Brian, The list seems overly static. Why not have a configuration file for GDM that has an allow/deny type of syntax?
Thanks, John Brian Cameron wrote: > > Casper: > >>>> nobody:x:60001:60001:NFS Anonymous Access User:/: >>>> noaccess:x:60002:60002:No Access User:/: >>>> nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: >>> >>> Since these users do not have valid shells specified, these would not >>> be shown. >> >> These actually have a valid shell (the default shell, /bin/sh, is used >> when >> the password shell lists the empty string for the shell). > > Looking more closely at the GDM code, I see that it has a hardcoded list > of users to not show in the face browser. These include: > > "bin" > "root" > "daemon" > "adm" > "lp" > "sync" > "shutdown" > "halt" > "mail" > "news" > "uucp" > "operator" > "nobody" > GDM_USERNAME (normally the "gdm" user) > "postgres" > "pvm" > "rpm" > "nfsnobody" > "pcap" > >> Can gdm determine which users are locked? > > No. GDM currently excluses users under MinimalUID (100), users without > valid shells, and users in the above list. > > It should not be hard to add extra logic to avoid adding other users > if appropriate. For example, is there a way to check which users are > locked? I am sure code could be added to exclude other types of > appropriate users. > >> Does gdm read /etc/passwd directly (to find out the "local" accounts?) >> >> Or does gdm use getent()? (This lists all users in files, nis, nis+ and >> possibly LDAP) > > It uses fgetpwent(), so it does not use nsswitch.conf. > >>>> What about when NIS or LDAP is in use ? Do we really want GDM >>>> attempting >>>> to display 38,000+ accounts ? >>> >>> As I explain above, this should not be an issue. >> >> So no getent? >> >> How does gdm detect which users logged in before? > > ConsoleKit (LSARC 2009/432) keeps track of users that are logged in > in the /var/log/ConsoleKit/history file which is owned by (root:root) > and has 644 permissions. The ck-history program is used by GDM to > figure out which users to display. > > Brian >
