Comprehensive Guide to Customising
GDM and XSplash
This guide is my statement to those people who think that the new GDM login screen is un-customisable.
At the beginning of this month, I started playing around with a Netbook I bought back in August. Installed Karmic UNR, and started playing about with it.
One thing I was looking for in the first place was a consistency across the UI. From Splash Screen, to Login Screen, to Desktop.
Once that was sorted, and I picked up a thing or two about how GDM actually functions now, I then had the mad idea of turning GDM into a minimal desktop for the most basic functions I use everyday - XChat, Empathy and Browsing - and if I need to get to anything else - just login and I have the usual full control to the system and applications again.
Before you run anything. I regard all material in this guide to be reasonably safe in terms of security. If you do find a hole or flaw, please contact me with an appropriate fix, if possible.
Changing XSplash Background
Unfortunately, xsplash has the location of where the background it uses hard coded into the application. So you cannot alter this via changing a setting in a config file.
Fortunately for us though, we use a Debian system, and such systems are capable of a certain administrative feature called "diverting".
This renames the file 'bg_2560x1600.jpg' to 'bg_2560x1600.jpg.distrib', and sets the package manager config in such a way that if an update of xsplash were to come through, it will save the file as the diverted name (so the locally created file will not be overwritten).
sudo dpkg-divert --local --rename --add /usr/share/images/xsplash/bg_2560x1600.jpg
So that sorted out, just copy the image you want to that location:
And logout/login to see your new xsplash.
sudo cp /usr/share/backgrounds/TheRainbowisDead.jpg /usr/share/images/xsplash/bg_2560x1600.jpg
To restore this setting.
sudo unlink /usr/share/images/xsplash/bg_2560x1600.jpg
sudo dpkg-divert --rename --remove /usr/share/images/xsplash/bg_2560x1600.jpg
Backup GDM Default settings
Before making any changes, first we need to divert and backup the gconf settings file
If at all you need to reset these changes back to the Ubuntu defaults
sudo dpkg-divert --local --add /var/lib/gdm/.gconf.defaults/%gconf-tree.xml
sudo cp /var/lib/gdm/.gconf.defaults/%gconf-tree.xml /var/lib/gdm/.gconf.defaults/%gconf-tree.xml.distrib
sudo cp /var/lib/gdm/.gconf.defaults/%gconf-tree.xml.distrib /var/lib/gdm/.gconf.defaults/%gconf-tree.xml
Changing GDM Background and Theme
Now this could probably be done in a gconftool-2 command, but I prefer this method:
Then logout, and you'll see an appearance window pop up.
sudo cp /usr/share/applications/gnome-appearance-properties.desktop /usr/share/gdm/autostart/LoginWindow
Change it to how you prefer it, then close and login as usual.
When you have logged in after finishing the customising. Just remove the file to prevent it starting up every time.
sudo unlink /usr/share/gdm/autostart/LoginWindow/gnome-appearance-properties.desktop
GDM still has configuration options that you can edit in gconf. You can get the list here.
To run through what I consider to be the "interesting" ones in brief:
Disable User List
Disables the name list in the login screen.
sudo -u gdm gconftool-2 --set /apps/gdm/simple-greeter/disable_user_list --type bool true
Valid Values: true - false
Changes the logo on the Login Window
sudo -u gdm gconftool-2 --set /apps/gdm/simple-greeter/logo_icon_name --type string "distributor-logo"
Default Value: "computer"
Change default window manager from Metacity to Compiz. Probably just me, but that doesn't seem to take effect?
sudo -u gdm gconftool-2 --set /apps/gdm/simple-greeter/wm_use_compiz --type bool true
Valid Values: true - false
If your system's graphics card doesn't support 3D Acceleration (Older than 5 years?) then you can always enable simple compositing in Metacity.
Valid Values: true - false
sudo -u gdm gconftool-2 --set /apps/metacity/general/compositing_manager --type bool true
GDM and Compiz
If the above key change didn't make any difference to you (didn't to me). Don't worry, there is another way!
Now, to give a brief background, when gdm loads, it opens up all desktop applications inside the directory:
So any .desktop file kept in that directory will run whenever gdm loads.
So! Using the same divert trick as earlier, divert the metacity.desktop file.
Then copy over the compiz.desktop file.
sudo dpkg-divert --local --rename --add /usr/share/gdm/autostart/LoginWindow/metacity.desktop
This should be doable with any window manager within reason. (ie: mutter). Although feel free to see if any other will work too.
sudo cp /usr/share/app-install/desktop/compiz.desktop /usr/share/gdm/autostart/LoginWindow
GDM and Network Connectivity
Before we can connect to the Net, we need the Network Manager applet.
Simple to install:
Then to set it up, logout and enter in the passphrase/key for your network (presuming you are wireless). Then when asked for a password for a default keyring, leave it blank and just press 'Create'.
sudo cp /usr/share/app-install/desktop/nm-applet.desktop /usr/share/gdm/autostart/LoginWindow
You will be prompted with the message: "Store passwords unencrypted?", just select "Use Unsafe Storage" and the password will be kept in clear text.
This is essential if you don't want to be bugged by entering in a keyring password every time - and it isn't quite as insecure as it seems. Although the password will be in clear text, permissions deny any user except 'root' and 'gdm' from reading the file.
GDM and Firefox, XChat, Empathy
This little trick in this guide is essentially turning GDM into a minimal desktop session, useful for doing quick web searches, or asking quick questions to friends without the need to login entirely!
First, we insert Firefox. Now, I prefer to put it into the taskbar using 'alltray'.
Then copy over the desktop icon.
sudo apt-get install alltray
And alter it so it open firefox with alltray:
sudo cp /usr/share/app-install/desktop/firefox.desktop /usr/share/gdm/autostart/LoginWindow/
Now, when you come to the login screen, Firefox will be in a tray icon.
sudo sed -i 's/^Exec=/Exec=alltray /' /usr/share/gdm/autostart/LoginWindow/firefox.desktop
The exact same procedure is used for XChat and Empathy too.
Although, in the case of Empathy, you will have two tray icons if you run the 'sed' command.
sudo cp /usr/share/app-install/desktop/xchat.desktop /usr/share/gdm/autostart/LoginWindow/
sudo sed -i 's/^Exec=/Exec=alltray /' /usr/share/gdm/autostart/LoginWindow/xchat.desktop
Of the above though - realistically you should only be needing firefox, as you can use it as both an IRC and IM client through either addons or web-based services.
sudo cp /usr/share/app-install/desktop/empathy.desktop /usr/share/gdm/autostart/LoginWindow/
sudo sed -i 's/^Exec=/Exec=alltray /' /usr/share/gdm/autostart/LoginWindow/empathy.desktop
This last section of this is all about hardening GDM and reducing as many security breaches as possible.
What is already restricted?
GDM itself already comes as pretty restrictive by default.
- GDM's Home Directory has the permission 750.
- URL Handlers are disabled.
- Save to Disk is disabled.
- Printer Setup and Printing is disabled.
- Lock Screen is disabled.
- Command Line is disabled. Shell is set to /bin/true
- The Majority of Keybindings are disabled.
- Desktop and File Browsing is disabled.
What else can be done?
If anyone has anything more to add, please comment.
- Install security addons. I recommend No Script.
- Open about:config and set 'browser.privatebrowsing.autostart' to True.
Disallow Root Logins
For reasons beyond me, GDM doesn't seem to deny root logins.
This can be fixed though.
And put below the #%PAM-1.0
gksu gedit /etc/pam.d/gdm
Alternatively, you could use what I believe to be the default behaviour of GDM 2.20
auth required pam_succeed_if.so user != root quiet
auth required pam_succeed_if.so uid >= 1000 quiet
auth required pam_succeed_if.so user != nobody quiet
As GDM is part of the boot process, you may want to optimise all the changes you've made. Ubuntu Karmic uses ureadahead to carry out the profiling, and all you have to do to schedule a re-profile of the preload cache is by running:
Then reboot twice, and your boot process with be optimised again.
sudo rm /var/lib/ureadahead/*pack
So! turns out if you put your mind to it, you can make something out of nothing much. Hope you all enjoy the guide as much as I did creating it.
Thanks for reading.
- Firefox doesn't close cleanly by itself.
- Rather than alltray - perhaps tray shortcuts instead?
- Enable window switching.
- Login Sounds