On Sunday 07 April 2002 09:49 am, Ric Tibbetts wrote:
> On Sat, 2002-04-06 at 06:47, Thomas Gamble wrote:
> > On Friday 05 April 2002 11:28 pm, Damian wrote:
> > > El vie, 05-04-2002 a las 02:51, Ric Tibbetts escribió:
> > > > On Thu, 2002-04-04 at 16:07, Thomas Gamble wrote:
> > > > > Since upgrading to 8.2 I have noticed that changes to the login
> > > > > manager don't stick.  In particular, changing 'Show Users' to
> > > > > 'None'.  After a couple of login cycles this reverts back to 'All
> > > > > but no show'.  I've seen this same bahavior on three separate
> > > > > installations of MDK8.2 all clean installs. It seems as though a
> > > > > script is running somewhere that regenerates the
> > > > > /usr/share/config/kdm/kdmrc file, but I've been unsuccessful in
> > > > > finding anything. Editing this file directly has the same result.
> > > > > Has anyone else had this problem, and have you found a solution?
> > > >
> > > > It's not just kdm. I'm having exactly the same problem with gdm. I
> > > > thought it was just me.
> > > >
> > > > Anyone have a fix yet? Or at least a cause?
> > > >
> > > > Thanks!
> > > >
> > > > Ric
> > >
> > > possible cause: security level? just wondering...
> >
> > It turns out this is exactly the cause.
> >
> > In particular, it is related to the msec script that gets run from both
> > /etc/cron.daily and /etc/cron.hourly. This script is a link to
> > /usr/share/msec/security.sh which calls /usr/share/msec/msec.py.  msec.py
> > tests for security levels and makes corrections to certain system setting
> > based on the current level setting.
> >
> > The following code snippet from /usr/share/msec/msec.py appears to be the
> > offender:
> >
> > if level >= 4:
> >     set_user_umask('077')
> >     set_shell_history_size(10)
> >     allow_root_login(0)
> >     enable_sulogin(1)
> >     allow_user_list(0)
> >     enable_promisc_check(1)
> >     accept_icmp_echo(0)
> >     accept_bogus_error_responses(0)
> >     allow_reboot(0)
> >     enable_at_crontab(0)
> >     if level == 4:
> >         password_aging(60, 30)
> >     else:
> >         password_aging(30, 15)
> > else:
> >     set_user_umask('022')
> >     set_shell_history_size(-1)
> >     allow_root_login(1)
> >     enable_sulogin(0)
> >     allow_user_list(1)
> >     enable_promisc_check(0)
> >     accept_icmp_echo(1)
> >     accept_bogus_error_responses(1)
> >     allow_reboot(1)
> >     enable_at_crontab(1)
> >     password_aging(99999)
> >
> > The call to 'allow_user_lists(1)' in the 'else' portion is the problem. 
> > This has the result of forcing the 'ShowUsers' setting in kdmrc to 'All'.
> > Commenting this line out fixes the problem and still allows higher
> > security level settings to force 'ShowUsers' to 'None'.  This script also
> > affects similar settings in gdm (I believe it's the 'Browser' setting)and
> > this change should fix that as well.
>
> Worked like a charm. Thanks!
>
> I found that alternate to commenting out the "allow_user_list(1)" entry,
> simply changing the value to (0) worked as well.
>
> Thanks again, for solving an annoying problem!
>
> Ric

No worries.  Commenting the line out restores control to the KDM and GDM 
configuration dialogs for the lower security levels, while changing the value 
from 1 to 0 forces that setting regarless of what you do in the configuration 
dialogs.  But, the end result is the important part as long as you know where 
the changes are being made.

Cheers

-- 
Thomas K. Gamble
[EMAIL PROTECTED]

Whoso loveth instruction loveth knowledge,
but he that hateth reproof is brutish.
(Proverbs 12:1)

Current Linux kernel 2.4.18-6mdksmp, Uptime: minutes.

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Reply via email to