[780] in athena10
Changes to debathena-gdm-config
daemon@ATHENA.MIT.EDU (Geoffrey Thomas)
Wed Jan 7 16:38:30 2009
Date: Wed, 7 Jan 2009 16:38:17 -0500 (EST)
From: Geoffrey Thomas <geofft@MIT.EDU>
To: athena10@mit.edu
Message-ID: <alpine.DEB.2.00.0901071603160.5690@vinegar-pot.mit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
The patch I just committed (forwarded below) makes two small but very
interesting changes, so I wanted to make sure there was adequate
discussion before it gets uploaded to the repositories.
The first is that it disables a couple of permission checks in gdm.conf:
[security]
RelaxPermissions=2
CheckDirOwner=false
This is supposed to prevent a user with misset permissions on his homedir
from logging in, but in AFS, I don't believe these checks are useful (the
homedir could be system:anyuser writable). It's more common for the UNIX
permissions to be weird, but the homedir itself to be safe. I think this
is fine for debathena-gdm-config because that's only on
debathena-workstation machines. I don't think we can disable them just for
nonlocal users. If we know that these checks don't cause problems for AFS
users, they can be reverted.
The second is that it sets the GDM session directory to
/usr/share/debathena-gdm-config/sessions alone (it defaults to a number of
directories where session files may be). This has the effect of making the
current "Login options" button on the greeter only three choices:
"standard Athena session", i.e., system and user .xsession; failsafe
GNOME; and failsafe terminal. It removes all other window managers from
the list. It also removes the option to log into the last session.
In a shared environment like Athena I think this is the right approach; if
I install a window manager on one machine it's not guaranteed to be
available on other ones. I think the right way to invoke nonstandard
window managers is going to be to use .xsession scripts, rather than the
distribution's .desktop files (sessions); this can support
both local window managers as well as ones in lockers (kde,
windowmanagers, etc.), and will also make sure the Athena global xsession
files are respected, which sources the standard dotfiles.
I realize this is a pretty big change, but I think the global xsession is
important enough to merit requiring users to write .xsession files to use
non-GNOME window managers. Frankly speaking, the people this affects --
those with custom window managers -- are probably going to know how to and
want to write an .xsession file anyway to customize their environment for
Athena 10. (I'm one of them, and I found that I didn't want ratpoison with
my Athena 9 settings on Athena 10; I either wanted GNOME or needed to
spend time re-tweaking them.) Most users are going to continue using
GNOME, and eliminating the choice between last session, GNOME, and
"default xclient script" will only make their environment saner.
Thoughts?
--
Geoffrey Thomas
geofft@mit.edu
---------- Forwarded message ----------
Date: Wed, 7 Jan 2009 15:45:17 -0500 (EST)
From: geofft@MIT.EDU
To: source-commits@MIT.EDU
Subject: /svn/athena r23269 - in trunk/debathena/config/gdm-config: . debian
sessions
Author: geofft
Date: 2009-01-07 15:45:16 -0500 (Wed, 07 Jan 2009)
New Revision: 23269
Added:
trunk/debathena/config/gdm-config/sessions/
trunk/debathena/config/gdm-config/sessions/default.desktop
Modified:
trunk/debathena/config/gdm-config/debian/changelog
trunk/debathena/config/gdm-config/debian/debathena-gdm-config.install
trunk/debathena/config/gdm-config/debian/transform_gdm.conf.debathena
Log:
In gdm-config:
* Cause GDM to provide only a "Standard Athena session."
* Disable some permission checks that don't make sense in AFS.
Modified: trunk/debathena/config/gdm-config/debian/changelog
===================================================================
--- trunk/debathena/config/gdm-config/debian/changelog 2009-01-05 23:11:31 UTC (rev 23268)
+++ trunk/debathena/config/gdm-config/debian/changelog 2009-01-07 20:45:16 UTC (rev 23269)
@@ -1,3 +1,10 @@
+debathena-gdm-config (1.6) unstable; urgency=low
+
+ * Cause GDM to provide only a "Standard Athena session."
+ * Disable some permission checks that don't make sense in AFS.
+
+ -- Geoffrey G Thomas <geofft@mit.edu> Wed, 07 Jan 2009 15:44:54 -0500
+
debathena-gdm-config (1.5) unstable; urgency=low
* Modified the gdm reload to be conditional on gdm running.
Modified: trunk/debathena/config/gdm-config/debian/debathena-gdm-config.install
===================================================================
--- trunk/debathena/config/gdm-config/debian/debathena-gdm-config.install 2009-01-05 23:11:31 UTC (rev 23268)
+++ trunk/debathena/config/gdm-config/debian/debathena-gdm-config.install 2009-01-07 20:45:16 UTC (rev 23269)
@@ -1,2 +1,3 @@
debian/debathena.png usr/share/pixmaps
debathena /usr/share/gdm/themes/
+sessions /usr/share/debathena-gdm-config/
Modified: trunk/debathena/config/gdm-config/debian/transform_gdm.conf.debathena
===================================================================
--- trunk/debathena/config/gdm-config/debian/transform_gdm.conf.debathena 2009-01-05 23:11:31 UTC (rev 23268)
+++ trunk/debathena/config/gdm-config/debian/transform_gdm.conf.debathena 2009-01-07 20:45:16 UTC (rev 23269)
@@ -1,3 +1,4 @@
#!/usr/bin/perl -0p
-s|(\[daemon\]\n)|\1UserAuthDir=/tmp\n| or die;
-s|(\[greeter\]\n)|\1GraphicalTheme=debathena\n| or die;
+s|(\[daemon\]\n)|\1UserAuthDir=/tmp\nSessionDesktopDir=/usr/share/debathena-gdm-config/sessions\n| or die;
+s|(\[security\]\n)|\1RelaxPermissions=2\nCheckDirOwner=false\n| or die;
+s|(\[greeter\]\n)|\1GraphicalTheme=debathena\nShowLastSession=false| or die;
Added: trunk/debathena/config/gdm-config/sessions/default.desktop
===================================================================
--- trunk/debathena/config/gdm-config/sessions/default.desktop 2009-01-05 23:11:31 UTC (rev 23268)
+++ trunk/debathena/config/gdm-config/sessions/default.desktop 2009-01-07 20:45:16 UTC (rev 23269)
@@ -0,0 +1,9 @@
+[Desktop Entry]
+Encoding=UTF-8
+Name=Standard Athena session
+Exec=default
+# The "default" Exec is a very special one and is handled specially in
+# the Xsession script, you could also have "custom" which would just run
+# "~/.xsession" directly
+Icon=
+Type=Application
