O'Reilly logo

Linux Annoyances for Geeks by Michael Jang

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

I Need a Custom Login Menu

One thing many managers like is consistency. In many organizations, that starts with what everyone sees at the beginning of the day, the login menu. In this annoyance, I'll show you how you can customize and standardize the GNOME and KDE login menus. But first, you need to select a standard login manager for your workstations.

Configuring the Preferred Login Menu

Whether you want to use GNOME, KDE, or another GUI desktop, you need to select your preferred login manager. Even if you're running GNOME desktops, you can still use the KDE login manager, and visa versa. Each of the book's preferred distributions allows you to select the preferred login manager in a configuration file specific to that distribution, as described in Table 1-1.

Table 1-1. General tab of the GDM Login Screen

Distribution

File

Description

Debian

/etc/X11/default-display-manager

Use the full path to the login manager of your choice, such as /usr/bin/kdm or /usr/bin/gdm.

Red Hat/Fedora

/etc/X11/prefdm

Set the preferred variable to the display manager of your choice, such as gdm or kdm. (While you could use /etc/sysconfig/desktop, that also sets the default desktop environment.)

SUSE

/etc/sysconfig/displaymanager

Set the DISPLAYMANAGER variable to the display manager of your choice in quotes, such as "gdm" or "kdm".

Tip

There are other login managers available. Some people prefer the X Login Manager, also known as xdm. Its simple interface does not include menu options for other desktops, languages, or shutdown/reboot commands. If you've installed the X Login Manager, you can substitute xdm for gdm or kdm in Table 1-1.

As you review what each login manager can do in this annoyance, you may change your mind on what's best. You can always return to this section and configure a different preferred login manager for your systems. If you're configuring a standard across many users' computers, you'll have to copy the appropriate file to the other systems that you administer.

Customizing the GNOME Login Menu

Before you start editing the GNOME Login Menu, back up the defaults in the GNOME configuration directory. The location of this directory varies by distribution. As of this writing, it is:

  • /etc/X11/gdm on Red Hat/Fedora

  • /etc/opt/gnome/gdm on SUSE

  • /etc/gdm on Debian

As distributions evolve, these directories may change. To find the directory on your distribution, run one of the following commands:

rpm -ql gdm | grep gdm.conf
dpkg -L gdm | grep gdm.conf

If you get no output, either you haven't installed the GNOME Login Menu package or the name of the directory has changed.

The standard tool to edit the GNOME Login Menu is the Login Screen Setup tool, which you can start with the gdmsetup command. This opens the Login Screen Setup window shown in Figure 1-5. I'll examine each of the tabs in turn.

The GNOME Login Screen Setup window

Figure 1-5. The GNOME Login Screen Setup window

Tip

If you want to do some arcane customization that you can't find in the Login Screen Setup window on the GNOME display manager, you can try directly editing the associated gdm.conf configuration file. It includes a wide variety of options that go beyond the scope of what I can cover in this annoyance. For more information, run the yelp command to open the GNOME help documentation and navigate to Desktop → GNOME Display Manager Reference Manual. The version associated with Fedora Core 5 includes two additional tabs: "XServer settings for remote servers" and Users, where you can specify the visible users in the GDM login screen.

General

The General tab defines the basic settings associated with the GNOME Display Manager login screen and allows you to configure several options, which are described in Table 1-2. Be aware that SUSE Linux Professional enables automatic logins by default. This is all right for a system dedicated to a single user in an environment, such as laptop or home office, where intruders are not expected to meddle with it. It also is a good choice for a locked-down public terminal offering a guest account. It should be disabled otherwise.

Table 1-2. GDM Login Screen General tab

Setting

Description

Local Greeter

Standard or Graphical greeter for local logins (the Standard greeter provides a default login screen; the Graphical greeter is more customizable with pictures or other graphics; for details, see the following subsections).

Remote Greeter

Standard or Graphical greeter for remote logins.

Always use 24 hour clock format

If checked, time is shown in a 24-hour instead of a standard U.S. A.M./P.M. format.

Welcome string

Greeting for a successful login.

Remote welcome string

Greeting for a successful remote login.

Login a user automatically

Supports automatic logins to a standard account; a reasonable option for public terminals or some single-user systems.

Automatic login username

Default login account.

Login a user automatically after a specified time

Suitable for a guest account.

Timed login username

Default account if there is no login; suitable for a guest account.

Seconds before login

Wait time before login to a timed login account.

Standard greeter

Under the "Standard greeter" tab, you can configure the look and feel of the Standard Greeter for local and remote users. You can configure a logo and an image (or enable "choosable" images so each user can configure her image to her taste), as well as a background image and color. The Standard Greeter is known as the GTK+ Greeter in Fedora Core.

Graphical greeter

Under the "Graphical greeter" tab, you can configure the look and feel of the Graphical Greeter for local and remote users. Linux distributions include several optional themes, and you can configure your own. In fact, this is one way to create a customized look and feel for your organization. The Graphical Greeter is known as the Themed Greeter in Fedora Core.

You can use the current themes as a model for your own. With a little trial and error, you can replace the .png files in the appropriate themes/ subdirectory with the images of your choice.

The location of the themes/ subdirectory varies. While the default is /usr/share/gdm/themes, SUSE stores Graphical Greeter themes in /opt/gnome/share/gdm/themes. Alternatively, you can download your own themes; one source is http://themes.freshmeat.net/browse/991/, where most of the themes are available under the GNU General Public License (GPL).

If I had to create a custom theme for my organization, I'd use one of the themes available as a template and substitute the appropriate image files. Of course, you can create your own, using one of the many models available.

Security

The Security tab includes several options, described in Table 1-3.

Table 1-3. GDM Login Screen Security tab

Setting

Description / recommendation

Allow root to log in with GDM

I recommend you disable this setting to discourage administrators from logging in with the root account.

Allow root to log in remotely with GDM

I strongly recommend disabling this setting, as it would transmit the root password over the network, without encryption.

Allow remote timed logins

Associated with the timed login setting under the General tab.

Show actions menu

Displays the Actions menu in the login screen.

Secure actions menu

Supports options that require the root password, such as reboot and shutdown.

Allow configuration from the login screen

Supports access to the GDM Login Screen Setup Tool from the login screen; disable unless you're experimenting with the login screen.

Allow running XDMCP chooser from the login screen

Enables logins to remote GUI systems.

Always disallow TCP connections to X server

Disables GUI logins from remote systems.

Retry delay (seconds)

Specifies the delay after a failed login attempt.

Accessibility

Accessibility modules support users who need assistive technologies, particularly those who are unable to use keyboards or pointing devices in a "standard" fashion. For more information, see Appendix A of the GNOME Desktop Accessibility Guide; a version for GNOME 2.10 is available from http://www.gnome.org/learn/access-guide/2.10/. (The GNOME 2.12 Desktop Accessibility Guide was not available as of this writing.)

XDMCP

The X Display Manager Control Protocol (XDMCP) supports logins to remote GUI systems. As you can see from the XDMCP tab, there are several ways you can configure this protocol if you want to allow remote users to log in to your system using the GNOME Display Manager, as described in Table 1-4.

Warning

XDMCP is inherently insecure. A potentially more secure option for remote access to your GUI applications is the Secure Shell protocol. I describe its use for GUI applications in Chapter 11.

Table 1-4. XDMCP Configuration options

Option

Description

Enable XDMCP

Enable if you want to allow remote GUI access.

Honour Indirect Requests

Supports access even if GDM is not available on the remote system (note the British spelling of "Honour").

Listen on UDP port

Specifies the TCP/IP port for XDMCP communication; the default is 177.

Maximum pending requests

Sets the maximum number of requests from remote displays; can vary from maximum remote sessions.

Max pending indirect requests

Sets the maximum number of requests from remote displays that do not have a display manager.

Maximum remote sessions

Limits the number of actual (not pending) remote sessions.

Maximum wait time

Limits the time a request can wait; may help if the network is slow.

Maximum indirect wait time

Limits the time a request from a system without a display manager can wait; may help if the network is slow.

Displays per host

Limits the number of displays allowed to a particular remote system.

Ping interval (seconds)

Checks connections with remote systems periodically, as defined here.

Replicating login configuration to multiple systems

Once you're satisfied with the changes on one system, you'll want to transmit those changes to other systems on your network. As the GNOME Login Manager is system-wide instead of specific to each user, associated settings depend on standard configuration files in the distribution-dependent directories defined earlier. Just copy the files in the noted directories from system to system to implement the changes on the desired computers.

Customizing the KDE Login Manager

Before you start editing the KDE Login Manager, back up the defaults in the KDE configuration directory. The location of this directory varies by distribution. As of this writing, it is:

  • /etc/kde/kdm on Red Hat/Fedora and Debian (Red Hat links to a number of files in the /etc/X11/xdm directory)

  • /opt/kde3/share/config/kdm on SUSE

In any case, the key file is kdmrc , which you can edit directly.

Alternatively, you can start the KDE Login Manager editing tool from the KDE Control Center. Navigate to System Administration → Login Manager. You can also run the kcmshell kdm command. Either action opens the Login Screen Setup window shown in Figure 1-6. I'll examine each of the tabs in turn.

The KDM Login Manager configuration tool

Figure 1-6. The KDM Login Manager configuration tool

Tip

As with the GNOME display manager, you can edit the associated kdmrc configuration file directly to change KDE. It includes a wide variety of options that go beyond the scope of what I can cover in this annoyance. For more information, run the khelpcenter command to open the KDE help documentation and navigate to Control Center Modules → Login Manager.

Appearance

The options under the Appearance tab allow you to customize the overall look and feel of the KDE Login Manager, as described in Table 1-5.

Table 1-5. KDM Appearance tab

Setting

Description /recommendation

Greeting

Provides a standard greeting; the default is Welcome to %s at %n, where %s is the operating system (Linux) and %n is the hostname; for more options, see the GreetString directive in the KDE Login Manager help documentation.

Logo area

Determines what is displayed in the lefthand part of the main screen; if you select "Show logo," you can use the logo of your choice (such as your corporate image).

Position

Defines the location of the upper-left corner of the main screen, relative to the upper-left corner of the display.

GUI style

Allows you to select from available themes, in /usr/share/apps/kstyle/themes or /opt/kde3/share/apps/kstyle/themes; if you create your own, add them to the themes/ subdirectory appropriate to your distribution.

Color scheme

Allows you to select from available color schemes, available in /usr/share/apps/kdisplay/color-schemes or /opt/kde3/share/apps/kdisplay/color-schemes; if you create your own, add them to the color-schemes/ subdirectory appropriate to your distribution.

Echo mode

Defines the number of asterisks displayed for each keystroke when typing in your password.

Locale

Selects from available languages.

Font

The options under the Font tab allow you to customize the fonts you see in the KDE Login Manager. There are three categories and one other option, as described in Table 1-6.

Table 1-6. KDM Fonts tab

Setting

Description

General

Default font for most of the KDE Login Manager

Failures

Font for error messages and failed login attempts

Greeting

Font for the Greeting, as defined in Table 1-5

Use anti-aliasing for fonts

Supports the use of smoothing for fonts; don't use unless necessary, as this may slow your system

Background

The options under the Background tab allow you to customize the display behind the main part of the KDE Login Manager. While details go beyond the level of annoyances, the impact is that you can add the picture or slideshow of your choice. You may use this tab to customize the login screen with a corporate or organizational seal.

Shutdown

The Shutdown tab defines who can shut down or reboot a computer from the KDE Login Manager window. By default, all users are allowed to shut down or reboot the local computer using the KDE Login Manager. I recommend that you disable this option for most systems (with the possible exception of single-user workstations) because no password is required.

Users

The Users tab defines the users listed in the KDE Login Manager. By default, all regular and nonstandard users as defined in /etc/passwd within a certain UID range are listed. I believe this is a bad default. Even if you've disabled users such as ftp with a home directory such as /sbin/nologin, this is a clue that a cracker might be able to use to break into your system.

I recommend that you disable this setting by deselecting the Show List option. If you're focused on user convenience, see the next tab.

Convenience

Sometimes it's OK to configure a workstation with an automatic login. In fact, it's the default for SUSE Linux Professional Workstation. If you need to choose "Enable auto-login," I recommend that you do so for a specific user, selected under the Preselect User area, with relatively minimal permissions. If you're comfortable with the relative security of that account, you may also want to choose "Enable password-less logins."

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required