path: root/config/gdm.conf.in

# GDM Configuration file.  You can use gdmsetup program to graphically
# edit this, or you can optionally just edit this file by hand.  Note that
# gdmsetup does not tweak every option here, just the ones most users
# would care about.  Rest is for special setups and distro specific
# tweaks.  If you edit this file, you should send the HUP or USR1 signal to
# the daemon so that it restarts: (Assuming you have not changed PidFile)
#   kill -USR1 `cat /var/run/gdm.pid`
# (HUP will make gdm restart immediately while USR1 will make gdm not kill
# existing sessions and will only restart gdm after all users log out)
#
# You can also use the gdm-restart and gdm-safe-restart scripts which just
# do the above for you.
#
# Have fun! - George

[daemon]
# Automatic login, if true the first local screen will automatically logged
# in as user as set with AutomaticLogin key.
AutomaticLoginEnable=false
AutomaticLogin=
# Timed login, useful for kiosks.  Log in a certain user after a certain
# amount of time
TimedLoginEnable=false
TimedLogin=
TimedLoginDelay=30
# A comma separated list of users that will be logged in without having
# to authenticate on local screens (not over xdmcp).  Note that 'root'
# is ignored and will always have to authenticate.
LocalNoPasswordUsers=
# If you are having trouble with using a single server for a long time and
# want gdm to kill/restart the server, turn this on
# Note: I've made this default to true now because there seem to be some
# issues ranging from some things not being reset in the X server to
# pam issues with the slave.  It is likely that this feature may be removed
# in the future and we're always going to do server restarts.
AlwaysRestartServer=true
# The gdm configuration program that is run from the login screen, you should
# probably leave this alone
Configurator=@EXPANDED_GDMCONFIGDIR@/gdmsetup --disable-sound --disable-crash-dialog
GnomeDefaultSession=@EXPANDED_DATADIR@/gnome/default.session
# The chooser program.  Must output the chosen host on stdout, probably you
# should leave this alone
Chooser=@EXPANDED_BINDIR@/gdmchooser
# Default path to set.  The profile scripts will likely override this
DefaultPath=/bin:/usr/bin:/usr/bin/X11:@X_SERVER_PATH@:/usr/local/bin:@EXPANDED_BINDIR@
# Default path for root.  The profile scripts will likely override this
RootPath=/sbin:/usr/sbin:/bin:/usr/bin:/usr/bin/X11:@X_SERVER_PATH@:/usr/local/bin:@EXPANDED_BINDIR@
DisplayInitDir=@EXPANDED_SYSCONFDIR@/gdm/Init
# Greeter for local (non-xdmcp) logins.  Change gdmlogin to gdmgreeter to
# get the new graphical greeter.
Greeter=@EXPANDED_BINDIR@/gdmlogin
# Greeter for xdmcp logins, usually you want a less graphically intensive
# greeter here so it's better to leave this with gdmlogin
RemoteGreeter=@EXPANDED_BINDIR@/gdmlogin
# Launch the greeter with an additional list of colon seperated gtk 
# modules. This is useful for enabling additional feature support 
# e.g. gnome accessibility framework. Only "trusted" modules should
# be allowed to minimise security holes
AddGtkModules=false
GtkModulesList=gail:atk-bridge:keymouselistener
# User and group that gdm should run as.  Probably should be gdm and gdm and
# you should create these user and group.  Anyone found running this as
# someone too privilaged will get a kick in the ass.  This should have
# access to only the gdm directories and files.
User=gdm
Group=gdm
# To try to kill all clients started at greeter time or in the Init script.
# doesn't always work, only if those clients have a window of their own
KillInitClients=true
LogDir=@EXPANDED_AUTHDIR@
# You should probably never change this value unless you have a weird setup
PidFile=/var/run/gdm.pid
# Note that a post login script is run before a PreSession script.
# It is run after the login is successful and before any setup is
# run on behalf of the user
PostLoginScriptDir=@EXPANDED_SYSCONFDIR@/gdm/PostLogin/
PreSessionScriptDir=@EXPANDED_SYSCONFDIR@/gdm/PreSession/
PostSessionScriptDir=@EXPANDED_SYSCONFDIR@/gdm/PostSession/
# Distributions:  If you have some script that runs an X server in say
# VGA mode, allowing a login, could you please send it to me?
FailsafeXServer=
# if X keeps crashing on us we run this script.  The default one does a bunch
# of cool stuff to figure out what to tell the user and such and can
# run an X configuration program.
XKeepsCrashing=@EXPANDED_SYSCONFDIR@/gdm/XKeepsCrashing
# Reboot, Halt and suspend commands, you can add different commands
# separated by a semicolon and gdm will use the first one it can find
RebootCommand=/sbin/shutdown -r now;/usr/sbin/shutdown -r now
HaltCommand=/usr/bin/poweroff;/sbin/poweroff;/sbin/shutdown -h now;/usr/sbin/shutdown -h now
SuspendCommand=
# Probably should not touch the below this is the standard setup
ServAuthDir=@EXPANDED_AUTHDIR@
SessionDir=@EXPANDED_SYSCONFDIR@/gdm/Sessions/
# Better leave this blank and HOME will be used.  You can use syntax ~/ below
# to indicate home directory of the user
UserAuthDir=
# Fallback if home directory not writable
UserAuthFBDir=/tmp
UserAuthFile=.Xauthority
# The X server to use if we can't figure out what else to run.
StandardXServer=@X_SERVER@
# The maximum number of flexible X servers to run.
FlexibleXServers=5
# the X nest command
Xnest=@X_SERVER_PATH@/Xnest -name Xnest
# Automatic VT allocation.  Right now only works on Linux.  This way
# we force X to use specific vts.  turn VTAllocation to false if this
# is causing problems.
FirstVT=7
VTAllocation=true

[security]
# If any distributions ship with this one off, they should be shot
# this is only local, so it's only for say kiosk use, when you
# want to minimize possibility of breakin
AllowRoot=true
# If you want to be paranoid, turn this one off
AllowRemoteRoot=true
# This will allow remote timed login
AllowRemoteAutoLogin=false
# 0 is the most anal, 1 allows group write permissions, 2 allows all write
# permissions
RelaxPermissions=0
RetryDelay=3
# Maximum size of a file we wish to read.  This makes it hard for a user to DoS
# us by using a large file.
UserMaxFile=65536
# Maximum size of the session file.  This is larger because it matters less as
# we never keep it all in memory.  Just has an upper limit so that we don't go
# into too long of a loop
SessionMaxFile=524388
# If true this will basically append -nolisten tcp to every X command line,
# a good default to have (why is this a "negative" setting? because if
# it is false, you could still not allow it by setting command line of
# any particular server).  It's probably better to ship with this on
# since most users will not need this and it's more of a security risk
# then anything else.
# Note: Anytime we find a -query or -indirect on the command line we do
# not add a "-nolisten tcp", as then the query just wouldn't work, so
# this setting only affects truly local sessions.
DisallowTCP=true

# XDMCP is the protocol that allows remote login.  If you want to log into
# gdm remotely (I'd never turn this on on open network, use ssh for such
# remote usage that).  You can then run X with -query <thishost> to log in,
# or -indirect <thishost> to run a chooser.  Look for the 'Terminal' server
# type at the bottom of this config file.
[xdmcp]
# Distributions: Ship with this off.  It is never a safe thing to leave
# out on the net.  Alternatively you can set up /etc/hosts.allow and
# /etc/hosts.deny to only allow say local access.
Enable=false
# Honour indirect queries, we run a chooser for these, and then redirect
# the user to the chosen host.  Otherwise we just log the user in locally.
HonorIndirect=true
# Maximum pending requests
MaxPending=4
MaxPendingIndirect=4
# Maximum open XDMCP sessions at any point in time
MaxSessions=16
# Maximum wait times
MaxWait=15
MaxWaitIndirect=15
# How many times can a person log in from a single host.  Usually better to
# keep low to fend off DoS attacks by running many logins from a single
# host.  This is now set at 2 since if the server crashes then gdm doesn't
# know for some time and wouldn't allow another session.
DisplaysPerHost=2
# The number of seconds after which a non-responsive session is logged off.
# Better keep this low.
PingIntervalSeconds=15
# The port.  177 is the standard port so better keep it that way
Port=177
# Willing script, none is shipped and by default we'll send
# hostname system id.  But if you supply something here, the
# output of this script will be sent as status of this host so that
# the chooser can display it.  You could for example send load,
# or mail details for some user, or some such.
Willing=@EXPANDED_SYSCONFDIR@/gdm/Xwilling

[gui]
# The 'theme'.  By default we're using the default gtk theme
# Of course assuming that gtk got installed in the same prefix,
# if not change this.
GtkRC=@EXPANDED_DATADIR@/themes/Default/gtk/gtkrc
# Maximum size of an icon, larger icons are scaled down
MaxIconWidth=128
MaxIconHeight=128

[greeter]
# Greeter has a nice title bar that the user can move
TitleBar=true
# Configuration is available from the system menu of the greeter
ConfigAvailable=true
# Face browser is enabled.  This only works currently for the
# standard greeter as it is not yet enabled in the graphical greeter.
Browser=false
# The default picture in the browser
DefaultFace=@EXPANDED_PIXMAPDIR@/nobody.png
# These are things excluded from the face browser, not from logging in
Exclude=bin,daemon,adm,lp,sync,shutdown,halt,mail,news,uucp,operator,nobody,gdm,postgres,pvm,rpm,nfsnobody
# As an alternative to the above this is the minimum uid to show
MinimalUID=100
# If user or user.png exists in this dir it will be used as his picture
GlobalFaceDir=@EXPANDED_DATADIR@/faces/
# Icon we use
Icon=@EXPANDED_PIXMAPDIR@/gdm.png
# File which contains the locale we show to the user.  Likely you want to use
# the one shipped with gdm and edit it.  It is not a standard locale.alias file,
# although gdm will be able to read a standard locale.alias file as well.
LocaleFile=@EXPANDED_LOCALEDIR@/locale.alias
# Logo shown in the standard greeter
Logo=@EXPANDED_PIXMAPDIR@/gdm-foot-logo.png
# The standard greeter should shake if a user entered the wrong username or
# password.  Kind of cool looking
Quiver=true
# The system menu is shown in the greeter, this is the menu that contains
# reboot, shutdown, suspend, config and chooser.  None of these is available
# if this is off.  They can be turned off individually however
SystemMenu=true
# Should the chooser button be shown.  If this is shown, GDM can drop into
# chooser mode which will run the xdmcp chooser locally and allow the user
# to connect to some remote host.  Local XDMCP does not need to be enabled
# however
ChooserButton=true
# Note to distributors, if you wish to have a different Welcome string
# and wish to have this translated you can have entries such as
# Welcome[cs]=Vitejte na %n
# Just make sure the string is in utf-8
Welcome=Welcome to %n
# Don't allow user to move the standard greeter window.  Only makes sense
# if TitleBar is on
LockPosition=false
# Set a position rather then just centering the window.  If you enter
# negative values for the position it is taken as an offset from the
# right or bottom edge.
SetPosition=false
PositionX=0
PositionY=0
# Xinerama screen we use to display the greeter on.  Not for true
# multihead, currently only works for Xinerama.
XineramaScreen=0
# Background settings for the standard greeter:
# Type can be 0=None, 1=Image, 2=Color
BackgroundType=2
BackgroundImage=
BackgroundScaleToFit=true
BackgroundColor=#363047
# XDMCP session should only get a color, this is the sanest setting since
# you don't want to take up too much bandwidth
BackgroundRemoteOnlyColor=true
# Program to run to draw the background in the standard greeter.  Perhaps
# something like an xscreensaver hack or some such.
BackgroundProgram=
# if this is true then the background program is run always, otherwise
# it is only run when the BackgroundType is 0 (None)
RunBackgroundProgramAlways=false
# Show the chooser (you can choose a specific saved gnome session) session
ShowGnomeChooserSession=true
# Show the Failsafe sessions.  These are much MUCH nicer (focus for xterm for
# example) and more failsafe then those supplied by scripts so distros should
# use this rather then just running an xterm from a script.
ShowGnomeFailsafeSession=true
ShowXtermFailsafeSession=true
# Always use 24 hour clock no matter what the locale.
Use24Clock=false
# Use circles in the password field.  Looks kind of cool actually
UseCirclesInEntry=false
# These two keys are for the new greeter.  Circles is the standard
# shipped theme
GraphicalTheme=circles
GraphicalThemeDir=@EXPANDED_DATADIR@/gdm/themes/

# The chooser is what's displayed when a user wants an indirect XDMCP
# session
[chooser]
# Default image for hosts
DefaultHostImg=@EXPANDED_PIXMAPDIR@/nohost.png
# Directory with host images, they are named by the hosts: host or host.png
HostImageDir=@EXPANDED_DATADIR@/hosts/
# Time we scan for hosts (well only the time we tell the user we are
# scanning actually)
ScanTime=3
# A comma separated lists of hosts to automatically add (if they answer to
# a query of course).  You can use this to reach hosts that broadcast cannot
# reach.
Hosts=
# Broadcast a query to get all hosts on the current network that answer
Broadcast=true

[debug]
# This will enable debugging into the syslog, usually not neccessary
# and it creates a LOT of spew of random stuff to the syslog.  However it
# can be useful in determining when something is going very wrong.
Enable=false

[servers]
# These are the standard servers.  You can add as many you want here
# and they will always be started.  Each line must start with a unique
# number and that will be the display number of that server.  Usually just
# the 0 server is used.
0=Standard
#1=Standard
# Note the VTAllocation and FirstVT keys on linux.  Don't add any vt<number>
# arguments if VTAllocation is on, and set FirstVT to be the first vt
# available that your gettys don't grab (gettys are usually dumb and grab
# even a vt that has already been taken).  Using 7 will work pretty much for
# all linux distributions.  VTAllocation is not currently implemented on
# anything but linux since I don't own any non-linux systems.  Feel free to
# send patches.  X servers will just not get any extra arguments then.
#
# If you want to run an X terminal you could add an X server such as this
#0=Terminal -query serverhostname
# or for a chooser (optionally serverhostname could be localhost)
#0=Terminal -indirect serverhostname
#
# If you wish to run the XDMCP chooser on the local display use the following
# line
#0=Chooser

## Note:
# is your X server not listening to TCP requests?  Perhaps you should look
# at the security/DisallowTCP setting!

# Definition of the standard X server.
[server-Standard]
name=Standard server
command=@X_SERVER@
flexible=true

# To use this server type you should add -query host or -indirect host
# to the command line
[server-Terminal]
name=Terminal server
# Add -terminate to make things behave more nicely
command=@X_SERVER@ -terminate
# Make this not appear in the flexible servers (we need extra params
# anyway, and terminate would be bad for xdmcp choosing).  You can
# make a terminal server flexible, but not with an indirect query.
# If you need flexible indirect query server, then you must get rid
# of the -terminate and the only way to kill the flexible server will
# then be by Ctrl-Alt-Backspace
flexible=false
# Not local, we do not handle the logins for this X server
handled=false

# To use this server type you should add -query host or -indirect host
# to the command line
[server-Chooser]
name=Chooser server
command=@X_SERVER@
# Make this not appear in the flexible servers for now, but if you
# wish to allow a chooser server then make this true.  This is the
# only way to make a flexible chooser server that behaves nicely.
flexible=false
# Run the chooser instead of the greeter.  When the user chooses a
# machine they will get this same server but run with
# "-terminate -query hostname"
chooser=true