NAME
xenodm
—
X Display Manager
SYNOPSIS
xenodm |
[-config
configuration_file]
[-nodaemon ] [-debug
debug_level] [-error
error_log_file] [-resources
resource_file] [-server
server_entry] [-session
session_program] |
DESCRIPTION
xenodm
manages a collection of X displays
on the local host. xenodm
provides services similar
to those provided by
getty(8) and
login(1) on character terminals: prompting for login name and
password, authenticating the user, and running a
“session”.
A “session” is defined by the lifetime of a
particular process; in the traditional character-based terminal world, it is
the user's login shell. In the xenodm
context, it is
an arbitrary session manager. This is because in a windowing environment, a
user's login shell process does not necessarily have any terminal-like
interface with which to connect. When a real session manager is not
available, a window manager or terminal emulator is typically used as the
“session manager”, meaning that termination of this process
terminates the user's session.
When the session is terminated, xenodm
resets the X server and (optionally) restarts the whole process.
Because xenodm
provides the first
interface that users will see, it is designed to be simple to use and easy
to customize to the needs of a particular site.
xenodm
has many options, most of which have
reasonable defaults. Browse through the various sections of this manual,
picking and choosing the things you want to change. Pay particular attention
to the SESSION PROGRAM section,
which will describe how to set up the style of session desired.
OVERVIEW
xenodm
is highly configurable, and most of
its behavior can be controlled by resource files and shell scripts. The
names of these files themselves are resources read from the file
xenodm-config or the file named by the
-config
option.
xenodm
can manage X servers running on the
local machine and specified in Xservers.
The resources of the X clients run by
xenodm
outside the user's session, including
xenodm
's own login window, can be affected by
setting resources in the Xresources file.
After resetting the X server, xenodm
runs
the Xsetup script to assist in setting up the screen
the user sees along with the xlogin widget.
The xlogin widget, which xenodm
presents,
offers the familiar login and password prompts, unless
autoLogin
is set.
After the user logs in, xenodm
runs the
Xstartup script as root.
Then xenodm
runs the
Xsession script as the user. This system session
file may do some additional startup and typically runs the
.xsession script in the user's home directory. When
the Xsession script exits, the session is over.
At the end of the session, the Xreset script is run to clean up, the X server is reset, and the cycle starts over.
The file /var/log/xenodm.log will contain
error messages from xenodm
and anything output to
stderr
by Xsetup,
Xstartup, Xsession or
Xreset. When you have trouble getting
xenodm
working, check this file to see if
xenodm
has any clues to the trouble.
OPTIONS
All of these options, except -config
itself, specify values that can also be specified in the configuration file
as resources.
-config
configuration_file- Names the configuration file, which specifies resources to control the
behavior of
xenodm
. /etc/X11/xenodm/xenodm-config is the default. See the section CONFIGURATION FILE. -nodaemon
- Specifies
false
as the value for theDisplayManager.daemonMode
resource. This suppresses the normal daemon behavior, which is forxenodm
to close all file descriptors, disassociate itself from the controlling terminal, and put itself in the background when it first starts up. -debug
debug_level- Specifies the numeric value for the
DisplayManager.debugLevel
resource. A non-zero value causesxenodm
to print lots of debugging statements to the terminal; it also disables theDisplayManager.daemonMode
resource, forcingxenodm
to run synchronously. To interpret these debugging messages, a copy of the source code forxenodm
is almost a necessity. No attempt has been made to rationalize or standardize the output. -error
error_log_file- Specifies the value for the
DisplayManager.errorLogFile
resource. This file contains errors fromxenodm
as well as anything written tostderr
by the various scripts and programs run during the progress of the session. -resources
resource_file- Specifies the value for the
DisplayManager*resources
resource. This file is loaded using xrdb(1) to specify configuration parameters for the authentication widget. -server
server_entry- Specifies the value for the
DisplayManager.servers
resource. See the section LOCAL SERVER SPECIFICATION for a description of this resource. -session
session_program- Specifies the value for the
DisplayManager*session
resource. This indicates the program to run as the session after the user has logged in. -xrm
resource_specification- Allows an arbitrary resource to be specified, as in most X Toolkit applications.
RESOURCES
At many stages the actions of xenodm
can
be controlled through the use of its configuration file, which is in the X
resource format. Some resources modify the behavior of
xenodm
on all displays, while others modify its
behavior on a single display. Where actions relate to a specific display,
the display name is inserted into the resource name between
“DisplayManager” and the final resource name segment.
For local displays, the resource name and class are as read from the Xservers file.
Because the resource manager uses colons to separate the name of
the resource from its value and dots to separate resource name parts,
xenodm
substitutes underscores for both dots and
colons when generating the resource name. For example,
DisplayManager.expo_x_org_0.startup
is the name of
the resource which defines the startup shell file for the
“expo.x.org:0” display.
DisplayManager.servers
- This resource either specifies a file name full of server entries, one per line (if the value starts with a slash), or a single server entry. See the section LOCAL SERVER SPECIFICATION for the details.
DisplayManager.errorLogFile
- Error output is normally directed at the system console. To redirect it,
set this resource to a file name. A method to send these messages to
syslog(3) should be developed for systems which support it;
however, the wide variety of interfaces precludes any system-independent
implementation. This file also contains any output directed to
stderr
by the Xsetup, Xstartup, Xsession and Xreset files, so it will contain descriptions of problems in those scripts as well. DisplayManager.debugLevel
- If the integer value of this resource is greater than zero, reams of
debugging information will be printed. It also disables daemon mode, which
would redirect the information into the bit-bucket, and allows non-root
users to run
xenodm
, which would normally not be useful. DisplayManager.daemonMode
- Normally,
xenodm
attempts to make itself into a daemon process unassociated with any terminal. This is accomplished by forking and leaving the parent process to exit, then closing file descriptors and releasing the controlling terminal. In some environments this is not desired (in particular, when debugging). Setting this resource tofalse
will disable this feature. DisplayManager.authDir
- This names a directory under which
xenodm
stores authorization files while initializing the session. The default value is /etc/X11/xenodm. Can be overridden for specific displays byDisplayManager.
DISPLAY.authFile
. DisplayManager.autoRescan
- This boolean controls whether
xenodm
rescans the configuration, servers, access control and authentication keys files after a session terminates and the files have changed. By default it istrue
. You can forcexenodm
to reread these files by sending aSIGHUP
to the main process. DisplayManager.exportList
- A list of additional environment variables, separated by white space, to pass on to the Xsetup, Xstartup, Xsession, and Xreset programs.
DisplayManager.
DISPLAY.autoLogin
- This resource specifies the name of an user that will be logged in automatically, without displaying the xlogin widget.
DisplayManager.
DISPLAY.resources
- This resource specifies the name of the file to be loaded by xrdb(1) as the resource database onto the root window of screen 0 of the display. The Xsetup program and the Login widget will use the resources set in this file. This resource database is loaded just before the authentication procedure is started, so it can control the appearance of the login window. See the section AUTHENTICATION WIDGET, which describes the various resources that are appropriate to place in this file. There is no default value for this resource, but /etc/X11/xenodm/Xresources is the conventional name.
DisplayManager.
DISPLAY.xrdb
- Specifies the program used to load the resources. By default,
xenodm
uses /usr/X11R6/bin/xrdb. DisplayManager.
DISPLAY.cpp
- This specifies the name of the C preprocessor which is used by xrdb(1).
DisplayManager.
DISPLAY.setup
- This specifies a program which is run (as root) before offering the Login window. This may be used to change the appearance of the screen around the Login window or to put up other windows (e.g., you may want to run xconsole(1) here). By default, no program is run. The conventional name for a file used here is Xsetup. See the section SETUP PROGRAM.
DisplayManager.
DISPLAY.startup
- This specifies a program which is run (as root) after the authentication process succeeds. By default, no program is run. The conventional name for a file used here is Xstartup. See the section STARTUP PROGRAM.
DisplayManager.
DISPLAY.session
- This specifies the session to be executed (not running as root). By default, /usr/X11R6/bin/xterm is run. The conventional name is Xsession. See the section SESSION PROGRAM.
DisplayManager.
DISPLAY.reset
- This specifies a program which is run (as root) after the session terminates. By default, no program is run. The conventional name is Xreset. See the section RESET PROGRAM.
DisplayManager.
DISPLAY.openDelay
DisplayManager.
DISPLAY.openRepeat
DisplayManager.
DISPLAY.openTimeout
DisplayManager.
DISPLAY.startAttempts
DisplayManager.
DISPLAY.reservAttempts
- These numeric resources control the behavior of
xenodm
when attempting to open intransigent servers.openDelay
is the length of the pause in seconds between successive attempts,openRepeat
is the number of attempts to make,openTimeout
is the amount of time to wait while actually attempting the open (i.e., the maximum time spent in the connect(2) system call) andstartAttempts
is the number of times this entire process is done before giving up on the server. AfteropenRepeat
attempts have been made, or ifopenTimeout
seconds elapse in any particular attempt,xenodm
terminates and restarts the server, attempting to connect again. This process is repeatedstartAttempts
times, at which point the display is declared dead and disabled. Although this behavior may seem arbitrary, it has been empirically developed and works quite well on most systems. The boundreservAttempts
is the number of times a successful connect is allowed to be followed by a fatal error. When reached, the display is disabled. The default values areopenDelay
: 15,openRepeat
: 5,openTimeout
: 120,startAttempts
: 4 andreservAttempts
: 2. DisplayManager.
DISPLAY.terminateServer
- This boolean resource specifies whether the X server should be terminated
when a session terminates (instead of resetting it). This option can be
used when the server tends to grow without bound over time, in order to
limit the amount of time the server is run. The default value is
false
. DisplayManager.
DISPLAY.userPath
xenodm
sets thePATH
environment variable for the session to this value. It should be a colon separated list of directories; see sh(1) for a full description. The default value is “/bin:/usr/bin:/sbin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin”.DisplayManager.
DISPLAY.systemPath
xenodm
sets thePATH
environment variable for the startup and reset scripts to the value of this resource. The default for this resource is “/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin”. Note the absence of ‘.
’ from this entry. This is a good practice to follow for root; it avoids many common Trojan Horse system penetration schemes.DisplayManager.
DISPLAY.systemShell
xenodm
sets theSHELL
environment variable for the startup and reset scripts to the value of this resource. It is /bin/sh by default.DisplayManager.
DISPLAY.failsafeClient
- If the default session fails to execute,
xenodm
will fall back to this program. This program is executed with no arguments, but executes using the same environment variables as the session would have had (see the section SESSION PROGRAM). By default, /usr/X11R6/bin/xterm is used. DisplayManager.
DISPLAY.grabServer
DisplayManager.
DISPLAY.grabTimeout
- To improve security,
xenodm
grabs the server and keyboard while reading the login name and password. ThegrabServer
resource specifies if the server should be held for the duration of the name/password reading. Whenfalse
, the server is ungrabbed after the keyboard grab succeeds, otherwise the server is grabbed until just before the session begins. The default isfalse
. ThegrabTimeout
resource specifies the maximum timexenodm
will wait for the grab to succeed. The grab may fail if some other client has the server grabbed, or possibly if the network latencies are very high. This resource has a default value of 3 seconds; you should be cautious when raising it, as a user can be spoofed by a look-alike window on the display. If the grab fails,xenodm
kills and restarts the server (if possible) and the session. DisplayManager.
DISPLAY.authorize
DisplayManager.
DISPLAY.authName
authorize
is a boolean resource which controls whetherxenodm
generates and uses authorization for the local server connections. If authorization is used,authName
is a list of authorization mechanisms to use, separated by white space. Whenauthorize
is set for a display and authorization is not available, the user is informed by having a different message displayed in the login widget. By default,authorize
istrue
,authName
is “MIT-MAGIC-COOKIE-1”, or, if XDM-AUTHORIZATION-1 is available, “XDM-AUTHORIZATION-1 MIT-MAGIC-COOKIE-1”.DisplayManager.
DISPLAY.authFile
- This file is used to communicate the authorization data from
xenodm
to the server, using the-auth
server command line option. It should be kept in a directory which is not world-writable as it could easily be removed, disabling the authorization mechanism in the server. If not specified, a name is generated from DisplayManager.authDir and the name of the display. DisplayManager.
DISPLAY.authComplain
- If set to
false
, disables the use of theunsecureGreeting
in the login window. See the section AUTHENTICATION WIDGET. The default istrue
. DisplayManager.
DISPLAY.resetSignal
- The number of the signal
xenodm
sends to reset the server. See the section CONTROLLING THE SERVER. The default is 1 (SIGHUP
). DisplayManager.
DISPLAY.termSignal
- The number of the signal
xenodm
sends to terminate the server. See the section CONTROLLING THE SERVER. The default is 15 (SIGTERM
). DisplayManager.
DISPLAY.resetForAuth
- The original implementation of authorization in the sample server reread
the authorization file at server reset time, instead of when checking the
initial connection. As
xenodm
generates the authorization information just before connecting to the display, an old server would not get up-to-date authorization information. This resource causesxenodm
to sendSIGHUP
to the server after setting up the file, causing an additional server reset to occur, during which time the new authorization information will be read. The default isfalse
, which will work for all MIT servers. DisplayManager.
DISPLAY.userAuthDir
- When
xenodm
is unable to write to the usual user authorization file ($HOME/.Xauthority), it creates a unique file name in this directory and points the environment variableXAUTHORITY
at the created file. It uses /tmp by default.
CONFIGURATION FILE
First, the xenodm
configuration file
should be set up. Make a directory (usually
/etc/X11/xenodm) to contain all of the relevant
files.
Here is a reasonable configuration file, which could be named xenodm-config:
DisplayManager.servers: /etc/X11/xenodm/Xservers DisplayManager.errorLogFile: /var/log/xenodm.log DisplayManager*resources: /etc/X11/xenodm/Xresources DisplayManager*startup: /etc/X11/xenodm/Xstartup DisplayManager*session: /etc/X11/xenodm/Xsession DisplayManager._0.authorize: true DisplayManager*authorize: false
Note that this file mostly contains references to other files.
Note also that some of the resources are specified with
‘*
’ separating the components. These
resources can be made unique for each different display, by replacing the
‘*
’ with the display-name, but
normally this is not very useful. See the
RESOURCES section for a complete
discussion.
LOCAL SERVER SPECIFICATION
The resource DisplayManager.servers
gives
a server specification or, if the value starts with a slash
(‘/
’), the name of a file containing
server specifications, one per line.
Each specification indicates a display which should constantly be
managed. If the resource or the file named by the resource is empty,
xenodm
will exit.
Each specification consists of at least three parts: a display name, a display class, a display type, and a command line to start the server. A typical entry for local display number 0 would be:
The only recognized display type is:
local |
local display: xenodm will run
the server |
The display name must be something that can be passed in the
-display
option to an X program. This string is used
to generate the display-specific resource names, so be careful to match the
names (e.g., use “:0 local /usr/X11R6/bin/X :0” instead of
“localhost:0 local /usr/X11R6/bin/X :0” if your other
resources are specified as “DisplayManager._0.session”). The
display class portion is also used in the display-specific resources, as the
class of the resource. This is useful if you have a large collection of
similar displays (such as a corral of X terminals) and would like to set
resources for groups of them.
When xenodm
starts a session, it sets up
authorization data for the server. For local servers,
xenodm
passes “-auth
filename” on the server's command line to point
it at its authorization data.
RESOURCES FILE
The Xresources file is loaded onto the display as a resource database using xrdb(1). As the authentication widget reads this database before starting up, it usually contains parameters for that widget:
xlogin*login.translations: #override\ <Key>F1: set-session-argument(failsafe) finish-field()\n\ <Key>Return: set-session-argument() finish-field() xlogin*borderWidth: 3 xlogin*greeting: CLIENTHOST #ifdef COLOR xlogin*greetColor: CadetBlue xlogin*failColor: red #endif
Please note the translations entry; it specifies a few new translations for the widget which allow users to escape from the default session (and avoid troubles that may occur in it). Note that if #override is not specified, the default translations are removed and replaced by the new value, not a very useful result as some of the default translations are quite useful (such as “<Key>: insert-char ()” which responds to normal typing).
This file may also contain resources for the setup program.
SETUP PROGRAM
The Xsetup file is run after the server is reset, but before the Login window is offered. The file is typically a shell script. It is run as root, so should be careful about security. This is the place to change the root background or bring up other windows that should appear on the screen along with the Login widget.
In addition to any specified by
DisplayManager.exportList
, the following environment
variables are passed:
DISPLAY
- the associated display name
PATH
- the value of
DisplayManager.
DISPLAY.systemPath
SHELL
- the value of
DisplayManager.
DISPLAY.systemShell
XAUTHORITY
- may be set to an authority file
Note that since xenodm
grabs the keyboard,
any other windows will not be able to receive keyboard input. They will be
able to interact with the mouse, however; beware of potential security holes
here. If
DisplayManager.
DISPLAY.grabServer
is set, Xsetup will not be able to connect to the
display at all. Resources for this program can be put into the file named by
DisplayManager.
DISPLAY.resources
.
Here is a sample Xsetup script:
#!/bin/sh # Xsetup_0 - setup script for one workstation xcmsdb < /etc/X11/xenodm/monitors/alex.0 xconsole -geometry 480x130-0-0 -notify -verbose -exitOnFail &
AUTHENTICATION WIDGET
The authentication widget prompts the user for the username,
password, and/or other required authentication data from the keyboard.
Nearly every imaginable parameter can be controlled with a resource.
Resources for this widget should be put into the file named by
DisplayManager.
DISPLAY.resources
.
All of these have reasonable default values, so it is not necessary to
specify any of them.
The resource file is loaded with xrdb(1) so it may use the substitutions defined by that program such as CLIENTHOST for the client hostname in the login message, or C pre-processor #ifdef statements to produce different displays depending on color depth or other variables.
xenodm
is compiled with support for the
Xft(3) library for font rendering. Font faces are specified using the
resources with names ending in “face” in the fontconfig face
format described in the “Font Names” section of
fonts.conf(5).
xlogin.Login.width
,xlogin.Login.height
,xlogin.Login.x
,xlogin.Login.y
- The geometry of the Login widget is normally computed automatically. If you wish to position it elsewhere, specify each of these resources.
xlogin.Login.foreground
- The color used to display the input typed by the user.
xlogin.Login.face
- The face used to display the input typed by the user. The default is “Serif-18”.
xlogin.Login.greeting
- A string which identifies this window. The default is “X Window System”.
xlogin.Login.unsecureGreeting
- When X authorization is requested in the configuration file for this display and none is in use, this greeting replaces the standard greeting. The default is “This is an unsecure session”.
xlogin.Login.greetFace
- The face used to display the greeting. The default is “Serif-24:italic”.
xlogin.Login.greetColor
- The color used to display the greeting.
xlogin.Login.namePrompt
- The string displayed to prompt for a user name. xrdb(1) strips trailing white space from resource values, so to add spaces at the end of the prompt (usually a nice thing), add spaces escaped with backslashes. The default is “Login: ”.
xlogin.Login.passwdPrompt
- The string displayed to prompt for a password, when not using an authentication system such as PAM that provides its own prompts. The default is “Password: ”.
xlogin.Login.promptFace
- The face used to display prompts. The default is “Serif-18:bold”.
xlogin.Login.promptColor
- The color used to display prompts.
xlogin.Login.changePasswdMessage
- A message which is displayed when the user's password has expired. The default is “Password Change Required”.
xlogin.Login.fail
- A message which is displayed when the authentication fails, when not using an authentication system such as PAM that provides its own prompts. The default is “Login incorrect”.
xlogin.Login.failFace
- The face used to display the failure message. The default is “Serif-18:bold”.
xlogin.Login.failColor
- The color used to display the failure message.
xlogin.Login.failTimeout
- The number of seconds that the failure message is displayed. The default is 10.
xlogin.Login.logoFileName
- Name of an XPM format pixmap to display in the greeter window, if built with XPM support. The default is no pixmap.
xlogin.Login.logoPadding
- Number of pixels of space between the logo pixmap and other elements of the greeter window, if the pixmap is displayed. The default is 5.
xlogin.Login.useShape
- If set to
true
, when built with XPM support, attempt to use the X Non-Rectangular Window Shape Extension to set the window shape. The default istrue
. xlogin.Login.hiColor
,xlogin.Login.shdColor
- Raised appearance bezels may be drawn around the greeter frame and text
input boxes by setting these resources.
hiColor
is the highlight color, used on the top and left sides of the frame, and the bottom and right sides of text input areas.shdColor
is the shadow color, used on the bottom and right sides of the frame, and the top and left sides of text input areas. The default for both is the foreground color, providing a flat appearance. xlogin.Login.frameWidth
frameWidth
is the width in pixels of the area around the greeter frame drawn inhiColor
andshdColor
.xlogin.Login.innerFramesWidth
innerFramesWidth
is the width in pixels of the area around text input areas drawn inhiColor
andshdColor
.xlogin.Login.sepWidth
sepWidth
is the width in pixels of the bezeled line between the greeting and input areas drawn inhiColor
andshdColor
.xlogin.Login.allowRootLogin
- If set to
false
, don't allow root (and any other user with uid = 0) to log in directly. The default istrue
. This setting is only checked by some of the authentication backends at this time. xlogin.Login.allowNullPasswd
- If set to
true
, allow an otherwise failing password match to succeed if the account does not require a password at all. The default isfalse
, so only users that have passwords assigned can log in. xlogin.Login.echoPasswd
- If set to
true
, a placeholder character (echoPasswdChar
) will be shown for fields normally set to not echo, such as password input. The default isfalse
. xlogin.Login.echoPasswdChar
- Character to display if
echoPasswd
is true. The default is ‘*
’. If set to an empty value, the cursor will advance for each character input, but no text will be drawn. xlogin.Login.translations
- This specifies the translations used for the login widget. Refer to the X
Toolkit documentation for a complete discussion on translations. The
default translation table is:
Ctrl<Key>H: delete-previous-character() \n\ Ctrl<Key>D: delete-character() \n\ Ctrl<Key>B: move-backward-character() \n\ Ctrl<Key>F: move-forward-character() \n\ Ctrl<Key>A: move-to-begining() \n\ Ctrl<Key>E: move-to-end() \n\ Ctrl<Key>K: erase-to-end-of-line() \n\ Ctrl<Key>U: erase-line() \n\ Ctrl<Key>X: erase-line() \n\ Ctrl<Key>C: restart-session() \n\ Ctrl<Key>\\: abort-session() \n\ <Key>BackSpace: delete-previous-character() \n\ <Key>Delete: delete-previous-character() \n\ <Key>Return: finish-field() \n\ <Key>Escape: erase-line() \n\ <Key>: insert-char() \
The actions which are supported by the widget are:
delete-previous-character
- Erases the character before the cursor.
delete-character
- Erases the character after the cursor.
move-backward-character
- Moves the cursor backward.
move-forward-character
- Moves the cursor forward.
move-to-begining
- (Apologies about the spelling error.) Moves the cursor to the beginning of the editable text.
move-to-end
- Moves the cursor to the end of the editable text.
erase-to-end-of-line
- Erases all text after the cursor.
erase-line
- Erases the entire text.
finish-field
- If the cursor is in the name field, proceeds to the password field; if
the cursor is in the password field, checks the current name/password
pair. If the name/password pair is valid,
xenodm
starts the session. Otherwise the failure message is displayed and the user is prompted again. abort-session
- Terminates and restarts the server.
abort-display
- Terminates the server, disabling it. This action is not accessible in
the default configuration. There are various reasons to stop
xenodm
on a system console, such as when shutting the system down, or to generally access the console. Sendingxenodm
aSIGHUP
will restart the display. See the section CONTROLLING XENODM. restart-session
- Resets the X server and starts a new session. This can be used when the resources have been changed and you want to test them or when the screen has been overwritten with system messages.
insert-char
- Inserts the character typed.
set-session-argument
- Specifies a single word argument which is passed to the session at startup. See the section SESSION PROGRAM.
allow-all-access
- Disables access control in the server. This can be used when the
.Xauthority file cannot be created by
xenodm
. Be very careful using this; it might be better to disconnect the machine from the network before doing this.
On some systems (OpenBSD) the user's shell must be listed in /etc/shells to allow login through xenodm. The normal password and account expiration dates are enforced too.
STARTUP PROGRAM
The Xstartup program is run as root when the user logs in. It is typically a shell script. Since it is run as root, Xstartup should be very careful about security. This is the place to put commands which add entries to utmp(5) or wtmp(5) files (the sessreg(1) program may be useful here), mount users' home directories from file servers, or abort the session if logins are not allowed.
In addition to any specified by
DisplayManager.exportList
, the following environment
variables are passed:
DISPLAY
- the associated display name
HOME
- the initial working directory of the user
LOGNAME
- the user name
USER
- the user name
PATH
- the value of
DisplayManager.
DISPLAY.systemPath
SHELL
- the value of
DisplayManager.
DISPLAY.systemShell
XAUTHORITY
- may be set to an authority file
WINDOWPATH
- may be set to the window path leading to the X server
No arguments are passed to the script.
xenodm
waits until this script exits before starting
the user session. If the exit value of this script is non-zero,
xenodm
discontinues the session and starts another
authentication cycle.
The sample Xstartup file shown here prevents login while the file /etc/nologin exists. Thus this is not a complete example, but simply a demonstration of the available functionality.
Here is a sample Xstartup script:
#!/bin/sh # # Xstartup # # This program is run as root after the user is verified # if [ -f /etc/nologin ]; then xmessage -file /etc/nologin -timeout 30 -center exit 1 fi sessreg -a -l $DISPLAY -x /etc/X11/xenodm/Xservers $LOGNAME /etc/X11/xenodm/GiveConsole exit 0
SESSION PROGRAM
The Xsession program is the command which is run as the user's session. It is run with the permissions of the authorized user.
In addition to any specified by
DisplayManager.exportList
, the following environment
variables are passed:
DISPLAY
- the associated display name
HOME
- the initial working directory of the user
LOGNAME
- the user name
USER
- the user name
PATH
- the value of
DisplayManager.
DISPLAY.userPath
SHELL
- the user's default shell (from getpwnam(3))
XAUTHORITY
- may be set to a non-standard authority file
WINDOWPATH
- may be set to the window path leading to the X server
At most installations, Xsession should look in $HOME for a file .xsession, which contains commands that each user would like to use as a session. Xsession should also implement a system default session if no user-specified session exists.
An argument may be passed to this program from the authentication
widget using the set-session-argument
action. This
can be used to select different styles of session. One good use of this
feature is to allow the user to escape from the ordinary session when it
fails. This allows users to repair their own
.xsession if it fails, without requiring
administrative intervention. The example following demonstrates this
feature.
This example recognizes the special failsafe mode, specified in the translations in the Xresources file, to provide an escape from the ordinary session. It also requires that the .xsession file be executable so we don't have to guess what shell it wants to use.
#!/bin/sh # # Xsession # # This is the program that is run as the client # for the display manager. case $# in 1) case $1 in failsafe) exec xterm -geometry 80x24-0-0 ;; esac esac startup=$HOME/.xsession resources=$HOME/.Xresources if [ -f "$startup" ]; then exec "$startup" else if [ -f "$resources" ]; then xrdb -load "$resources" fi xclock -geometry 100x100-0+0 & xterm -geometry 80x24+10+10 -ls & exec twm fi
The user's .xsession file might look something like this example. Don't forget that the file must have execute permission.
#! /bin/sh xrdb -merge "$HOME/.Xresources" emacs -geometry +0+50 & xbiff -geometry -430+5 & xterm -geometry -0+50 -ls & exec twm
RESET PROGRAM
Symmetrical with Xstartup, the Xreset script is run after the user session has terminated. Run as root, it should contain commands that undo the effects of commands in Xstartup, updating entries in utmp(5) or wtmp(5) files, or unmounting directories from file servers. The environment variables that were passed to Xstartup are also passed to Xreset.
A sample Xreset script:
#!/bin/sh # # Xreset # # This program is run as root after the session ends # sessreg -d -l $DISPLAY -x /etc/X11/xenodm/Xservers $LOGNAME /etc/X11/xenodm/TakeConsole exit 0
CONTROLLING THE SERVER
xenodm
controls local servers using POSIX
signals. SIGHUP
is expected to reset the server,
closing all client connections and performing other cleanup duties.
SIGTERM
is expected to terminate the server. If
these signals do not perform the expected actions, the resources
DisplayManager.
DISPLAY.resetSignal
and
DisplayManager.
DISPLAY.termSignal
can specify alternate signals.
CONTROLLING XENODM
xenodm
responds to two signals:
SIGHUP
and SIGTERM
. When
sent a SIGHUP
, xenodm
rereads the configuration file, the access control file, and the servers
file. For the servers file, it notices if entries have been added or
removed. If a new entry has been added, xenodm
starts a session on the associated display. Entries which have been removed
are disabled immediately, meaning that any session in progress will be
terminated without notice and no new session will be started.
When sent a SIGTERM
,
xenodm
terminates all sessions in progress and
exits. This can be used when shutting down the system.
xenodm
attempts to mark its various
sub-processes for ps(1) by editing the command line argument list in place.
Because xenodm
can't allocate additional space for
this task, it is useful to start xenodm
with a
reasonably long command line (using the full path name should be enough).
Each process which is servicing a display is marked
-
display.
ADDITIONAL LOCAL DISPLAYS
To add an additional local display, add a line for it to the Xservers file. (See the section LOCAL SERVER SPECIFICATION.)
Examine the display-specific resources in
xenodm-config (e.g.,
DisplayManager._0.authorize
) and consider which of
them should be copied for the new display. The default
xenodm-config has all the appropriate lines for
displays :0 and :1.
OTHER POSSIBILITIES
You can use xenodm
to run a single session
at a time, using the 4.3
init(8) options or other suitable daemon by specifying the server on
the command line:
LIMITATIONS
One thing that xenodm
isn't very good at
doing is coexisting with other window systems. To use multiple window
systems on the same hardware, you'll probably be more interested in
xinit(1).
FILES
- /etc/X11/xenodm/xenodm-config
- the default configuration file
- $HOME/.Xauthority
- user authorization file where
xenodm
stores keys for clients to read - /usr/X11R6/bin/xrdb
- the default resource database loader
- /usr/X11R6/bin/X
- the default server
- /usr/X11R6/bin/xterm
- the default session program and failsafe client
- /etc/X11/xenodm/Adisplay-suffix
- the default place for authorization files
SEE ALSO
sessreg(1), xauth(1), xinit(1), xrdb(1), Xserver(1), fonts.conf(5), X(7), Xsecurity(7)
X Display Manager Control Protocol.
R. Hinden and S. Deering, IP Version 6 Addressing Architecture, RFC 4291, February 2006.
AUTHOR
Keith Packard, MIT X Consortium