal=false
       Type=Application
       X-GNOME-Autostart-Phase=Applications
       X-GNOME-AutoRestart=true

       The user's default session and  language  choices  are  stored  in  the
       ~/.dmrc file. When a user logs in for the first time, this file is cre-
       ated with the user's initial choices. The user can change these default
       values  by  simply  changing  to a different value when logging in. GDM
       will remember this change for subsequent logins.

       The session types which are available in the GDM login greeter GUI  are
       specified  by  .desktop files.  These desktop files are in standard INI
       format and the executable that will be run  to  start  the  session  is
       specified  by  the  "Exec" key in the file.  Desktop files are normally
       stored in the /usr/share/xsessions directory.  However, GDM will search
       for   desktop  files  in  the  following  directories  in  this  order:
       /etc/X11/sessions/,   /etc/dm/Sessions,    /usr/share/xsessions,    and
       /usr/share/gdm/BuiltInSessions.

       The  /etc/gdm/Xsession  script is called between the PreSession and the
       PostSession scripts. This script does not support per-display like  the
       other  scripts. This script is used for actually starting the user ses-
       sion. This script is run as the user, and it will run whatever  session
       was  specified  by the Desktop session file the user selected to start.
       The /etc/gdm/Xsession script will source /etc/profile, ~/.profile,  and
       all  scripts  in the /etc/X11/xinit/xinitrc.d directory before starting
       the user session.  Refer to the profile(5) manpage  for  more  informa-
       tion.

   Configuration Files
       /etc/gdm/gdm.schemas          GDM default daemon configuration.


       /etc/gdm/custom.conf          GDM daemon configuration customization.


       /etc/gconf/schemas/gdm-simple-greeter.schemas
                                     GDM  default login greeter GUI configura-
                                     tion.


       /etc/default/login            On Oracle Solaris, GDM supports the  CON-
                                     SOLE,  PASSREQ, PATH, and SUPATH configu-
                                     ration options.  Refer  to  the  login(1)
                                     manpage for details.


       ~gdm/.gconf.mandatory         The GDM user's mandatory GConf settings.


       ~gdm/.gconf                   The GDM user's GConf settings.


       ~gdm/seat/.gconf              The per-seat GDM user's GConf settings.


       ~gdm/.gconf.path              This file specifies the GDM user's manda-
                                     tory GConf settings directory.


   Logging
       /var/log/gdm/display.log      Xserver output for each display.


       /var/log/gdm/display-greeter.log
                                     GDM login greeter  GUI  output  for  each
                                     display.


       /var/log/gdm/display-slave.log
                                     GDM slave daemon output for each display.


       ~/.xsession-errors            Output from the user session.


   GDM Xauthority files
       /var/run/gdm                  Stores  the  Xserver authentication files
                                     for each managed session.


   Face Browser
       /usr/share/pixmaps/faces      Global directory for face images.


       ~/.face                       User-defined icon to be used by GDM  face
                                     browser.


   GDM user cache
       /var/cache/gdm                GDM copies the user's ~/.dmrc and ~/.face
                                     files to /var/cache/gdm/username, so that
                                     they can be accessed on subsequent logins
                                     without accessing the user's $HOME direc-
                                     tory before pam_setcred(3PAM) is called.



ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       +---------------+----------------------------+
       |ATTRIBUTE TYPE |      ATTRIBUTE VALUE       |
       +---------------+----------------------------+
       |Availability   | system/display-manager/gdm |
       +---------------+----------------------------+
       |Stability      | Volatile                   |
       +---------------+----------------------------+
SEE ALSO
       More information can be found at:

       https://help.gnome.org/admin/gdm/

       Latest version of the GNOME Desktop User Guide for your platform.

       gdmflexiserver(1),  gdm-screenshot(1), gconftool-2(1), gconf-editor(1),
       login(1), ssh(1), Xorg(1), Xserver(1), audit(8), console-kit-daemon(8),
       svcadm(8),  libwrap(3),  pam(3PAM),  logindevperm(5), pam.conf(5), pro-
       file(5), user_attr(5), attributes(7), environ(7), smf(7)

NOTES
       This man page written by Martin K. Petersen <mkp@mkp.net>, George  Lebl
       <jirka@5z.com>,  and  Brian Cameron <brian.cameron@sun.com>.  Copyright
       (c) 1998, 1999 by Martin K. Petersen.  Copyright (c) 2001,  2003,  2004
       by  George  Lebl.   Copyright  (c) 2003 by Red Hat, Inc.  Copyright (c)
       2006, 2018, Oracle and/or its affiliates. All rights reserved.


       This    software    was    built    from    source     available     at
       https://github.com/oracle/solaris-userland.    The  original  community
       source        was        downloaded         from          https://down-
       load.gnome.org/sources/gdm/3.24/gdm-3.24.2.tar.xz

       Further information about this software can be found on the open source
       community website at https://wiki.gnome.org/Projects/GDM.



                                  22 Apr 2018                           gdm(8)