On 11/11/19 3:57 PM, Jared Stevens via blfs-support wrote:
> I am not entirely sure what you are trying to do. When you
first install gdm in blfs, you create a user "gdm" with group
"gdm" this is what it is run as. In all my years of using gnome,
and it is around 30 years, I have never heard of having a separate
administrator account for gdm.
>
> All that the main stream distros like debian and fedora do, for
their "administrator" accounts is to add the user to the wheel and
in the case of fedora to the sudoers file. In the past, the do
gooders that developed gdm/gnome and also KDE dictated that root
login was not allowed, despite the fact that they do not own the
hardware, and there fore have absolutely no right to push this
down peoples throats. This may have been loosened up a little,
because in the case of kde they hard code it into the code base,
and check if the id is set to root, and then would not allow you
to login.
As is the case when doing a quick search, a better result is
found, this time on gnome's wiki:
https://help.gnome.org/admin/gdm/stable/security.html.en
Hi Christopher,
I may use your first link as a possible workaround, but just to
reiterate I am not trying to login to GNOME using root. I am trying to
give my standard account "user" the ability to edit the settings
within GNOME Control Center and elsewhere within GDM.
On my Ubuntu system, the Authentication window will pop up (i.e. when
accessing GParted) and my user account password will allow access. I
assume this is because said user is part of the "sudo" group.
Furthermore, my user account is listed as "Administrator" in GNOME
Control Center and I am able to click the "unlock" button to make
changes to user accounts (i.e. change an account from "Standard" to
"Administrator). I never had to manually change this user in GNOME
from standard to admin because it was already Adminstrator from the
get-go.
In contrast, my LFS system has root login disabled by default (as it
should for security reasons), and I can login no problem using my
"user" standard account I created during the build. This user is added
to the "wheel" group and the Sudo package is installed to allow root
access through the wheel group.
Furthermore, I can run commands in the terminal application using
"sudo" with my regular user. However, I cannot change any settings in
GNOME Control Center (such as editing user accounts) by clicking the
"unlock" button or open certain programs because the popup
Authentication window in GDM refuses my user's password and the root
account password. I understand why root's password wouldn't work
seeing as I have disabled root login. And I assume that I cannot enter
my user password in the Authentication window because the user account
is listed as "Standard" in GNOME Control Center instead of
"Administrator."
So I am trying to figure out how to set the necessary permissions so
that my created user account is able to authenticate in the popup
window in GNOME since apparently being in the "wheel" group is not
enough besides having to allow root login in GNOME just to change the
user account from "Standard" to "Administrator" in GNOME Control
Center. It seems likely that I missed a step or made an error possibly
when setting up PAM with GDM or something, but I am not sure what that
would be.
Thanks,
Jared Stevens
Hi Jared,
In AccountsService, we setup a rule for administrator access. I'm not
sure this is related, but ensure that your account is in the 'adm' group
and then logout and log back into GNOME.
- Doug
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
