On Friday 05 April 2002 11:28 pm, Damian wrote:
> El vie, 05-04-2002 a las 02:51, Ric Tibbetts escribió:
> > On Thu, 2002-04-04 at 16:07, Thomas Gamble wrote:
> > > Since upgrading to 8.2 I have noticed that changes to the login manager
> > > don't stick. In particular, changing 'Show Users' to 'None'. After a
> > > couple of login cycles this reverts back to 'All but no show'. I've
> > > seen this same bahavior on three separate installations of MDK8.2 all
> > > clean installs. It seems as though a script is running somewhere that
> > > regenerates the /usr/share/config/kdm/kdmrc file, but I've been
> > > unsuccessful in finding anything. Editing this file directly has the
> > > same result. Has anyone else had this problem, and have you found a
> > > solution?
> >
> > It's not just kdm. I'm having exactly the same problem with gdm. I
> > thought it was just me.
> >
> > Anyone have a fix yet? Or at least a cause?
> >
> > Thanks!
> >
> > Ric
>
> possible cause: security level? just wondering...
It turns out this is exactly the cause.
In particular, it is related to the msec script that gets run from both
/etc/cron.daily and /etc/cron.hourly. This script is a link to
/usr/share/msec/security.sh which calls /usr/share/msec/msec.py. msec.py
tests for security levels and makes corrections to certain system setting
based on the current level setting.
The following code snippet from /usr/share/msec/msec.py appears to be the
offender:
if level >= 4:
set_user_umask('077')
set_shell_history_size(10)
allow_root_login(0)
enable_sulogin(1)
allow_user_list(0)
enable_promisc_check(1)
accept_icmp_echo(0)
accept_bogus_error_responses(0)
allow_reboot(0)
enable_at_crontab(0)
if level == 4:
password_aging(60, 30)
else:
password_aging(30, 15)
else:
set_user_umask('022')
set_shell_history_size(-1)
allow_root_login(1)
enable_sulogin(0)
allow_user_list(1)
enable_promisc_check(0)
accept_icmp_echo(1)
accept_bogus_error_responses(1)
allow_reboot(1)
enable_at_crontab(1)
password_aging(99999)
The call to 'allow_user_lists(1)' in the 'else' portion is the problem. This
has the result of forcing the 'ShowUsers' setting in kdmrc to 'All'.
Commenting this line out fixes the problem and still allows higher
security level settings to force 'ShowUsers' to 'None'. This script also
affects similar settings in gdm (I believe it's the 'Browser' setting)and
this change should fix that as well.
--
Thomas K. Gamble
[EMAIL PROTECTED]
Whoso loveth instruction loveth knowledge,
but he that hateth reproof is brutish.
(Proverbs 12:1)
Current Linux kernel 2.4.18-6mdksmp, Uptime: minutes.
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
