Le mercredi 09 juin 2010 à 14:10 +0200, Christoph Anton Mitterer a écrit : > On Wed, 2010-06-09 at 09:09 +0200, Josselin Mouette wrote: > > The GDM daemon itself runs as root of course, but everything that is > > unsafe (especially the graphical stuff) is run under user Debian-gdm. > > All the information is communicated between the daemon and the slave > > session through D-Bus. > Ah I see.... so is this hardcoded? There are no settings for User= and > Group= in gdm's config file.
The defaults are in /usr/share/gdm/gdm.schemas and can be overriden. I have no idea what result changing it can give, though. > 1) When purging gdm and installing gdm3: > dpkg: warning: while removing gdm, directory > '/usr/share/gdm/applications' not empty so not removed. > dpkg: warning: while removing gdm, directory '/usr/share/gdm' not empty > so not removed. > > => guess this is intentionally as you put the gdm3 files also > in /u/s/gdm? Yes. > Adding group `Debian-gdm' (GID 116) ... > Done. > Warning: The home dir /var/lib/gdm3 you specified already exists. > Allowing use of questionable username. > Adding system user `Debian-gdm' (UID 108) ... > Adding new user `Debian-gdm' (UID 108) with group `Debian-gdm' ... > The home directory `/var/lib/gdm3' already exists. Not copying from > `/etc/skel'. > adduser: Warning: The home directory `/var/lib/gdm3' does not belong to > the user you are currently creating. > > => not sure why these warnings occur,... the one that the dir already > exists is just a cosmetic issue,... and for the last one, the dir does > belong to Debian-gdm3 (at least on my system). Not sure. This probably happens before chown is run. > 2) Is there any reason why the config file is named daemon.conf? > Upstream seems to use custom.conf IIRC this is because upstream ships two configuration files, while we put the defaults in /usr/share. > 3) I was looking through > http://library.gnome.org/admin/gdm/2.30/gdm.html#configuration > I guess the default values are the ones in frames, right? > Then > DisallowTCP=true > Multicast=false TimedLoginEnable=false > AutomaticLoginEnable=false > [xdmcp] > Enable=false > Would be the default, right? Which means that XDMCP, multicast and TCP > connections to the X server are disabled. > > Therefore it should be ok for end-users to skip the steps described in > the gdm manual for securing (blocking XDMCP firewall ports, and blocking > gdm in /etc/hosts.deny) Yes, of course the configuration is secure by default. > IMHO that's of course good, but will you keep this as the defaults? I > want to secure that this is kept for my systems and if you plan to > change it, I better set them manually > > btw: per default User=gdm and Group=gdm (see above) It was not possible to keep the same user/group name, because the two versions of gdm are at the same time in the archive. > 4) Last but not least,... gdm3 seems to be far less configurable than > the <= 2.20 versions. Indeed. > I especially miss that one can disable the password prompt > characters.... is there a way to hide them completely? Not currently. A patch would be considered, but frankly I consider it a minor matter. Cheers, -- .''`. Josselin Mouette : :' : `. `' “If you eat pasta without sauce, it is nothing `- short of communism.” -- Marie -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
