Bug#585087: gdm3 runs as root and no longer as user gdm

Wed Jun 9 15:28:36 UTC 2010

Le mercredi 09 juin 2010 à 14:10 +0200, Christoph Anton Mitterer a
écrit :
> On Wed, 2010-06-09 at 09:09 +0200, Josselin Mouette wrote: 
> > The GDM daemon itself runs as root of course, but everything that is
> > unsafe (especially the graphical stuff) is run under user Debian-gdm.
> > All the information is communicated between the daemon and the slave
> > session through D-Bus.
> Ah I see.... so is this hardcoded? There are no settings for User= and
> Group= in gdm's config file.

The defaults are in /usr/share/gdm/gdm.schemas and can be overriden. I
have no idea what result changing it can give, though.
> 1) When purging gdm and installing gdm3:
> dpkg: warning: while removing gdm, directory
> '/usr/share/gdm/applications' not empty so not removed.
> dpkg: warning: while removing gdm, directory '/usr/share/gdm' not empty
> so not removed.
> 
> => guess this is intentionally as you put the gdm3 files also
> in /u/s/gdm?

Yes.

> Adding group `Debian-gdm' (GID 116) ...
> Done.
> Warning: The home dir /var/lib/gdm3 you specified already exists.
> Allowing use of questionable username.
> Adding system user `Debian-gdm' (UID 108) ...
> Adding new user `Debian-gdm' (UID 108) with group `Debian-gdm' ...
> The home directory `/var/lib/gdm3' already exists.  Not copying from
> `/etc/skel'.
> adduser: Warning: The home directory `/var/lib/gdm3' does not belong to
> the user you are currently creating.
> 
> => not sure why these warnings occur,... the one that the dir already
> exists is just a cosmetic issue,... and for the last one, the dir does
> belong to Debian-gdm3 (at least on my system).

Not sure. This probably happens before chown is run.

> 2) Is there any reason why the config file is named daemon.conf?
> Upstream seems to use custom.conf

IIRC this is because upstream ships two configuration files, while we
put the defaults in /usr/share.

> 3) I was looking through
> http://library.gnome.org/admin/gdm/2.30/gdm.html#configuration
> I guess the default values are the ones in frames, right?
> Then
> DisallowTCP=true
> Multicast=false TimedLoginEnable=false
> AutomaticLoginEnable=false 
> [xdmcp]
> Enable=false 
> Would be the default, right? Which means that XDMCP, multicast and TCP
> connections to the X server are disabled.
> 
> Therefore it should be ok for end-users to skip the steps described in
> the gdm manual for securing (blocking XDMCP firewall ports, and blocking
> gdm in /etc/hosts.deny)

Yes, of course the configuration is secure by default.

> IMHO that's of course good, but will you keep this as the defaults? I
> want to secure that this is kept for my systems and if you plan to
> change it, I better set them manually
> 
> btw: per default User=gdm and Group=gdm (see above) 

It was not possible to keep the same user/group name, because the two
versions of gdm are at the same time in the archive.

> 4) Last but not least,... gdm3 seems to be far less configurable than
> the <= 2.20 versions.

Indeed.

> I especially miss that one can disable the password prompt
> characters.... is there a way to hide them completely?

Not currently. A patch would be considered, but frankly I consider it a
minor matter.

Cheers,
-- 
 .''`.      Josselin Mouette
: :' :
`. `'   “If you eat pasta without sauce, it is nothing
  `-     short of communism.”  -- Marie