gdm - man pages section 8: System Administration Commands

Language:

gdm (8)

Name

gdm - GDM (GNOME Display Manager)

Synopsis

/usr/sbin/gdm [--help] [--fatal-warnings] [--timed-exit] [--version]

Description

gdm(8) System Manager's Manual gdm(8)

NAME
gdm - GDM (GNOME Display Manager)

SYNOPSIS
/usr/sbin/gdm [--help] [--fatal-warnings] [--timed-exit] [--version]

DESCRIPTION
GDM is the GNOME Display Manager, a program used for login session man-
agement. GDM supports managing the console display, other attached
displays, XDMCP displays, and flexible (or on-demand) displays. Flexi-
ble displays make use of the Virtual Terminals (VT) interfaces to allow
user switching, so that multiple users can run simultaneous sessions
sharing the same console. GDM uses ConsoleKit to manage what sessions
are active on the system. GDM supports a number of configuration
interfaces which are described in later sections of this manpage.

For each display that GDM is configured to manage, the gdm program will
launch a slave daemon which does the work to actually manage the dis-
play. The slave daemon will start the login greeter GUI program, the
program that the user interacts with. Refer to the "Login Greeter GUI"
section below for more information about how the user interface works.

If Virtual Terminals are supported on your system, you can start a
flexible display via the "User Switcher" panel applet. You may need to
add this applet to your panel to make use of it. You can also use the
gdmflexiserver(1) command to start flexible displays from the command
line.

On Oracle Solaris, the GDM service is managed by the smf(7) service
management facility under the service identifier svc:/applica-
tion/graphical-login/gdm. On Oracle Solaris, it is recommended that
you use the svcadm(8) utility to enable and disable the "gdm" service
instead of killing the daemon with a SIGTERM signal.

GDM supports Oracle Solaris auditing. Refer to the "System Administra-
tion Guide: Security Services" and the audit(8) manpage for more infor-
mation. On Oracle Solaris, GDM also uses logindevperm(5) to ensure
that device permissions are set properly for the user on login.

OPTIONS
The following options are supported by gdm:

--fatal-warnings Make all warnings fatal. Useful for
debugging.

--help Display detailed usage message.

--timed-exit Exit after 30 seconds. Useful for debug-
ging.

--version Display the GDM version.

ENVIRONMENT VARIABLES
See environ(7) for descriptions of environment variables.

When the following description refers to "scripts", these are referring
to the GDM Init, PostLogin, PreSession, and PostSession scripts.

DESKTOP_SESSION For any user session started by GDM, this
environment variable is set to the ses-
sion name the user has chosen in the
login GUI, such as "gnome" to indicate
that the /usr/share/xsession/gnome.desk-
top session file was used to launch the
session.

DISPLAY When running scripts and for any user
session started by GDM, this environment
variable is set to the Xserver display
value associated with the session.

HOME When running scripts and for any user
session started by GDM, this environment
variable is set to the home directory
associated with the user.

LANG For any user session started by GDM, this
environment variable is set to the lan-
guage choice selected when the user
logged in.

REMOTE_HOST When running scripts, this environment
variable is set to the hostname if the
session is non-local (e.g. XDMCP).

RUNNING_UNDER_GDM When running scripts, this environment
variable is set to "true", so that they
can identify when they are executed by
the GDM process.

SHELL When running scripts and for any user
session started by GDM, this environment
variable is set to the shell associated
with the session.

USER When running scripts and for any user
session started by GDM, this environment
variable is set to the username associ-
ated with the session.

USERNAME When running scripts and for any user
session started by GDM, this environment
variable is set to the username associ-
ated with the session.

XAUTHORITY When running scripts and for any user
session started by GDM, this environment
variable is set to the Xserver Xauthority
file being used by the session.

XDG_SESSION_COOKIE This environment variable is provided by
ConsoleKit, and this value is set for any
user session started by GDM so that Con-
soleKit can properly identify the ses-
sion.

EXTENDED DESCRIPTION
Login Greeter GUI
The login greeter GUI allows the user to specify how their user session
should be started and ensures that the user authenticates before gain-
ing access to their user session. Authentication can be disabled if
desired.

GDM makes use of pam(3PAM) to manage how the user authenticates (for
example, by entering a username and password, via a SmartCard, finger-
print reader, etc.). If authentication is not desired, then GDM pro-
vides two configuration options which can be used to bypass it: "Auto-
matic Login" and "Timed Login". These are not enabled by default, but
can be turned on if desired.

The Automatic Login feature will cause GDM to bypass the login greeter
GUI entirely and immediately start a session for the user specified in
the GDM configuration. The Timed Login feature will display the login
greeter GUI for a number of seconds specified in the GDM configuration.
If no user logs in before the timeout, then GDM will automatically
start the user session for the user specified in the GDM configuration.
Timed Login is useful if you wish to have the opportunity to login as a
different user on some occasions. Obviously neither Automatic Login or
Timed Login are secure, and they should only be used on systems where
the security provided by authentication is not needed.

GDM normally uses a PAM stack named "gdm". When Automatic Login or
Timed Login is enabled, then GDM instead uses a PAM stack named "gdm-
autologin". Note that Automatic Login and Timed Login will not work
properly if the "gdm-autologin" PAM stack is not defined in your PAM
configuration.

The login greeter GUI provides two mechanisms for specifying which user
is logging into the system. Either the "Face Browser" can be used, or
GDM can prompt the user with the requests specified by the system PAM
configuration. By default, this means entering both the username and
password by hand.

The Face Browser is designed to work when PAM is configured to allow
users to select their username, so it is not useful with certain PAM
configurations (such as when the username is identified via a SmartCard
or fingerprint). The Face Browser obviously exposes usernames to any-
one with access to the machine, so users may wish to disable it if this
is considered a security issue.

When the Face Browser is enabled, a list of users will appear in the
login greeter GUI. An icon for each user is shown, and users can spec-
ify what icon is associated with their user. If the user has an image
file named ~/.face, then GDM will associate this image with the user.
If the user does not have such an image file, a default icon is dis-
played. Image files must be no larger than 64K in size, or they are
ignored by GDM.

The login greeter GUI can be configured to provide "Shutdown",
"Restart", and "Suspend" buttons which allow the user to shutdown,
restart, or suspend the system if desired. On Oracle Solaris, the but-
tons will only be available if the "solaris.system.shutdown" authoriza-
tion name is specified for the "gdm" user in the /etc/user_attr file.
For example, the /etc/user_attr file should include the following line
to make these buttons available from the GDM login GUI screen.

gdm::::type=normal;auths=solaris.system.shutdown

While the login greeter GUI is displayed, a panel is provided at the
bottom of the screen which provides useful information, interfaces that
allow the user to specify how their session should be started, and
interfaces to help the user navigate the login screen. These include:

o A clock, showing the date and time.
o What type of session to run.
o An alternative language to use.
o An alternative keyboard layout (if supported).
o The ability to launch assistive technology programs if desired.
o The ability to monitor the system battery (if using a system with
a battery).

The login greeter GUI also allows the user to take a screenshot. If
the user presses the keybindng associated with printing the screen,
then the gdm-screenshot is run to take the screenshot.

Accessibility
GDM supports accessibility. Users can click on the accessibility icon
on the panel to specify which assistive programs should be launched
with the login GUI programs. It is also possible to configure a system
so that needed assistive programs should always be launched.

Security
The GDM login GUI programs are run with a dedicated user id and group
id. By default "gdm" is used for both the user id and group id, but
these values are configurable. The reason for using this special user
and group is to make sure that the GDM user interfaces run as a user
without unnecessary privileges, so that in the unlikely case that some-
one finds a weakness in the GUI, they will not gain access to a privi-
leged account on the machine.

Note that the GDM user and group do have some privileges beyond what a
normal user has. This user and group has access to the Xserver autho-
rization directory which contains all of the Xserver authorization
files and other private information. This means that someone who gains
the GDM user/group privileges can then connect to any running Xserver
session. Do not, under any circumstances, make the GDM user/group a
user/group that might be easy to get access to, such as the user
"nobody".

File permissions are set on the authorization files so that only the
user has read and write access to ensure that users are unable to
access the authorization files belonging to other users.

XDMCP
XDMCP (X Display Manager Control Protocol) displays the login screen
and resulting session on a remote machine over the network interface.
By default, XDMCP is disabled in GDM. However, GDM can be configured
to enable XDMCP so that users can log into the system from remote
hosts. By default, GDM listens to UDP port 177, although this can be
configured. GDM responds to QUERY and BROADCAST_QUERY requests by
sending a WILLING packet to the originator.

GDM provides configuration options that make GDM more resistant to
denial-of-service attacks on the XDMCP service. The default values
should work for most systems, but several protocol parameters, hand-
shaking timeouts, and so on can be fine-tuned to make it more secure.
It is not recommended that you modify the XDMCP configuration unless
you know what you are doing.

GDM grants access to the hosts specified in the GDM service section of
your TCP Wrappers configuration file. Refer to the libwrap(3) manpage
for more information. GDM does not support remote display access con-
trol on systems without TCP Wrapper support.

GDM can also be configured to honor INDIRECT queries and present a host
chooser to the remote display. GDM remembers the user's choice and for-
wards subsequent requests to the chosen manager. GDM also supports an
extension to the protocol which makes GDM forget the redirection once
the user's connection succeeds. This extension is only supported if
both daemons are GDM. This extension is transparent and is ignored by
XDM or other daemons that implement XDMCP.

GDM only supports the MIT-MAGIC-COOKIE-1 authentication system. Because
of this, the cookies are transmitted as clear text. Therefore, you
should be careful about the network where you use this. That is, be
careful about where your XDMCP connection is going. Note that if snoop-
ing is possible, an attacker could snoop your password as you log in,
so a better XDMCP authentication would not help you much anyway. If
snooping is possible and undesirable, you should use ssh(1) for tunnel-
ing an X connection, rather then using GDM's XDMCP. Think of XDMCP as a
sort of graphical telnet, with the same security issues.

GDM Configuration
ConsoleKit interfaces are used to configure how GDM should manage dis-
plays in a multiseat environment, so to configure multiseat please
refer to the console-kit-daemon(8) manpage.

GDM also provides a number of configuration interfaces which allow the
user to specify how GDM should operate. The configuration available
for the GDM daemon and the GDM login greeter GUI are described below.
GDM also provides scripting interfaces and other interfaces to config-
ure how sessions are started which are described in the "GDM Login
Scripts and Session Files" section of this manpage.

The default system configuration for the GDM daemon is stored in the
file /etc/gdm/gdm.schemas, and accessed by GDM via GConf. Users are
not recommended to modify this file since it may be overwritten on
upgrade. Instead users should override these settings by specifying
values in the /etc/gdm/custom.conf file, which is in standard INI for-
mat.

The settings below are in "group/key=default_value type" format. The
type can be string, integer, or boolean. To override the
"xdmcp/Enable" value, you would modify the /etc/gdm/custom.conf so it
contains these lines:

[xdmcp]
Enable=true

The following keys are supported for configuring the GDM daemon:

chooser/Multicast=false (boolean) If true and IPv6 is enabled, the
chooser will send a multicast query to the local network and collect
responses from the hosts who have joined multicast group.

chooser/MulticastAddr=ff02::1 (string) This is the Link-local Multicast
address.

daemon/TimedLoginEnable=false (boolean) If the user given in TimedLogin
should be logged in after a number of seconds (set with TimedLoginDe-
lay) of inactivity on the login screen. This is useful for public
access terminals or perhaps even home use. If the user uses the key-
board or browses the menus, the timeout will be reset to TimedLoginDe-
lay or 30 seconds, whichever is higher. If the user does not enter a
username but just hits the ENTER key while the login program is
requesting the username, then GDM will assume the user wants to login
immediately as the timed user. Note that no password will be asked for
this user so you should be careful, although if using PAM it can be
configured to require password entry before allowing login.

daemon/TimedLogin= (string) This is the user that should be logged in
after a specified number of seconds of inactivity. If the value ends
with a vertical bar | (the pipe symbol), then GDM will execute the pro-
gram specified and use whatever value is returned on standard out from
the program as the user. The program is run with the DISPLAY environ-
ment variable set so that it is possible to specify the user in a per-
display fashion. For example if the value is "/usr/bin/getloginuser|",
then the program /usr/bin/getloginuser will be run to get the user
value.

daemon/TimedLoginDelay=30 (integer) Delay in seconds before the Timed-
Login user will be logged in.

daemon/AutomaticLoginEnable=false (boolean) If true, the user given in
AutomaticLogin should be logged in immediately. This feature is like
timed login with a delay of 0 seconds.

daemon/AutomaticLogin= (string) This is the user that should be logged
in immediately if AutomaticLoginEnable is true. If the value ends with
a vertical bar | (the pipe symbol), then GDM will execute the program
specified and use whatever value is returned on standard out from the
program as the user. The program is run with the DISPLAY environment
variable set so that it is possible to specify the user in a per-dis-
play fashion. For example if the value is "/usr/bin/getloginuser|",
then the program /usr/bin/getloginuser will be run to get the user
value.

daemon/User=gdm (string) The username under which the greeter and other
GUI programs are run.

daemon/Group=gdm (string) The group id used to run the login GUI pro-
grams

debug/Enable=false (boolean) If true, then GDM will provide debug out-
put in the system log, which is either /var/log/messages or
/var/adm/messages depending on your system.

greeter/IncludeAll=false (boolean) If true, then the face browser will
show all users on the local machine. If false, the face browser will
only show users who have recently logged in.

When this key is true, GDM will call fgetpwent() to get a list of local
users on the system. Anyusers with a user id less than 500 (or 100 if
running on Oracle Solaris) are filtered out. The Face Browser also
will display any users that have previously logged in on the system
(for example NIS/LDAP users). It gets this list via calling the ck-his-
tory(1) ConsoleKit interface. It will also filter out any users which
do not have a valid shell (valid shells are any shell that getuser-
shell() returns - /sbin/nologin or /bin/false are considered invalid
shells even if getusershell() returns them).

If false, then GDM more simply only displays users that have previously
logged in on the system (local or NIS/LDAP users) by calling the ck-
history(1) ConsoleKit interface.

greeter/Include= (string) Set to a list of users to always include in
the Face Browser. This value is set to a list of users separated by
commas. By default, the value is empty.

greeter/Exclude=bin,root,daemon,adm,lp,sync,shut-
down,halt,mail,news,uucp,operator,nobody,nobody4,noaccess,post-
gres,pvm,rpm,nfsnobody,pcap (string) Set to a list of users to always
exclude in the Face Browser. This value is set to a list of users sep-
arated by commas. Note that the setting in the custom.conf overrides
the default value, so if you wish to add additional users to the list,
then you need to set the value to the default value with additional
users appended to the list.

greeter/ShowLast=false (boolean) If true, then the session, language
and layout dialogs in the login greeter GUI will show the option "Last"
by default. The users default settings in their ~/.dmrc file will be
used. If no settings exist in this file, then the system defaults will
be used. Note that GDM normally caches the user's ~/.dmrc in the
/var/cache/gdm directory. Turning on this feature causes GDM to avoid
using the cache, and instead accesses the user's configuration settings
from their ~/.dmrc file after pam_setcred(3PAM) is called. This fea-
ture is useful in situations where users might log into multiple
servers and the system administrator wants to avoid situations where
the user's cached settings might become inconsistent across different
servers.

security/DisallowTCP=false (boolean) If true, then always append
"-nolisten tcp" to the Xserver command line when starting attached
Xservers, thus disallowing TCP connection. This is a more secure con-
figuration if you are not using remote connections. Note that on Ora-
cle Solaris, the options/tcp_listen property of the x11-server service
also controls whether this option is appended to the Xserver command
line. The GDM configuration value is set to "false" by default on Ora-
cle Solaris to defer control of this feature to this x11-server prop-
erty. Refer to the Xserver(1) manpage for more information.

xdmcp/DisplaysPerHost=1 (integer) To prevent attackers from filling up
the pending queue, GDM will only allow one connection for each remote
computer. If you want to provide display services to computers with
more than one seat, you should increase this value. Note that the num-
ber of attached DISPLAYS allowed is not limited. Only remote connec-
tions via XDMCP are limited by this configuration option.

xdmcp/Enable=false (boolean) Setting this to true enables XDMCP support
allowing remote displays/X terminals to be managed by GDM. If GDM is
compiled to support it, access from remote displays can be controlled
using the TCP Wrappers library.

xdmcp/HonorIndirect=true (boolean) Enables XDMCP INDIRECT choosing for
X-terminals which do not supply their own display browser.

xdmcp/MaxPending=4 (integer) To avoid denial of service attacks, GDM
has fixed size queue of pending connections. Only MaxPending displays
can start at the same time. Please note that this parameter does not
limit the number of remote displays which can be managed. It only lim-
its the number of displays initiating a connection simultaneously.

xdmcp/MaxSessions=16 (integer) Determines the maximum number of remote
display connections which will be managed simultaneously. I.e. the
total number of remote displays that can use your host.

xdmcp/MaxWait=30 (integer) When GDM is ready to manage a display an
ACCEPT packet is sent to it containing a unique session id which will
be used in future XDMCP conversations. GDM will then place the session
id in the pending queue waiting for the display to respond with a MAN-
AGE request. If no response is received within MaxWait seconds, GDM
will declare the display dead and erase it from the pending queue free-
ing up the slot for other displays.

xdmcp/MaxWaitIndirect=30 (integer) The MaxWaitIndirect parameter deter-
mines the maximum number of seconds between the time where a user
chooses a host and the subsequent indirect query where the user is con-
nected to the host. When the timeout is exceeded, the information about
the chosen host is forgotten and the indirect slot freed up for other
displays. The information may be forgotten earlier if there are more
hosts trying to send indirect queries then MaxPendingIndirect.

xdmcp/PingIntervalSeconds=15 (integer) Interval in which to ping the
Xserver in seconds. If the Xserver does not respond before the next
time we ping it, the connection is stopped and the session ended. This
is a combination of the XDM PingInterval and PingTimeout, but in sec-
onds.

xdmcp/Port=177 (integer) The UDP port number gdm should listen to for
XDMCP requests.

xdmcp/Willing=/etc/gdm/Willing (string) When the machine sends a WILL-
ING packet back after a QUERY it sends a string that gives the current
status of this server. The default message is the system ID, but it is
possible to create a script that displays customized message. If this
script does not exist or this key is empty the default message is sent.
If this script succeeds and produces some output, the first line of
it's output is sent (and only the first line). It runs at most once
every 3 seconds to prevent possible denial of service by flooding the
machine with QUERY packets.

The default system configuration for the GDM login greeter GUI is
stored in the system GConf schemas directory in the file gdm-simple-
greeter.schemas, and accessed by GDM via GConf. Users are not recom-
mended to modify this file file since it may be overwritten on upgrade.
Instead users should override these settings by modifying the GConf
configuration for the GDM user (the user specified in the Daemon/User
configuration key above), normally the "gdm" user. Users can use the
gconftool-2(1) or gconf-editor(1) programs to set these values, if
desired. Refer to the EXAMPLES section of this manpage for more infor-
mation about how to use these tools to change common settings.

GDM will use the GCONF_DEFAULT_SOURCE_PATH environment variable to
ensure that each display uses it's own GConf configuration. This way
changes in GConf will only affect the greeter in a per-seat manner.

The following keys are supported for configuring the GDM login greeter
GUI and are in "GConf key=default_value (gconf_data_type)" format:

/apps/gdm/simple-greeter/banner_message_enable=false (boolean) Controls
whether the banner message text is displayed.

/apps/gdm/simple-greeter/banner_message_text=NULL (string) Specifies
the text banner message to show on the greeter window.

/apps/gdm/simple-greeter/disable_restart_buttons=false (boolean) Con-
trols whether to show the restart buttons in the login window.

/apps/gdm/simple-greeter/disable_user_list=true (boolean) If true, then
the face browser with known users is not shown in the login window.

/apps/gdm/simple-greeter/logo_icon_name=computer (string) Set to the
themed icon name to use for the greeter logo.

/apps/gdm/simple-greeter/wm_use_compiz=false (boolean) Controls whether
compiz is used as the window manager instead of metacity.

/desktop/gnome/interface/accessibility=true (boolean) Controls whether
the Accessibility infrastructure will be started with the GDM GUI. This
is needed for many accessibility technology programs to work.

/desktop/gnome/applications/at/screen_magnifier_enabled=false (boolean)
If set, then the assistive tools linked to this GConf key will be
started with the GDM GUI program. By default this is a screen magnifier
application.

/desktop/gnome/applications/at/screen_keyboard_enabled=false (boolean)
If set, then the assistive tools linked to this GConf key will be
started with the GDM GUI program. By default this is an on-screen key-
board application.

/desktop/gnome/applications/at/screen_reader_enabled=false (boolean) If
set, then the assistive tools linked to this GConf key will be started
with the GDM GUI program. By default this is a screen reader applica-
tion.

On Oracle Solaris, GDM also supports the CONSOLE, PASSREQ, PATH, and
SUPATH configuration options in /etc/default/login. Refer to the
login(1) manpage for details.

Logging
GDM logs error and debug information to the system syslog file.

Output from the Xservers started by GDM is stored in the GDM log direc-
tory, /var/log/gdm. The Xserver output for each display is saved in a
file display.log, where display is the DISPLAY value for the associated
display.

Output from the GDM login greeter GUI is saved in a file display-
greeter.log and output from the GDM slave daemon is saved in a file
display-slave.log. Again, the display is the DISPLAY value for the
associated display.

Four older versions of each file are also stored, by appending 1
through 4 to the filename. These files are rotated, as new sessions on
that display are started.

The output from the user session is saved in a file ~/.xsession-errors.
The user session output is redirected before the PreSession script is
started.

Note that if the session is a failsafe session, or if GDM cannot open
this file for some reason, a fallback file is created named /tmp/xses-
user.XXXXXX, where XXXXXX are random characters.

If you run a system with quotas set, consider using the PostSession
script to delete the ~/.xsession-errors file, so that this log file is
not stored unnecessarily.

EXAMPLES
Note that the user should change user to the "gdm" user before running
the following gconftool-2(1) commands. For example, the
su(8) command could be used. Configuration changes will only take
effect if they apply to the "gdm" user.

Example 1: To Enable Face Browser for all GDM login greeter GUI

example% gconftool-2 --direct --config-source xml:readwrite:/var/lib/gdm/.gconf.mandatory -t bool -s /apps/gdm/simple-greeter/disable_user_list false

Example 2: To Change the Background Image for the GDM login greeter GUI

example% gconftool-2 --direct --config-source xml:readwrite:/var/lib/gdm/.gconf.mandatory -t string -s /desktop/gnome/background/picture_filename /usr/share/backgrounds/solaris/Hexagons_Dark.png

Example 3: To Disable Face Browser for StaticSeat1 GDM login greeter
GUI

example% gconftool-2 --direct --config-source xml:readwrite:/var/lib/gdm/StaticSeat1/.gconf -t bool -s /apps/gdm/simple-greeter/disable_user_list true

EXIT STATUS
The following exit values are returned:

0 Application exited successfully

>0 Application exited with failure

FILES
The following files are used by this application:

/usr/sbin/gdm Executable for GNOME Display Manager.

GDM Login Scripts and Session Files
The following GDM login integration interfaces are discussed below:

o /etc/gdm/Init/Default
o /etc/gdm/Init/display
o /etc/gdm/PostLogin/Default
o /etc/gdm/PostLogin/display
o /etc/gdm/PreSession/Default
o /etc/gdm/PreSession/display
o /etc/gdm/Xsession
o /etc/X11/xinit/xinitrc.d
o /etc/profile
o ~/profile
o /etc/X11/xinit/xinitrc.d
o /etc/gdm/PostSession/Default
o /etc/gdm/PostSession/display

The following session files are also discussed below:

o /usr/share/gdm/autostart/LoginWindow/*.desktop
o /usr/share/xsessions/*.desktop
o ~/.dmrc(default user session)

The Init, PostLogin, PreSession, and PostSession scripts all work as
described below.

For each type of script, the default one which will be executed is
called "Default" and is stored in a directory associated with the
script type. So the default Init script is /etc/gdm/Init/Default. A
per-display script can be provided, and if it exists it will be run
instead of the default script. Such scripts are stored in the same
directory as the default script and have the same name as the Xserver
DISPLAY value for that display. For example, if the /etc/gdm/Init/:0
script exists, it will be run for DISPLAY ":0".

All of these scripts are run with root privilege and return 0 if run
successfully, and a non-zero return code if there was any failure that
should cause the login session to be aborted. Also note that GDM will
block until the scripts finish, so if any of these scripts hang, this
will cause the login process to also hang.

When the Xserver for the login GUI has been successfully started, but
before the login GUI is actually displayed, GDM will run the Init
script. This script is useful for starting programs that should be run
while the login screen is showing, or for doing any special initializa-
tion if required.

After the user has been successfully authenticated GDM will run the
PostLogin script. This is done before any session setup has been done,
including before the pam_open_session(3PAM) call. This script is useful
for doing any session initialization that needs to happen before the
session starts. For example, you might setup the user's $HOME directory
if needed.

After the user session has been initialized, GDM will run the PreSes-
sion script. This script is useful for doing any session initialization
that needs to happen after the session has been initialized. It can be
used for session management or accounting, for example.

When a user terminates their session, GDM will run the PostSession
script. Note that the Xserver will have been stopped by the time this
script is run, so it should not be accessed.

Note that the PostSession script will be run even when the display
fails to respond due to an I/O error or similar. Thus, there is no
guarantee that X applications will work during script execution.

All of the above scripts will set the RUNNING_UNDER_GDM environment
variable to "yes". If the scripts are also shared with other display
managers, this allows you to identify when GDM is calling these
scripts, so you can run specific code when GDM is used.

The /usr/share/gdm/autostart/LoginWindow directory contains .desktop
files. Any .desktop files in this directory will cause the associated
program to automatically start with the login GUI greeter. By default,
GDM is shipped with files which will autostart the gdm-simple-greeter
login GUI greeter itself, the gnome-power-manager application, the
gnome-settings-daemon, and the metacity window manager. These programs
are needed for the greeter program to work. In addition, desktop files
are provided for starting various AT programs if the associated acces-
sibility configuration GConf keys are set.

The administrator can customize .desktop files. For example, an
xterm.desktop file can be useful when debugging the GDM login greeter.
A .desktop file to launch xterm(1) would look as follows:

[Desktop Entry]
Name=Xterm
Comment=Xterm
Exec=/usr/X11/bin/xterm
OnlyShowIn=GNOME;
Terminal=false
Type=Application
X-GNOME-Autostart-Phase=Applications
X-GNOME-AutoRestart=true

The user's default session and language choices are stored in the
~/.dmrc file. When a user logs in for the first time, this file is cre-
ated with the user's initial choices. The user can change these default
values by simply changing to a different value when logging in. GDM
will remember this change for subsequent logins.

The session types which are available in the GDM login greeter GUI are
specified by .desktop files. These desktop files are in standard INI
format and the executable that will be run to start the session is
specified by the "Exec" key in the file. Desktop files are normally
stored in the /usr/share/xsessions directory. However, GDM will search
for desktop files in the following directories in this order:
/etc/X11/sessions/, /etc/dm/Sessions, /usr/share/xsessions, and
/usr/share/gdm/BuiltInSessions.

The /etc/gdm/Xsession script is called between the PreSession and the
PostSession scripts. This script does not support per-display like the
other scripts. This script is used for actually starting the user ses-
sion. This script is run as the user, and it will run whatever session
was specified by the Desktop session file the user selected to start.
The /etc/gdm/Xsession script will source /etc/profile, ~/.profile, and
all scripts in the /etc/X11/xinit/xinitrc.d directory before starting
the user session. Refer to the profile(5) manpage for more informa-
tion.

Configuration Files
/etc/gdm/gdm.schemas GDM default daemon configuration.

/etc/gdm/custom.conf GDM daemon configuration customization.

/etc/gconf/schemas/gdm-simple-greeter.schemas
GDM default login greeter GUI configura-
tion.

/etc/default/login On Oracle Solaris, GDM supports the CON-
SOLE, PASSREQ, PATH, and SUPATH configu-
ration options. Refer to the login(1)
manpage for details.

~gdm/.gconf.mandatory The GDM user's mandatory GConf settings.

~gdm/.gconf The GDM user's GConf settings.

~gdm/seat/.gconf The per-seat GDM user's GConf settings.

~gdm/.gconf.path This file specifies the GDM user's manda-
tory GConf settings directory.

Logging
/var/log/gdm/display.log Xserver output for each display.

/var/log/gdm/display-greeter.log
GDM login greeter GUI output for each
display.

/var/log/gdm/display-slave.log
GDM slave daemon output for each display.

~/.xsession-errors Output from the user session.

GDM Xauthority files
/var/run/gdm Stores the Xserver authentication files
for each managed session.

Face Browser
/usr/share/pixmaps/faces Global directory for face images.

~/.face User-defined icon to be used by GDM face
browser.

GDM user cache
/var/cache/gdm GDM copies the user's ~/.dmrc and ~/.face
files to /var/cache/gdm/username, so that
they can be accessed on subsequent logins
without accessing the user's $HOME direc-
tory before pam_setcred(3PAM) is called.

ATTRIBUTES
See attributes(7) for descriptions of the following attributes:

SEE ALSO
More information can be found at:

https://help.gnome.org/admin/gdm/

Latest version of the GNOME Desktop User Guide for your platform.

gdmflexiserver(1), gdm-screenshot(1), gconftool-2(1), gconf-editor(1),
login(1), ssh(1), Xorg(1), Xserver(1), audit(8), console-kit-daemon(8),
svcadm(8), libwrap(3), pam(3PAM), logindevperm(5), pam.conf(5), pro-
file(5), user_attr(5), attributes(7), environ(7), smf(7)

NOTES
This man page written by Martin K. Petersen <mkp@mkp.net>, George Lebl
<jirka@5z.com>, and Brian Cameron <brian.cameron@sun.com>. Copyright
(c) 1998, 1999 by Martin K. Petersen. Copyright (c) 2001, 2003, 2004
by George Lebl. Copyright (c) 2003 by Red Hat, Inc. Copyright (c)
2006, 2020, Oracle and/or its affiliates.

Source code for open source software components in Oracle Solaris can
be found at https://www.oracle.com/downloads/opensource/solaris-source-
code-downloads.html.

This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from https://down-
load.gnome.org/sources/gdm/41/gdm-41.3.tar.xz.

Further information about this software can be found on the open source
community website at https://wiki.gnome.org/Projects/GDM.

22 Dec 2020 gdm(8)