Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI
This information is Copyright 2009 Sun Microsystems
1. Introduction
1.1. Project/Component Working Name:
GNOME Display Manager (GDM) Rewrite
1.2. Name of Document Author/Supplier:
Author: Brian Cameron
1.3 Date of This Document:
11 August, 2009
4. Technical Description
1. Introduction
1.1. Project/Component Working Name:
GNOME Display Manager (GDM) Rewrite
1.2. Name of Document Author/Supplier:
Brian Cameron
1.3. Date of This Document:
08/11/2009
1.4. Name of Major Document Customer(s)/Consumer(s):
1.4.1. The PAC or CPT you expect to review your project:
Solaris PAC
1.4.2. The ARC(s) you expect to review your project:
LSARC
1.4.3. The Director/VP who is "Sponsoring" this project:
Robert O'Dea
1.4.4. The name of your business unit:
Software - OPG
1.5. Email Aliases:
1.5.1. Responsible Manager:
leo.binchy at sun.com
1.5.2. Responsible Engineer:
brian.cameron at sun.com
1.5.3 Marketing Manager:
dan.robert at sun.com
1.5.4. Interest List:
desktop-discuss at opensolaris.org
2. Project Summary
2.1. Project Description:
Starting with GDM version 2.21, the code has been rewritten to make
better use of GObject object-oriented techniques, and D-Bus for IPC
(inter-process communication). It also makes use of ConsoleKit to
keep track of information about each managed session, and ConsoleKit
provides better support of switching between graphical VT sessions.
ConsoleKit will be integrated into Solaris with the new GDM rewrite.
The Desktop team intends to integrate GDM 2.28 into Solaris.
Today, Solaris does not support graphical VT sessions. However,
the virtual console team is currently targeting build 124 to add
this feature. Refer to PSARC 2006/591 Virtual Console. VT support
is not needed to use GDM, but GDM will support it as soon as it is
available.
4. Technical Description:
4.1. Details:
The GDM rewrite provides a login experience that is similar to the
gdmlogin GUI provided by the older GDM. The usability has been much
improved with a more usable face browser and a panel which displays a
number of new options. GDM uses the GTK+ widget set and supports
accessibility.
The GDM greeter GUI runs as a special user which can be configured. By
default the "gdm" user and "gdm" group are used. This user has no
special permissions except the ability to read the Xauth keys
associated with displays that GDM sets up. This ensures that if a
user somehow were to compromise the GDM GUI programs, they would not
get higher privilege such as root permissions. The following text
refers to the "gdm" user and "gdm" group, but note that these can be
configured to be a different user and/or group if desired.
The GDM login program now has a GUI panel. This provides widgets which
show the user battery status and provides a new interface for manually
starting and stopping accessibility programs on-demand. The panel also
can provide an interface for selecting the keyboard layout to use;
however, this keyboard layout switching feature is not available on
Solaris since it depends on libxklavier which is not available on
Solaris.
If configured, GDM can will display "Shutdown" and "Restart" buttons
for shutting down and restarting the machine. Refer to section 4.1.9
for more information.
By default GDM now displays all users on the system in a face browser
so the user can select the username from a list and then enter the
password. The most frequent users are displayed first and the list
of frequent users is obtained using the ConsoleKit /usr/bin/ck-history
interface. The face browser includes an "Other" choice which allows
the user to avoid using the face browser and enter the PAM prompts
directly (e.g. username and password) if they wish. This "Other"
choice is needed, for example, to login as a system user, since system
users are not displayed in the face browser. The face browser feature
can be disabled via configuration so that users simply enter responses
to PAM prompts. For example, many Sun Ray users would likely want to
disable the Face Browser.
Once the user has entered their username, or selected it via the
face browser, the panel shows interfaces for selecting the session to
log into and the language to use. If there is only one session type
installed on the system, the session selection interface is not
displayed and GDM assumes the user will log the user into that one
available session. The user's default choices for session and language
are automatically selected, so the user only needs to select them on
first-time login or if they wish to use a non-default value. If a
non-default value is selected, GDM automatically makes it the new
default value for that usre in subsequent logins.
The new GDM also makes use of the GNOME infrastructure by using
gnome-session, the gnome-settings-daemon, and the metacity window
manager to run the graphical login program. The old GDM did not use
these, and instead used its own light window manager for example.
There are some regressions when using the new GDM. Refer to section
4.1.15 for more information.
Note that GDM now provides two types of slaves:
- The gdm-simple-slave which works similar to the old GDM where it
manages a single active session at a time.
- The gdm-factory-slave and gdm-product-slave which runs a login
screen all the time on a VT. When users authenticate the session is
started in a different VT. This model supports better user
switching.
The gdm-factory-slave/gdm-product-slave are experimental and disabled
by default. It is necessary to recompile the code to enable them.
Therefore these binaries are not shipped with the Solaris packages.
Only the gdm-simple-slave greeter binary is shipped with Solaris.
4.1.1 Detail About GDM Program Interfaces
- /usr/sbin/gdm-binary [--debug] [--fatal-warnings] [--timed-exit]
[--version]
The main GDM process. It supports arguments for debugging and for
printing the version number. One difference with the previous
version of GDM is that the main process no longer runs as a daemon.
The gdm-binary program spawns slave processes as needed for each
display that needs to be managed.
- /usr/bin/gdmdynamic [--add=DISPLAY | --delete=DISPLAY | --list ]
This program calls ck-seat-tool to start or stop a session on a given
display and calls ck-list-sessions to return a listing of displays
previously started via ck-seat-tool. This interface will be used by
Sun Ray for starting and stopping sessions on Sun Ray devices, but
could also be used for dynamically managing other kinds of displays.
To use gdmdynamic, it must be run as the same user which is running
the main GDM and ConsoleKit daemons, which is normally root.
Otherwise the request is ignored.
Currently this program is added by a Solaris specific patch for
backwards compatibility. When the Sun Ray product fully integrates
with ConsoleKit, this will be removed.
- /usr/bin/gdmflexiserver [--version] [--debug]
This program is provided for backwards compatibility. It can be used
with no arguments to start a flexible display on a new VT. Aside
from the --version and --debug arguments, it no longer supports other
arguments that were previously supported by GDM, such as the
--command argument. D-Bus interfaces replace the functionalities
that were previously provided by --command.
- /usr/sbin/gdm-stop
Script for stopping GDM.
- /usr/bin/gdm-screenshot [--debug]
A utility for taking a picture of the GDM login GUI screen.
- /usr/lib/gdm-crash-logger
- /usr/share/gdm/gdb-cmd
If any GDM process receives the following signals, then the
gdm-crash-logger program is run: SIGSEGV, SIGBUS, SIGILL, SIGABRT,
SIGTRAP, SIGFPE, or SIGPIPE.
gdm-crash-logger runs the following command to get a stack trace,
then prints the stack trace to the syslog.
gdb --batch --quiet --command=/usr/share/gdm/gdb-cmd --pid=PID
The /usr/share/gdm/gdb-cmd command script runs the following:
bt
thread apply all bt full
q
If the call to gdm-crash-logger fails to return with a valid return
code, then GDM uses fallback code that calls backtrace (3C)
and prints the output to the syslog.
- /usr/lib/gdm-simple-slave
A slave daemon that runs the gdm-simple-greeter directly.
- /usr/lib/gdm-session-worker
A separate process which handles PAM/audit interactions. The
gdm-simple-slave interacts with it via the gdm-session D-Bus
interface. The gdm-simple-slave interacts directly with
gdm-session-worker, while gdm-factory-slave uses a relay connection.
- /usr/lib/gdm-simple-greeter
The default login GUI program. Used both by gdm-factory-slave and
gdm-simple-slave.
- /usr/lib/gdm-host-chooser
- /usr/lib/gdm-simple-chooser
The XDMCP chooser GUI program. gdm-simple-chooser is intended to
be launched from the login GUI while gdm-host-chooser is an
application which can be launched with the user runs the Xserver with
the -indirect flag.
- /usr/lib/gdm-user-switch-applet
The Fast-User-Switch-Applet. When VT is enabled, this applet allows
users to quickly switch to a login screen on a separate VT. The
username value will be pre-filled if the user has selected a user in
the applet, so the user only needs to enter the password. Therefore,
this feature may not be useful with some PAM stacks.
This, and other files associated with this applet will only be
delivered after VT integrates into Solaris. Such other files
include:
- /usr/share/gnome-2.0/ui/GNOME_FastUserSwitchApplet.xml
- /usr/lib/bonobo/servers/GNOME_FastUserSwitchApplet.server
- /usr/lib/gdm-xdmcp-chooser-slave
The slave to be used when a user is running the XDMCP chooser.
4.1.2 GDM autostart mechanism
The /usr/share/gdm/autostart/LoginWindow directory contains desktop
files which follow the FreeDesktop Desktop File Specification. Any
programs which have a desktop file installed will be automatically run
in the login session. So if the user desires any additional programs
to start with the login GUI, it is possible to add a desktop file to
this directory to do this.
This directory contains the following desktop files, so these programs
are always launched in the GDM greeter GUI session:
- gdm-simple-greeter.desktop
This starts the GDM greeter itself.
- gnome-power-manager.desktop
The gnome-power-manager is launched with GDM so that GDM can report
on the battery state.
- gnome-settings-daemon.desktop
gnome-settings-daemon is always started with GDM.
- metacity.desktop
The metacity window manager is always started with the GDM greeter.
The autostart directory also contains the following accessibility
related desktop files so that these programs are autolaunched if the
user has set the appropriate GConf keys for the "gdm" user.
- at-spi-registryd-wrapper.desktop
If the /desktop/gnome/interface/accessibility GConf key is set for
the "gdm" user, then this ensures the at-spi-registryd process is
started.
- gnome-mag.desktop
If the /desktop/gnome/applications/at/screen_magnifier_enabled GConf
key is set for the "gdm" user, then gnome-mag will be autolaunched.
- gok.desktop
If the /desktop/gnome/applications/at/screen_keyboard_enabled GConf
key is set for the "gdm" user, then gnome-mag will be autolaunched.
- orca-screen-reader.desktop
If the /desktop/gnome/applications/at/screen_reader_enabled GConf key
is set for the "gdm" user, then gnome-mag will be autolaunched.
Note that many of these desktop files use the FreeDesktop Autostart
Specification and the FreeDesktop Startup Notification Specification to
ensure that they autorestart if necessary.
4.1.3 Detail About GDM Server Configuration
The GDM rewrite uses different configuration mechanisms than the old
GDM. The GDM daemon stores default values via GConf in the gdm.schemas
GConf file. If these values need to be configured for a given machine,
the system administrator is expected to modify the /etc/gdm/custom.conf
file. This file is in the same format as the old GDM, though it
supports fewer configuration options.
The following options are supported:
chooser/Multicast - Set to "true" or "false". If true, then
the chooser will send a multicast query
to the local network and collect
responses from the hosts who have joined
multicast group. The value is "true" by
default.
chooser/MulticastAddr - The Link-local Multicast address. The
value is "ff02::1" by default.
daemon/User - The user who runs GDM GUI applications
daemon/Group - The group who runs GDM GUI applications
daemon/AutomaticLoginEnable - Set to "true" or "false". If true, then
Automatic login is enabled. The value is
"false" by default.
daemon/AutomaticLogin - Set to automatic login user.
daemon/TimedLoginEnable - Set to "true" or "false". If true, then
Timed login is enabled. The value is
"false" by default.
daemon/TimedLogin - Set to timed login user.
daemon/TimedLoginDelay - Timed login delay in seconds. The value
s 30 seconds by default.
security/DisallowTCP - Set to "true" or "false". If true, then
always append "-nolisten tcp" to the
Xserver command line. The value is "true"
by default in the upstream community.
However, on Solaris, we set the value
to "false" so that the Xserver
"options/tcp_listen" SMF property
controls whether "-nolisten tcp" is added
to the command line or not.
xdmcp/DisplaysPerHost - Maximum number of remote connections
from a single host Default value is 1.
xdmcp/Enable - Set to "true" or "false". If true, then
XDMCP is enabled. The value is "false"
by default.
xdmcp/HonorIndirect - Set to "true" or "false". If true, then
XDMCP INDIRECT choosing is enabled.
The value is "true" by default.
xdmcp/MaxPending - This integer value controls how many
displays can start at the same time.
The value is 4 by default.
xdmcp/MaxSessions - The maximum number of remote displays
connections which will be managed
simultaneously. The value is 16 by
default.
xdmcp/MaxWait - When GDM is ready to manage a display,
an ACCEPT packet is sent to it containing
a unique session id. GDM will then place
the session id in the pending queue
waiting for the display to respond with
a MANAGE request. If no response is
received within xdmcp/MaxWait seconds,
GDM will abort the connection. The value
is 30 seconds by default.
xdmcp/MaxWaitIndirect - Determines the maximum number of seconds
between the time where a user chooses a
host and the subsequent indirect query
where the user is connected to the host.
If exceeded, the connection is aborted.
The value is 30 seconds by default.
xdmcp/PingIntervalSeconds - Interval in which to ping the Xserver in
seconds. If the Xserver does not return
before the next ping, the connection is
stopped. the value is 15 seconds by
default.
xdmcp/Port - XDMCP port to use. The value is 177 by
default.
xdmcp/Willing - When the machine sends a WILLING packet
back after a QUERY it sends a string that
gives the current status of this server.
The default message is the system ID, but
it is possible to create a script that
displays customized messages. If this
script does not exist or if the value is
empty, then the default message is sent.
If the script succeeds and produces some
output, the first line of its output is
sent. It runs at most once every 3
seconds to prevent possible denial of
service by flooding the machine with
QUERY packets. The value is
"/etc/gdm/Xwilling" by default.
In addition, GDM integrates with libwrap so the sysadmin can control
which hosts may connect via XDMCP.
4.1.4 Detail About GDM Greeter Configuration
The GDM greeter supports configuration via GConf settings stored in
the gdm user's $HOME directory. Default values are stored in the
gdm-simple-greeter.schemas GConf file. The sysadmin is expected to
change the GConf settings in the gdm users $HOME directory. This
can be done via the /usr/bin/gconftool-2 or /usr/bin/gconf-editor
tools.
- /apps/gdm/simple-greeter/banner_message_enable
Boolean value. Controls whether the banner message text is
displayed. Default value is false.
- /apps/gdm/simple-greeter/banner_message_text
String value. Specifies the text banner message to show on the
greeter window. Default value is NULL.
- /apps/gdm/simple-greeter/debug
Boolean value. If true, then debugging mode is enabled for the
greeter.
- /apps/gdm/simple-greeter/disable_restart_buttons
Boolean value. Controls whether to show the restart and shutdown
buttons in the login window. Even if true, GDM checks to see if
the "gdm" user (or the user specified in the daemon/User
configuration option) has RBAC privileges for
solaris.system.shutdown. If not, the buttons are not displayed
regardless of this configuration setting. Default value is false.
- /apps/gdm/simple-greeter/disable_user_list
Boolean value. If true, then the face browser with known users is
not shown. In this case, normal PAM prompting is used.
- /apps/gdm/simple-greeter/logo_icon_name
String value. Specifies the themed icon name to use for the
greeter logo.
- /apps/gdm/simple-greeter/recent-languages
String value. This is set to a list of languages to be shown by
default in the login window. Default value is "[]". With the
default setting only the system default language is shown and the
option "Other..." which pops-up a dialog box showing a full list
of available languages which the user can select.
Users are not intended to change this setting by hand. Instead GDM
keeps track of any languages selected in this configuration key, and
will show them in the language combo box along with the "Other..."
choice. This way, commonly selected languages are easier to select.
- /apps/gdm/simple-greeter/recent-layouts
String value. This is set to a list of keyboard layouts to be shown
by default in the login panel. Default value is "[]". With the
default setting only the system default keyboard layout is shown and
the option "Other..." which pops-up a dialog box showing a full list
of available keyboard layouts which the user can select.
Users are not intended to change this setting by hand. Instead GDM
keeps track of any keyboard layouts selected in this configuration
key, and will show them in the keyboard layout combo box along with
the "Other..." choice. This way, commonly selected keyboard layouts
are easier to select.
Note that this feature is only available if libxklavier is available
on the system. On Solaris, it is not, so the layout widget is
never shown.
- /apps/gdm/simple-greeter/wm_use_compiz
Boolean value. If true, compiz is used as the window manager
instead of metacity. Default is false.
4.1.5 Detail About GDM Script Interfaces
GDM supports the following script interfaces
- /etc/gdm/Init
- /etc/gdm/PostLogin
- /etc/gdm/PreSession
- /etc/gdm/PostSession
The Init script is run when a display is managed and after the
Xserver has started, but before the greeter program is shown.
The PostLogin script is run after a user has successfully
authenticated, but before any session setup has been done, including
before the pam_open_session call.
The PreSession script is run after the user session has been
initialized, but before starting the user session.
The PostSession script is run after the user session exits, when the
user terminates their session.
The above four interfaces are directories which contain a Default
script. This Default script is run by default. The directories can
also contain a per-display script with a DISPLAY name, such as ":0".
If such a per-display script exists, then it is run instead of the
Default script.
- /etc/gdm/Xwilling
Refer to the "xdmcp/Willing" configuration setting in section 4.1.3.
By default, no such script is installed, but the script will work
as described in section 4.1.3 if present.
4.1.6 Detail About Other GDM Interfaces
- /usr/share/xsessions
All display managers which follow the FreeDesktop Desktop File
Specification use this directory and expect all available sessions
to have installed a desktop file in this directory. These desktop
files are in the format specifies by the FreeDesktop Desktop
Specification. The /usr/share/xsessions file location is not
a part of the specification, but is a de facto standard supported
by all popular FreeDesktop display managers such as GDM and KDM.
For example, the gnome-session module installs a gnome.desktop file.
Such desktop files specify what program to run to start the session.
When using GDM, the specified program for the session is run by the
/etc/gdm/Xsession script.
If only one desktop file is installed to this directory, then GDM
does not bother to show the user a dialog to select the session and
assumes to start the only available session.
- $HOME/.dmrc
This file contains the user's default language and session choices.
Unless the user picks a different language or session in the greeter
dialog, the choices from this file are used. If the file does not
exist, it is created on first-time login with the choices selected.
This file is in standard INI format. For example, a file could
contain these lines:
[Desktop]
Session=gnome
Language=cs_CZ.UTF-8
- /var/lib/gdm
/var/lib/gdm/.gconf.path
/var/lib/gdm/.gconf.mandatory/%gconf-tree.xml
/var/lib/gdm is the default $HOME directory for the GDM user. This
directory contains standard GConf files where the user can store
modified configuration options. Though users would likely use
the /usr/bin/gconftool-2 or /usr/bin/gconf-editor programs to
modify the settings instead of modifying the files directly.
The /var/lib/gdm/.gconf.path file is a standard interface that is
loaded by the /etc/gconf/2/path file after loading the system GConf
mandatory settings. This file simply specifies that the
/var/lib/gdm/.gconf.mandatory override any normal system settings.
The /var/lib/gdm/.gconf.mandatory/%gconf-tree.xml file specifies
configuration settings that are specific to GDM. For example, these
settings are used to lockdown the session used while the GDM GUI is
showing. For example, keybindings are disabled so the user can not
use normal keybindings to launch applications.
- /var/run/gdm
This directory is used for storing Xauth keys for all active
sessions. It has the following permissions:
drwxrwxr-t 4 root gdm 273 Jan 30 18:39 gdm
This directory contains a subdirectory for each Xauth key. For
user "foo", the directory would be auth-for-foo-XXXXX where
mkdtemp(3C) is used to build a unique filename, replacing the
"XXXXX" string with a unique string. The Xauth key is stored in
a file in this directory called "database" which only has read-write
permissions for the user.
Note that GDM packages do not install any files to /var/run. Files
in this directory are created when GDM starts.
4.1.7 Detail About Other GDM Environment Variable Usage
When GDM runs various internal processes the GDM_CHOOSER_DBUS_ADDRESS
and GDM_GREETER_DBUS_ADDRESS environment variables are set so that
the D-Bus address of the chooser and greeter can be accessed.
GDM GUI programs access the GNOME_ACCESSIBILITY environment variable.
If set, it will start the accessibility registry so that accessibility
programs work. This environment variable gets set by gnome-session
if the "gdm" user has configured accessibility to be enabled.
GDM GUI programs access the DESKTOP_AUTOSTART_ID. If set, it will
register itself with the session manager. This way the greeter will
auto restart if it crashes. This environment variable will normally
be set by the session manager because the gdm-simple-greeter.desktop
file (discussed in section 4.1.2) specifies
X-GNOME-Autostart-Notify=true.
Also, common environment variables such as G_DEBUG and GTK_MODULES
also affect GDM in the expected manner.
When starting a user session the following environment variables are
set:
DESKTOP_SESSION - Set to the session name the user has chosen,
such as "gnome" when logging into the GNOME
desktop.
GDMSESSION - Set to the same value as DESKTOP_SESSION.
LANG - Set to the language choice selected when the
user logged in.
GDM_LANG - Set to the same value as LANG.
GDM_KEYBOARD_LAYOUT - Set to the keyboard layout choice selected when
the user logged in.
DISPLAY - Set to the DISPLAY value.
HOME - Set to the user's $HOME directory.
LOGNAME - Set to the username logging in.
PATH - Set to "/usr/bin". However, if the
/etc/default/login file specifies a value for
PATH it is always used; except for the root
user, which uses the SUPATH value.
SHELL - Set to the user's shell.
USER - Set to the username logging in.
USERNAME - Set to the username logging in.
XAUTHORITY - Set to the location of the Xauth file.
XDG_SESSION_COOKIE - Provided by ConsoleKit and passed along to the
user session.
When running scripts (such as Init, PostSession, PreSession,
PostSession), the following are set so that the scripts can access
user information. Note that in the case of the Init script,
username is not set so getpwname will not return valid values.
HOME - If getpwname returns a valid $HOME directory, it
is set to that value, otherwise set to "/".
PWD - If getpwname returns a valid $HOME directory, it
is set to that value, otherwise set to "/".
SHELL - If getwpname returns a valid shell, it is set to
that value, otherwise set to "/bin/sh".
DISPLAY - Set to the DISPLAY value.
LOGNAME - Set to username of user logging in.
REMOTE_HOST - Set to the hostname if non-local (e.g. XDMCP).
RUNNING_UNDER_GDM - Set to "true"
USER - Set to username of user logging in.
USERNAME - Set to username of user logging in.
XAUTHORITY - Set to the location of the Xauth file.
When starting the Xserver, the following environment values are set:
DISPLAY - Set to the DISPLAY value.
HOME - If getpwname returns a valid $HOME directory, it
is set to that value, otherwise set to "/".
SHELL - If getwpname returns a valid shell, it is set to
that value, otherwise set to "/bin/sh".
XAUTHORITY - Set to location of the Xauth file.
4.1.8 Detail About Xserver interfaces
GDM starts the Xserver via the /usr/X11/bin/Xserver script. It then
waits until it receives the USR1 signal, which the Xserver will send
when the Xserver is initialized and ready to use.
On Solaris the private to Solaris SDTLOGIN interface
(/var/dt/sdtlogin) is used to drop the Xserver to user permissions
after authentication for added security.
4.1.9 ConsoleKit Integration
GDM uses ConsoleKit to keep track of information about each running
session. This information is also useful to other programs, such
as the Fast-User Switch applet, so ConsoleKit provides a standard
interface for getting this information via D-Bus.
GDM provides Shutdown and Reboot buttons for shutting down and
restarting the system. These buttons are only available if enabled
in the configuration, and if the "gdm" user has permissions for
the solaris.system.shutdown RBAC key. GDM does not do the actual
shutdown/restart operation, but sends a message to ConsoleKit which
does the work. Note that ConsoleKit also will only allow these
operations if the requesting user (the "gdm" user in the situation
where the user presses the button on the GDM login GUI) has RBAC
permissions for the solaris.system.shutdown RBAC key.
GDM calls /usr/lib/ck-get-x11-display-device to find out the
associated TTY value of the Xserver on a given display after starting
the Xserver.
GDM calls /usr/bin/ck-history when using the face browser to show
the most frequently logged in users first, making it easier for such
users to log in quickly.
The gdmdynamic program calls ck-seat-tool to actually start a dynamic
display.
4.1.10 logindevperm Integration
On Solaris, the logindevperm(4) interfaces are called after the user
authenticates to ensure that the user has appropriate permissions
after login. This is only done for users who are logging into the
console. GDM checks to see if the associated device is "/dev/console"
or a VT device (/dev/vt/*) and only calls logindevperm if one of these
devices is being used.
4.1.11 SMF Integration
GDM includes SMF integration files to start and stop GDM as a service,
much like the previous version of GDM. It also makes use of ctrun(1)
to ensure that any processes that crash in the user session do not
cause the GDM service to restart.
4.1.12 /etc/default/login integration
GDM supports the CONSOLE, PASSREQ, PATH, and SUPATH configuration
options. When CONSOLE is set to "/dev/console", then root is only
allowed to log in via the console, the settings for PATH or SUPATH are
used as the default PATH for normal users (PATH) or the root user
(SUPATH). When PASSREQ is "YES" then the PAM_DISALLOW_NULL_AUTHTOK
flag is used when calling pam_authenticate and pam_acct_mgmt.
4.1.13 GDM Xsession Script
The GDM Xsession script sources /etc/profile, /etc/xprofile, and
$HOME/.profile before starting the user session. If the file does
not exist on the system, it is not sourced.
Any scripts in /etc/X11/xinit/xinitrc.d are sourced before starting
the user session. This allows for distro specific startup
configuration.
The GDM Xsession script also calls xrdb to merge resources. On
Solaris it will call "xrdb -merge $HOME/.Xresources" if such a file
exists on the system.
The Xsession script uses /usr/bin/zenity to display any error dialogs
to the user.
4.1.14 Handling Of Dueling Login Applications
ASARC 1994/437 discussed the issue of multiple login applications
competing for the console. Dtlogin currently provides a poor
"solution" whereby the user is requested to ignore the text based
login prompt that was just displayed and to wait a few seconds for the
dtlogin screen to appear.
ASARC 1995/390 provided advisory information to the effect that the
next version of this project would not be approved if it had not
eliminated this problem.
GDM plans to resolve this problem by making use of VT when it is
available. This will provide users with a reasonable mechanism to
"drop to console" on demand.
4.1.15 Regressions
The new GDM does not support the degree of configurability that was
supported by the older GDM. Many features were removed since they
were seen as being unnecessary.
Regressions worthy of note include the following:
- GDM configuration interfaces have changed. Therefore users may need
to reconfigure GDM if they desire the GUI to behave in a non-default
manner.
- GDM no longer supports managing Xnest/Xephyr login windows, so this
feature and the "Login in a window" menu option is no longer
available.
- GDM no longer supports gdmgreeter style themes. The new GDM has
more limited branding options, like changing the background image
that is used.
- GDM no longer provides the ability to start the chooser program from
the login greeter GUI program.
- GDM no longer provides a "Failsafe Session". Since the new GDM
assumes that console users have access to VT, the VT mechanism
should be used for failsafe purposes.
- GDM no longer provides the "gdmsetup" program, so there is no longer
a GUI interface for configuring GDM. In some ways this is a good
thing since the old gdmsetup could only be run with root privileges.
The gdmsetup program has long needed to be rewritten to be more
sensible about requiring privilege to run, such as using RBAC on
Solaris or PolicyKit on Linux to allow any authorized user to
configure the login screen.
Note that Canonical is currently in the process of writing a new
"gdmsetup" program and it should be available in the near future.
It currently uses PolicyKit, so some work will be needed to make
it work with RBAC on Solaris instead. However, it is expected that
this feature will be reintroduced in the following GNOME release
cycle.
- GDM no longer provides gesture listeners, so that accessibility
programs can not be launched on-demand. Instead such programs can
be configured to be always on or always off. GDM does also provide
a dialog where users can turn on/off accessibility programs.
However, this is obviously only useful to users who can navigate the
GUI.
4.2. Interfaces:
Exported Interfaces Stability Comments
--------------------------------------- ----------- -------------
SUNWgnome-display-mgr Uncommitted Package name.
SUNWgnome-display-mgr-root Uncommitted Package name.
/var/svc/manifest/application/graphical-login/gdm.xml
Uncommitted SMF
integration
file.
/lib/svc/method/svc-gdm Volatile SMF
integration
startup,
stop, and
restart,
script.
/usr/bin/gdm-screenshot Volatile See 4.1.1.
/usr/bin/gdmdynamic Volatile See 4.1.1.
/usr/bin/gdmflexiserver Volatile See 4.1.1.
/usr/sbin/gdm-binary Volatile See 4.1.1.
/usr/sbin/gdm-stop Volatile See 4.1.1.
/usr/lib/gdm-crash-logger Volatile See 4.1.1.
/usr/lib/gdm-host-chooser Volatile See 4.1.1.
/usr/lib/gdm-session-worker Volatile See 4.1.1.
/usr/lib/gdm-simple-chooser Volatile See 4.1.1.
/usr/lib/gdm-simple-greeter Volatile See 4.1.1.
/usr/lib/gdm-simple-slave Volatile See 4.1.1.
/usr/lib/gdm-user-switch-applet Volatile See 4.1.1.
Only
delivered
after VT
integrates.
/usr/lib/gdm-xdmcp-chooser-slave Volatile See 4.1.1.
/usr/share/gdm/gdb-cmd See 4.1.1.
/usr/share/gdm/autostart/LoginWindow Uncommitted See 4.1.2.
/etc/gdm/custom.conf Uncommitted See 4.1.3.
/etc/gdm/gdm.schemas Uncommitted GConf
configuration
for server.
See 4.1.3.
/etc/gconf/schemas/gdm-simple-greeter.schemas Uncommitted GConf
configuration
for greeter.
See 4.1.4.
/etc/gdm/Init/Default Uncommitted See 4.1.5.
/etc/gdm/PostLogin/Default Uncommitted See 4.1.5.
/etc/gdm/PreSession/Default Uncommitted See 4.1.5.
/etc/gdm/PostSession/Default Uncommitted See 4.1.5.
/etc/gdm/Xwilling Uncommitted See 4.1.5.
No file is
shipped by
default.
/etc/gdm/Xsession Uncommitted See 4.1.13.
/etc/X11/xinit/xinitrc.d Uncommitted See 4.1.13.
/usr/share/xsessions Uncommitted See 4.1.6
/var/lib/gdm Uncommitted $HOME
directory
for "gdm"
user.
See 4.1.6.
/var/lib/gdm/.gconf.mandatory/%gconf-tree.xml Uncommitted See 4.1.6
/var/lib/gdm/.gconf.path Uncommitted See 4.1.6
$HOME/.dmrc Uncommitted See 4.1.6.
/usr/share/gdm/gdm-greeter-login-window.glade Volatile Glade file
/usr/share/gnome-2.0/ui/GNOME_FastUserSwitchApplet.xml
Volatile UI XML file.
Only
delivered
after VT
integrates.
/usr/share/gnome/help/gdm Volatile Help files
/usr/share/icons/hicolor/ Volatile Icons for GDM
/usr/share/pixmaps/faces/ Volatile Face images
for face
browser
/usr/lib/bonobo/servers/GNOME_FastUserSwitchApplet.server
Volatile Bonobo applet
integration.
Only
delivered
after VT
integrates.
/etc/dbus-1/system.d/gdm.conf Volatile D-Bus
integration.
/var/log/gdm Volatile Contains
log files for
all running
Xservers.
/var/run/gdm Volatile Contains
Xauth cookies
for all
running
sessions.
See 4.1.6.
DESKTOP_SESSION Uncommitted See 4.1.7.
GDMSESSION Uncommitted See 4.1.7.
GDM_LANG Uncommitted See 4.1.7.
GDM_KEYBOARD_LAYOUT Uncommitted See 4.1.7.
Obsolete Interfaces Stability Comments
---------------------------- ----------------- -----------------------
Note section 4.1.15 which discusses regressions associated with these
obsolete interfaces. Also note that GDM interfaces were defined as
Volatile in "LSARC 2008/207 GNOME 2.22".
/usr/bin/gdmXnest Obsolete Volatile GDM no longer supports
managing Xnest style
logins.
/usr/bin/gdmXnestchooser Obsolate Volatile ""
/usr/bin/gdmphotosetup Obsolate Volatile User photos are now
selected via the
"About Me" capplet
/usr/bin/gdmthemetester Obsolate Volatile gdmgreeter style themes
no longer supported.
/usr/sbin/gdmsetup Obsolate Volatile GDM no longer supports
configuration GUI.
/usr/lib/gdmchooser Obsolate Volatile Replaced with new
chooser.
/usr/lib/gdmgreeter Obsolete Volatile Replaced with new
greeter.
/usr/lib/gdmlogin Obsolete Volatile Replaced with new
greeter.
/usr/lib/gtk-2.0/modules/libdwellmouselistener.so
Obsolete Volatile No longer supports
a11y gestures.
/usr/lib/gtk-2.0/modules/libkeymouselistener.so
Obsolete Volatile No longer supports
a11y gestures.
/usr/share/gdm/BuiltInSessions/default.desktop
Obsolete Volatile This provided a session
option for users to
login via an .Xinitrc
script. A user who
wanted this could
easily define their
own to do the same
thing. Removed from
upstream because few
people use it.
/usr/share/gdm/applications/gdmflexiserver-xnest.desktop
Obsolete Volatile See gdmXnest above.
/usr/share/gdm/applications/gdmphotosetup.desktop
Obsolete Volatile See gdmphotsetup above.
/usr/share/gdm/applications/gdmsetup.desktop
Obsolete Volatile See gdmsetup above.
/usr/share/gdm/defaults.conf Obsolete Volatile Defaults now stored
in GConf.
/usr/share/gdm/factory-defaults.conf
Obsolete Volatile Ditto
/usr/share/gdm/gdmchooser.glade
Obsolete Volatile No longer needed.
/usr/share/gdm/gdmphotosetup.glade
Obsolete Volatile No longer needed.
/usr/share/gdm/gdmsetup.glade Obsolete Volatile No longer needed.
/usr/share/gdm/themes Obsolete Volatile No longer support
gdmgreeter style
themes.
/usr/share/gdm/gdmprefetchlist Obsolete Volatile No longer supported.
/usr/share/gdm/locale.alias Obsolete Volatile No longer needed.
/etc/X11/gdm/modules/AccessDwellMouseEvents
Obsolete Volatile No longer supports
a11y gestures.
/etc/X11/gdm/modules/AccessKeyMouseEvents
Obsolete Volatile Ditto.
/etc/X11/gdm/modules/factory-AccessDwellMouseEvents
Obsolete Volatile Ditto.
/etc/X11/gdm/modules/factory-AccessKeyMouseEvents
Obsolete Volatile Ditto.
GDM Configuration options Obsolete Volatile Refer [1].
Imported Interfaces Stability Comments
---------------------------- --------------- -----------------------
/var/dt/sdtlogin/$DISPLAY Contracted ASARC 1995/390
chkauthattr Stable PSARC 1997/332
X11 Standard PSARC 1998/299
XDMCP Standard X.org X Display Manager
Control Protocol
/usr/X11/bin/Xserver Standard PSARC 1998/299
/usr/lib/gnome-settings-daemon External LSARC 2001/352
/usr/bin/metacity External LSARC 2001/420
/usr/lib/at-spi-registryd Evolving LSARC 2001/650
/usr/bin/gok External LSARC 2002/292
/usr/bin/magnifier (GNOME-mag) External PSARC 2002/525
/usr/bin/zenity Volatile LSARC 2004/456
/var/svc/profile/upgrade Contracted PSARC 2002/547
Solaris Auditing Contracted PSARC 2003/397
/etc/logindevperm Contracted PSARC 2003/612
Tamarack (HAL) Volatile PSARC 2005/399
/usr/bin/orca Committed LSARC 2005/504
GNOME Base Libraries Committed LSARC 2006/202
D-Bus & dbus-glib Volatile LSARC 2006/368
Virtual Console Committed PSARC 2006/591
GNOME Power Manager Volatile LSARC 2007/702
libwrap Committed PSARC 2000/488,
PSARC 2008/164
GDM System user homedir Uncommitted PSARC 2008/662
ConsoleKit Volatile ????? ????/???
/usr/lib/ck-get-x11-display-device
Volatile ????? ????/???
See 4.1.13.
XDG_SESSION_COOKIE Volatile ????? ????/???
solaris.system.shutdown key ? ????? ????/???
User environment variables Standard e.g. HOME, SHELL, etc.
See 4.1.7.
/etc/default/login ? See 4.1.12
/etc/profile ? See 4.1.13.
/etc/xprofile ? See 4.1.13.
$HOME/.profile ? See 4.1.13.
4.3. Doc Impact:
Man pages are needed.
4.4. Packaging & Delivery:
SUNWgnome-display-mgr, SUNWgnome-display-mgr-root - packages for GDM
4.5. Dependencies:
PSARC 2006/591 Virtual Console
PSARC 2008/033 Removal of Xsun
PSARC 2008/662 GDM System user homedir
LSARC ????/??? ConsoleKit
Since VT support requires driver support, user switching features will
not work on systems where the graphics driver does not support VT.
4.6. L10N Impact:
The Desktop team and the G11N team are working together to evaluate and
provide I18N/L10N support.
4.7. Security Impact:
GDM makes use of PAM to ensure that username and password information
is handled in a secure manner.
GDM GUI programs are run as the "gdm" user to ensure that if they are
exploited in any way, the user does not gain privilege. The "gdm" user
is configured to have minimal privileges necessary for the login GUI
programs to run. The "gdm" user does have the authority to read Xauth
keys for all running Xservers, so if this user were exploited there
would be some risk since it would be possible to snoop or affect
programs running on any Xserver on the system.
Xserver Xauth keys are only accessible by the user who owns them, the
root user and the gdm user to ensure that they are kept as secure as
possible.
The /var/lib/gdm and /var/log/gdm directories are owned by root:gdm and
do not have world read/execute/write permissions so that normal users
cannot access or tamper with files in these directories.
GDM scripts and configuration files in the /etc and /usr/share
directories can only be modified by a user with root privilege.
GDM D-Bus IPC communication is only allowed by processes started by the
GDM daemon, so normal users can not interact with GDM via D-Bus.
GDM makes use of logindevperm to manage device permissions for users
logging into the console or via Virtual Terminals.
GDM sets default XDMCP configuration in a manner that helps to avoid
denial-of-service type attacks.
The security/DisallowTCP configuration is set to "false" by default in
the GDM configuration. The Xserver "options/tcp_listen" SMF property
controls whether "-nolisten tcp" is added to the command line or not.
When starting the Xserver, it uses the /var/dt/sdtlogin/$DISPLAY
interface to drop the Xserver to user permissions, so it is more
secure.
Refer to the following cases which relate to how Shutdown and Reboot
are managed in the desktop.
GDM makes use of RBAC so that the Shut Down and Reboot options are only
available if the "gdm" user has solaris.system.shutdown authority.
The following cases relate to how Shut Down and Reboot functions work
with the Desktop stack.
PSARC 2008/034 Defining Workstation Owner Infrastructure
LSARC 2007/702 GNOME Power Manager
PSARC 2008/021 HAL Power Management Support
LSARC 2008/262 GNOME shutdown dialog
5. Reference Documents:
[1] ./unsupported-defaults.conf
File showing configuration options no longer supported.
GDM Website:
http://projects.gnome.org/gdm/
Current GDM 2.27.4 Documentation:
http://library.gnome.org/admin/gdm/2.27/gdm.html
GDM Wiki:
http://live.gnome.org/GDM
GDM Redesign Information:
http://live.gnome.org/GDM/NewDesign
FreeDesktop Desktop Base Directory Specification:
http://www.freedesktop.org/wiki/Specifications/basedir-spec
FreeDesktop Desktop Entry Specification:
http://www.freedesktop.org/wiki/Specifications/desktop-entry-spec
FreeDesktop Startup Notification Specification:
http://www.freedesktop.org/wiki/Specifications/startup-notification-spec
FreeDesktop Autostart Specification:
http://www.freedesktop.org/wiki/Specifications/autostart-spec
6. Resources and Schedule
6.4. Steering Committee requested information
6.4.1. Consolidation C-team Name:
Desktop
6.5. ARC review type: OnePager
6.6. ARC Exposure: open
