gdm - GDM (GNOME Display Manager)
/usr/sbin/gdm [--help] [--fatal-warnings] [--timed-exit] [--version]
gdm(8) System Manager's Manual gdm(8) NAME gdm - GDM (GNOME Display Manager) SYNOPSIS /usr/sbin/gdm [--help] [--fatal-warnings] [--timed-exit] [--version] DESCRIPTION GDM is the GNOME Display Manager, a program used for login session man- agement. GDM supports managing the console display, other attached displays, XDMCP displays, and flexible (or on-demand) displays. Flexi- ble displays make use of the Virtual Terminals (VT) interfaces to allow user switching, so that multiple users can run simultaneous sessions sharing the same console. GDM uses ConsoleKit to manage what sessions are active on the system. GDM supports a number of configuration interfaces which are described in later sections of this manpage. For each display that GDM is configured to manage, the gdm program will launch a slave daemon which does the work to actually manage the dis- play. The slave daemon will start the login greeter GUI program, the program that the user interacts with. Refer to the "Login Greeter GUI" section below for more information about how the user interface works. If Virtual Terminals are supported on your system, you can start a flexible display via the "User Switcher" panel applet. You may need to add this applet to your panel to make use of it. You can also use the gdmflexiserver(1) command to start flexible displays from the command line. On Oracle Solaris, the GDM service is managed by the smf(7) service management facility under the service identifier svc:/applica- tion/graphical-login/gdm. On Oracle Solaris, it is recommended that you use the svcadm(8) utility to enable and disable the "gdm" service instead of killing the daemon with a SIGTERM signal. GDM supports Oracle Solaris auditing. Refer to the "System Administra- tion Guide: Security Services" and the audit(8) manpage for more infor- mation. On Oracle Solaris, GDM also uses logindevperm(5) to ensure that device permissions are set properly for the user on login. OPTIONS The following options are supported by gdm: --fatal-warnings Make all warnings fatal. Useful for debugging. --help Display detailed usage message. --timed-exit Exit after 30 seconds. Useful for debug- ging. --version Display the GDM version. ENVIRONMENT VARIABLES See environ(7) for descriptions of environment variables. When the following description refers to "scripts", these are referring to the GDM Init, PostLogin, PreSession, and PostSession scripts. DESKTOP_SESSION For any user session started by GDM, this environment variable is set to the ses- sion name the user has chosen in the login GUI, such as "gnome" to indicate that the /usr/share/xsession/gnome.desk- top session file was used to launch the session. DISPLAY When running scripts and for any user session started by GDM, this environment variable is set to the Xserver display value associated with the session. HOME When running scripts and for any user session started by GDM, this environment variable is set to the home directory associated with the user. LANG For any user session started by GDM, this environment variable is set to the lan- guage choice selected when the user logged in. REMOTE_HOST When running scripts, this environment variable is set to the hostname if the session is non-local (e.g. XDMCP). RUNNING_UNDER_GDM When running scripts, this environment variable is set to "true", so that they can identify when they are executed by the GDM process. SHELL When running scripts and for any user session started by GDM, this environment variable is set to the shell associated with the session. USER When running scripts and for any user session started by GDM, this environment variable is set to the username associ- ated with the session. USERNAME When running scripts and for any user session started by GDM, this environment variable is set to the username associ- ated with the session. XAUTHORITY When running scripts and for any user session started by GDM, this environment variable is set to the Xserver Xauthority file being used by the session. XDG_SESSION_COOKIE This environment variable is provided by ConsoleKit, and this value is set for any user session started by GDM so that Con- soleKit can properly identify the ses- sion. EXTENDED DESCRIPTION Login Greeter GUI The login greeter GUI allows the user to specify how their user session should be started and ensures that the user authenticates before gain- ing access to their user session. Authentication can be disabled if desired. GDM makes use of pam(3PAM) to manage how the user authenticates (for example, by entering a username and password, via a SmartCard, finger- print reader, etc.). If authentication is not desired, then GDM pro- vides two configuration options which can be used to bypass it: "Auto- matic Login" and "Timed Login". These are not enabled by default, but can be turned on if desired. The Automatic Login feature will cause GDM to bypass the login greeter GUI entirely and immediately start a session for the user specified in the GDM configuration. The Timed Login feature will display the login greeter GUI for a number of seconds specified in the GDM configuration. If no user logs in before the timeout, then GDM will automatically start the user session for the user specified in the GDM configuration. Timed Login is useful if you wish to have the opportunity to login as a different user on some occasions. Obviously neither Automatic Login or Timed Login are secure, and they should only be used on systems where the security provided by authentication is not needed. GDM normally uses a PAM stack named "gdm". When Automatic Login or Timed Login is enabled, then GDM instead uses a PAM stack named "gdm- autologin". Note that Automatic Login and Timed Login will not work properly if the "gdm-autologin" PAM stack is not defined in your PAM configuration. The login greeter GUI provides two mechanisms for specifying which user is logging into the system. Either the "Face Browser" can be used, or GDM can prompt the user with the requests specified by the system PAM configuration. By default, this means entering both the username and password by hand. The Face Browser is designed to work when PAM is configured to allow users to select their username, so it is not useful with certain PAM configurations (such as when the username is identified via a SmartCard or fingerprint). The Face Browser obviously exposes usernames to any- one with access to the machine, so users may wish to disable it if this is considered a security issue. When the Face Browser is enabled, a list of users will appear in the login greeter GUI. An icon for each user is shown, and users can spec- ify what icon is associated with their user. If the user has an image file named ~/.face, then GDM will associate this image with the user. If the user does not have such an image file, a default icon is dis- played. Image files must be no larger than 64K in size, or they are ignored by GDM. The login greeter GUI can be configured to provide "Shutdown", "Restart", and "Suspend" buttons which allow the user to shutdown, restart, or suspend the system if desired. On Oracle Solaris, the but- tons will only be available if the "solaris.system.shutdown" authoriza- tion name is specified for the "gdm" user in the /etc/user_attr file. For example, the /etc/user_attr file should include the following line to make these buttons available from the GDM login GUI screen. gdm::::type=normal;auths=solaris.system.shutdown While the login greeter GUI is displayed, a panel is provided at the bottom of the screen which provides useful information, interfaces that allow the user to specify how their session should be started, and interfaces to help the user navigate the login screen. These include: o A clock, showing the date and time. o What type of session to run. o An alternative language to use. o An alternative keyboard layout (if supported). o The ability to launch assistive technology programs if desired. o The ability to monitor the system battery (if using a system with a battery). The login greeter GUI also allows the user to take a screenshot. If the user presses the keybindng associated with printing the screen, then the gdm-screenshot is run to take the screenshot. Accessibility GDM supports accessibility. Users can click on the accessibility icon on the panel to specify which assistive programs should be launched with the login GUI programs. It is also possible to configure a system so that needed assistive programs should always be launched. Security The GDM login GUI programs are run with a dedicated user id and group id. By default "gdm" is used for both the user id and group id, but these values are configurable. The reason for using this special user and group is to make sure that the GDM user interfaces run as a user without unnecessary privileges, so that in the unlikely case that some- one finds a weakness in the GUI, they will not gain access to a privi- leged account on the machine. Note that the GDM user and group do have some privileges beyond what a normal user has. This user and group has access to the Xserver autho- rization directory which contains all of the Xserver authorization files and other private information. This means that someone who gains the GDM user/group privileges can then connect to any running Xserver session. Do not, under any circumstances, make the GDM user/group a user/group that might be easy to get access to, such as the user "nobody". File permissions are set on the authorization files so that only the user has read and write access to ensure that users are unable to access the authorization files belonging to other users. XDMCP XDMCP (X Display Manager Control Protocol) displays the login screen and resulting session on a remote machine over the network interface. By default, XDMCP is disabled in GDM. However, GDM can be configured to enable XDMCP so that users can log into the system from remote hosts. By default, GDM listens to UDP port 177, although this can be configured. GDM responds to QUERY and BROADCAST_QUERY requests by sending a WILLING packet to the originator. GDM provides configuration options that make GDM more resistant to denial-of-service attacks on the XDMCP service. The default values should work for most systems, but several protocol parameters, hand- shaking timeouts, and so on can be fine-tuned to make it more secure. It is not recommended that you modify the XDMCP configuration unless you know what you are doing. GDM grants access to the hosts specified in the GDM service section of your TCP Wrappers configuration file. Refer to the libwrap(3) manpage for more information. GDM does not support remote display access con- trol on systems without TCP Wrapper support. GDM can also be configured to honor INDIRECT queries and present a host chooser to the remote display. GDM remembers the user's choice and for- wards subsequent requests to the chosen manager. GDM also supports an extension to the protocol which makes GDM forget the redirection once the user's connection succeeds. This extension is only supported if both daemons are GDM. This extension is transparent and is ignored by XDM or other daemons that implement XDMCP. GDM only supports the MIT-MAGIC-COOKIE-1 authentication system. Because of this, the cookies are transmitted as clear text. Therefore, you should be careful about the network where you use this. That is, be careful about where your XDMCP connection is going. Note that if snoop- ing is possible, an attacker could snoop your password as you log in, so a better XDMCP authentication would not help you much anyway. If snooping is possible and undesirable, you should use ssh(1) for tunnel- ing an X connection, rather then using GDM's XDMCP. Think of XDMCP as a sort of graphical telnet, with the same security issues. GDM Configuration ConsoleKit interfaces are used to configure how GDM should manage dis- plays in a multiseat environment, so to configure multiseat please refer to the console-kit-daemon(8) manpage. GDM also provides a number of configuration interfaces which allow the user to specify how GDM should operate. The configuration available for the GDM daemon and the GDM login greeter GUI are described below. GDM also provides scripting interfaces and other interfaces to config- ure how sessions are started which are described in the "GDM Login Scripts and Session Files" section of this manpage. The default system configuration for the GDM daemon is stored in the file /etc/gdm/gdm.schemas, and accessed by GDM via GConf. Users are not recommended to modify this file since it may be overwritten on upgrade. Instead users should override these settings by specifying values in the /etc/gdm/custom.conf file, which is in standard INI for- mat. The settings below are in "group/key=default_value type" format. The type can be string, integer, or boolean. To override the "xdmcp/Enable" value, you would modify the /etc/gdm/custom.conf so it contains these lines: [xdmcp] Enable=true The following keys are supported for configuring the GDM daemon: chooser/Multicast=false (boolean) If true and IPv6 is enabled, the chooser will send a multicast query to the local network and collect responses from the hosts who have joined multicast group. chooser/MulticastAddr=ff02::1 (string) This is the Link-local Multicast address. daemon/TimedLoginEnable=false (boolean) If the user given in TimedLogin should be logged in after a number of seconds (set with TimedLoginDe- lay) of inactivity on the login screen. This is useful for public access terminals or perhaps even home use. If the user uses the key- board or browses the menus, the timeout will be reset to TimedLoginDe- lay or 30 seconds, whichever is higher. If the user does not enter a username but just hits the ENTER key while the login program is requesting the username, then GDM will assume the user wants to login immediately as the timed user. Note that no password will be asked for this user so you should be careful, although if using PAM it can be configured to require password entry before allowing login. daemon/TimedLogin= (string) This is the user that should be logged in after a specified number of seconds of inactivity. If the value ends with a vertical bar | (the pipe symbol), then GDM will execute the pro- gram specified and use whatever value is returned on standard out from the program as the user. The program is run with the DISPLAY environ- ment variable set so that it is possible to specify the user in a per- display fashion. For example if the value is "/usr/bin/getloginuser|", then the program /usr/bin/getloginuser will be run to get the user value. daemon/TimedLoginDelay=30 (integer) Delay in seconds before the Timed- Login user will be logged in. daemon/AutomaticLoginEnable=false (boolean) If true, the user given in AutomaticLogin should be logged in immediately. This feature is like timed login with a delay of 0 seconds. daemon/AutomaticLogin= (string) This is the user that should be logged in immediately if AutomaticLoginEnable is true. If the value ends with a vertical bar | (the pipe symbol), then GDM will execute the program specified and use whatever value is returned on standard out from the program as the user. The program is run with the DISPLAY environment variable set so that it is possible to specify the user in a per-dis- play fashion. For example if the value is "/usr/bin/getloginuser|", then the program /usr/bin/getloginuser will be run to get the user value. daemon/User=gdm (string) The username under which the greeter and other GUI programs are run. daemon/Group=gdm (string) The group id used to run the login GUI pro- grams debug/Enable=false (boolean) If true, then GDM will provide debug out- put in the system log, which is either /var/log/messages or /var/adm/messages depending on your system. greeter/IncludeAll=false (boolean) If true, then the face browser will show all users on the local machine. If false, the face browser will only show users who have recently logged in. When this key is true, GDM will call fgetpwent() to get a list of local users on the system. Anyusers with a user id less than 500 (or 100 if running on Oracle Solaris) are filtered out. The Face Browser also will display any users that have previously logged in on the system (for example NIS/LDAP users). It gets this list via calling the ck-his- tory(1) ConsoleKit interface. It will also filter out any users which do not have a valid shell (valid shells are any shell that getuser- shell() returns - /sbin/nologin or /bin/false are considered invalid shells even if getusershell() returns them). If false, then GDM more simply only displays users that have previously logged in on the system (local or NIS/LDAP users) by calling the ck- history(1) ConsoleKit interface. greeter/Include= (string) Set to a list of users to always include in the Face Browser. This value is set to a list of users separated by commas. By default, the value is empty. greeter/Exclude=bin,root,daemon,adm,lp,sync,shut- down,halt,mail,news,uucp,operator,nobody,nobody4,noaccess,post- gres,pvm,rpm,nfsnobody,pcap (string) Set to a list of users to always exclude in the Face Browser. This value is set to a list of users sep- arated by commas. Note that the setting in the custom.conf overrides the default value, so if you wish to add additional users to the list, then you need to set the value to the default value with additional users appended to the list. greeter/ShowLast=false (boolean) If true, then the session, language and layout dialogs in the login greeter GUI will show the option "Last" by default. The users default settings in their ~/.dmrc file will be used. If no settings exist in this file, then the system defaults will be used. Note that GDM normally caches the user's ~/.dmrc in the /var/cache/gdm directory. Turning on this feature causes GDM to avoid using the cache, and instead accesses the user's configuration settings from their ~/.dmrc file after pam_setcred(3PAM) is called. This fea- ture is useful in situations where users might log into multiple servers and the system administrator wants to avoid situations where the user's cached settings might become inconsistent across different servers. security/DisallowTCP=false (boolean) If true, then always append "-nolisten tcp" to the Xserver command line when starting attached Xservers, thus disallowing TCP connection. This is a more secure con- figuration if you are not using remote connections. Note that on Ora- cle Solaris, the options/tcp_listen property of the x11-server service also controls whether this option is appended to the Xserver command line. The GDM configuration value is set to "false" by default on Ora- cle Solaris to defer control of this feature to this x11-server prop- erty. Refer to the Xserver(1) manpage for more information. xdmcp/DisplaysPerHost=1 (integer) To prevent attackers from filling up the pending queue, GDM will only allow one connection for each remote computer. If you want to provide display services to computers with more than one seat, you should increase this value. Note that the num- ber of attached DISPLAYS allowed is not limited. Only remote connec- tions via XDMCP are limited by this configuration option. xdmcp/Enable=false (boolean) Setting this to true enables XDMCP support allowing remote displays/X terminals to be managed by GDM. If GDM is compiled to support it, access from remote displays can be controlled using the TCP Wrappers library. xdmcp/HonorIndirect=true (boolean) Enables XDMCP INDIRECT choosing for X-terminals which do not supply their own display browser. xdmcp/MaxPending=4 (integer) To avoid denial of service attacks, GDM has fixed size queue of pending connections. Only MaxPending displays can start at the same time. Please note that this parameter does not limit the number of remote displays which can be managed. It only lim- its the number of displays initiating a connection simultaneously. xdmcp/MaxSessions=16 (integer) Determines the maximum number of remote display connections which will be managed simultaneously. I.e. the total number of remote displays that can use your host. xdmcp/MaxWait=30 (integer) When GDM is ready to manage a display an ACCEPT packet is sent to it containing a unique session id which will be used in future XDMCP conversations. GDM will then place the session id in the pending queue waiting for the display to respond with a MAN- AGE request. If no response is received within MaxWait seconds, GDM will declare the display dead and erase it from the pending queue free- ing up the slot for other displays. xdmcp/MaxWaitIndirect=30 (integer) The MaxWaitIndirect parameter deter- mines the maximum number of seconds between the time where a user chooses a host and the subsequent indirect query where the user is con- nected to the host. When the timeout is exceeded, the information about the chosen host is forgotten and the indirect slot freed up for other displays. The information may be forgotten earlier if there are more hosts trying to send indirect queries then MaxPendingIndirect. xdmcp/PingIntervalSeconds=15 (integer) Interval in which to ping the Xserver in seconds. If the Xserver does not respond before the next time we ping it, the connection is stopped and the session ended. This is a combination of the XDM PingInterval and PingTimeout, but in sec- onds. xdmcp/Port=177 (integer) The UDP port number gdm should listen to for XDMCP requests. xdmcp/Willing=/etc/gdm/Willing (string) When the machine sends a WILL- ING packet back after a QUERY it sends a string that gives the current status of this server. The default message is the system ID, but it is possible to create a script that displays customized message. If this script does not exist or this key is empty the default message is sent. If this script succeeds and produces some output, the first line of it's output is sent (and only the first line). It runs at most once every 3 seconds to prevent possible denial of service by flooding the machine with QUERY packets. The default system configuration for the GDM login greeter GUI is stored in the system GConf schemas directory in the file gdm-simple- greeter.schemas, and accessed by GDM via GConf. Users are not recom- mended to modify this file file since it may be overwritten on upgrade. Instead users should override these settings by modifying the GConf configuration for the GDM user (the user specified in the Daemon/User configuration key above), normally the "gdm" user. Users can use the gconftool-2(1) or gconf-editor(1) programs to set these values, if desired. Refer to the EXAMPLES section of this manpage for more infor- mation about how to use these tools to change common settings. GDM will use the GCONF_DEFAULT_SOURCE_PATH environment variable to ensure that each display uses it's own GConf configuration. This way changes in GConf will only affect the greeter in a per-seat manner. The following keys are supported for configuring the GDM login greeter GUI and are in "GConf key=default_value (gconf_data_type)" format: /apps/gdm/simple-greeter/banner_message_enable=false (boolean) Controls whether the banner message text is displayed. /apps/gdm/simple-greeter/banner_message_text=NULL (string) Specifies the text banner message to show on the greeter window. /apps/gdm/simple-greeter/disable_restart_buttons=false (boolean) Con- trols whether to show the restart buttons in the login window. /apps/gdm/simple-greeter/disable_user_list=true (boolean) If true, then the face browser with known users is not shown in the login window. /apps/gdm/simple-greeter/logo_icon_name=computer (string) Set to the themed icon name to use for the greeter logo. /apps/gdm/simple-greeter/wm_use_compiz=false (boolean) Controls whether compiz is used as the window manager instead of metacity. /desktop/gnome/interface/accessibility=true (boolean) Controls whether the Accessibility infrastructure will be started with the GDM GUI. This is needed for many accessibility technology programs to work. /desktop/gnome/applications/at/screen_magnifier_enabled=false (boolean) If set, then the assistive tools linked to this GConf key will be started with the GDM GUI program. By default this is a screen magnifier application. /desktop/gnome/applications/at/screen_keyboard_enabled=false (boolean) If set, then the assistive tools linked to this GConf key will be started with the GDM GUI program. By default this is an on-screen key- board application. /desktop/gnome/applications/at/screen_reader_enabled=false (boolean) If set, then the assistive tools linked to this GConf key will be started with the GDM GUI program. By default this is a screen reader applica- tion. On Oracle Solaris, GDM also supports the CONSOLE, PASSREQ, PATH, and SUPATH configuration options in /etc/default/login. Refer to the login(1) manpage for details. Logging GDM logs error and debug information to the system syslog file. Output from the Xservers started by GDM is stored in the GDM log direc- tory, /var/log/gdm. The Xserver output for each display is saved in a file display.log, where display is the DISPLAY value for the associated display. Output from the GDM login greeter GUI is saved in a file display- greeter.log and output from the GDM slave daemon is saved in a file display-slave.log. Again, the display is the DISPLAY value for the associated display. Four older versions of each file are also stored, by appending 1 through 4 to the filename. These files are rotated, as new sessions on that display are started. The output from the user session is saved in a file ~/.xsession-errors. The user session output is redirected before the PreSession script is started. Note that if the session is a failsafe session, or if GDM cannot open this file for some reason, a fallback file is created named /tmp/xses- user.XXXXXX, where XXXXXX are random characters. If you run a system with quotas set, consider using the PostSession script to delete the ~/.xsession-errors file, so that this log file is not stored unnecessarily. EXAMPLES Note that the user should change user to the "gdm" user before running the following gconftool-2(1) commands. For example, the su(8) command could be used. Configuration changes will only take effect if they apply to the "gdm" user. Example 1: To Enable Face Browser for all GDM login greeter GUI example% gconftool-2 --direct --config-source xml:readwrite:/var/lib/gdm/.gconf.mandatory -t bool -s /apps/gdm/simple-greeter/disable_user_list false Example 2: To Change the Background Image for the GDM login greeter GUI example% gconftool-2 --direct --config-source xml:readwrite:/var/lib/gdm/.gconf.mandatory -t string -s /desktop/gnome/background/picture_filename /usr/share/backgrounds/solaris/Hexagons_Dark.png Example 3: To Disable Face Browser for StaticSeat1 GDM login greeter GUI example% gconftool-2 --direct --config-source xml:readwrite:/var/lib/gdm/StaticSeat1/.gconf -t bool -s /apps/gdm/simple-greeter/disable_user_list true EXIT STATUS The following exit values are returned: 0 Application exited successfully >0 Application exited with failure FILES The following files are used by this application: /usr/sbin/gdm Executable for GNOME Display Manager. GDM Login Scripts and Session Files The following GDM login integration interfaces are discussed below: o /etc/gdm/Init/Default o /etc/gdm/Init/display o /etc/gdm/PostLogin/Default o /etc/gdm/PostLogin/display o /etc/gdm/PreSession/Default o /etc/gdm/PreSession/display o /etc/gdm/Xsession o /etc/X11/xinit/xinitrc.d o /etc/profile o ~/profile o /etc/X11/xinit/xinitrc.d o /etc/gdm/PostSession/Default o /etc/gdm/PostSession/display The following session files are also discussed below: o /usr/share/gdm/autostart/LoginWindow/*.desktop o /usr/share/xsessions/*.desktop o ~/.dmrc(default user session) The Init, PostLogin, PreSession, and PostSession scripts all work as described below. For each type of script, the default one which will be executed is called "Default" and is stored in a directory associated with the script type. So the default Init script is /etc/gdm/Init/Default. A per-display script can be provided, and if it exists it will be run instead of the default script. Such scripts are stored in the same directory as the default script and have the same name as the Xserver DISPLAY value for that display. For example, if the /etc/gdm/Init/:0 script exists, it will be run for DISPLAY ":0". All of these scripts are run with root privilege and return 0 if run successfully, and a non-zero return code if there was any failure that should cause the login session to be aborted. Also note that GDM will block until the scripts finish, so if any of these scripts hang, this will cause the login process to also hang. When the Xserver for the login GUI has been successfully started, but before the login GUI is actually displayed, GDM will run the Init script. This script is useful for starting programs that should be run while the login screen is showing, or for doing any special initializa- tion if required. After the user has been successfully authenticated GDM will run the PostLogin script. This is done before any session setup has been done, including before the pam_open_session(3PAM) call. This script is useful for doing any session initialization that needs to happen before the session starts. For example, you might setup the user's $HOME directory if needed. After the user session has been initialized, GDM will run the PreSes- sion script. This script is useful for doing any session initialization that needs to happen after the session has been initialized. It can be used for session management or accounting, for example. When a user terminates their session, GDM will run the PostSession script. Note that the Xserver will have been stopped by the time this script is run, so it should not be accessed. Note that the PostSession script will be run even when the display fails to respond due to an I/O error or similar. Thus, there is no guarantee that X applications will work during script execution. All of the above scripts will set the RUNNING_UNDER_GDM environment variable to "yes". If the scripts are also shared with other display managers, this allows you to identify when GDM is calling these scripts, so you can run specific code when GDM is used. The /usr/share/gdm/autostart/LoginWindow directory contains .desktop files. Any .desktop files in this directory will cause the associated program to automatically start with the login GUI greeter. By default, GDM is shipped with files which will autostart the gdm-simple-greeter login GUI greeter itself, the gnome-power-manager application, the gnome-settings-daemon, and the metacity window manager. These programs are needed for the greeter program to work. In addition, desktop files are provided for starting various AT programs if the associated acces- sibility configuration GConf keys are set. The administrator can customize .desktop files. For example, an xterm.desktop file can be useful when debugging the GDM login greeter. A .desktop file to launch xterm(1) would look as follows: [Desktop Entry] Name=Xterm Comment=Xterm Exec=/usr/X11/bin/xterm OnlyShowIn=GNOME; Terminal=false Type=Application X-GNOME-Autostart-Phase=Applications X-GNOME-AutoRestart=true The user's default session and language choices are stored in the ~/.dmrc file. When a user logs in for the first time, this file is cre- ated with the user's initial choices. The user can change these default values by simply changing to a different value when logging in. GDM will remember this change for subsequent logins. The session types which are available in the GDM login greeter GUI are specified by .desktop files. These desktop files are in standard INI format and the executable that will be run to start the session is specified by the "Exec" key in the file. Desktop files are normally stored in the /usr/share/xsessions directory. However, GDM will search for desktop files in the following directories in this order: /etc/X11/sessions/, /etc/dm/Sessions, /usr/share/xsessions, and /usr/share/gdm/BuiltInSessions. The /etc/gdm/Xsession script is called between the PreSession and the PostSession scripts. This script does not support per-display like the other scripts. This script is used for actually starting the user ses- sion. This script is run as the user, and it will run whatever session was specified by the Desktop session file the user selected to start. The /etc/gdm/Xsession script will source /etc/profile, ~/.profile, and all scripts in the /etc/X11/xinit/xinitrc.d directory before starting the user session. Refer to the profile(5) manpage for more informa- tion. Configuration Files /etc/gdm/gdm.schemas GDM default daemon configuration. /etc/gdm/custom.conf GDM daemon configuration customization. /etc/gconf/schemas/gdm-simple-greeter.schemas GDM default login greeter GUI configura- tion. /etc/default/login On Oracle Solaris, GDM supports the CON- SOLE, PASSREQ, PATH, and SUPATH configu- ration options. Refer to the login(1) manpage for details. ~gdm/.gconf.mandatory The GDM user's mandatory GConf settings. ~gdm/.gconf The GDM user's GConf settings. ~gdm/seat/.gconf The per-seat GDM user's GConf settings. ~gdm/.gconf.path This file specifies the GDM user's manda- tory GConf settings directory. Logging /var/log/gdm/display.log Xserver output for each display. /var/log/gdm/display-greeter.log GDM login greeter GUI output for each display. /var/log/gdm/display-slave.log GDM slave daemon output for each display. ~/.xsession-errors Output from the user session. GDM Xauthority files /var/run/gdm Stores the Xserver authentication files for each managed session. Face Browser /usr/share/pixmaps/faces Global directory for face images. ~/.face User-defined icon to be used by GDM face browser. GDM user cache /var/cache/gdm GDM copies the user's ~/.dmrc and ~/.face files to /var/cache/gdm/username, so that they can be accessed on subsequent logins without accessing the user's $HOME direc- tory before pam_setcred(3PAM) is called. ATTRIBUTES See attributes(7) for descriptions of the following attributes: +---------------+----------------------------+ |ATTRIBUTE TYPE | ATTRIBUTE VALUE | +---------------+----------------------------+ |Availability | system/display-manager/gdm | +---------------+----------------------------+ |Stability | Volatile | +---------------+----------------------------+ SEE ALSO More information can be found at: https://help.gnome.org/admin/gdm/ Latest version of the GNOME Desktop User Guide for your platform. gdmflexiserver(1), gdm-screenshot(1), gconftool-2(1), gconf-editor(1), login(1), ssh(1), Xorg(1), Xserver(1), audit(8), console-kit-daemon(8), svcadm(8), libwrap(3), pam(3PAM), logindevperm(5), pam.conf(5), pro- file(5), user_attr(5), attributes(7), environ(7), smf(7) NOTES This man page written by Martin K. Petersen <mkp@mkp.net>, George Lebl <jirka@5z.com>, and Brian Cameron <brian.cameron@sun.com>. Copyright (c) 1998, 1999 by Martin K. Petersen. Copyright (c) 2001, 2003, 2004 by George Lebl. Copyright (c) 2003 by Red Hat, Inc. Copyright (c) 2006, 2020, Oracle and/or its affiliates. Source code for open source software components in Oracle Solaris can be found at https://www.oracle.com/downloads/opensource/solaris-source- code-downloads.html. This software was built from source available at https://github.com/oracle/solaris-userland. The original community source was downloaded from https://down- load.gnome.org/sources/gdm/41/gdm-41.3.tar.xz. Further information about this software can be found on the open source community website at https://wiki.gnome.org/Projects/GDM. 22 Dec 2020 gdm(8)