LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 03-04-2008, 12:12 AM   #1
cambie
Member
 
Registered: Jul 2004
Posts: 90

Rep: Reputation: 15
Pop up box with warning


Our security department is asking that we display a message to users that alerts them that it is a company system. This message should not be a welcome message and it should be a message pop up that must be dismissed before being able to log in. I'm trying to figure some way to do this in both a graphical environment and a runlevel 3 console environment.

As for RL3, we currently display a ssh banner that issues similar warnings to the users before logging in. But it's not a message that has to be dismissed before logging in, and is technically not acceptable according to our security guys.
 
Old 03-04-2008, 04:59 PM   #2
jailbait
Guru
 
Registered: Feb 2003
Location: Blue Ridge Mountain
Distribution: Debian Wheezy, Debian Jessie
Posts: 7,589

Rep: Reputation: 187Reputation: 187
Quote:
Originally Posted by cambie View Post

Our security department is asking that we display a message to users that alerts them that it is a company system. This message should not be a welcome message and it should be a message pop up that must be dismissed before being able to log in. I'm trying to figure some way to do this in both a graphical environment and a runlevel 3 console environment.
I would approach this problem by creating spoofs of the login programs. Find out the names of the two login programs you are using, one graphical and one command line. Change the names of these two programs to unique names. Then write replacements for these two programs. The replacement programs will display your security message. When the user dismisses the message the programs will then execute the normal login programs under their unique names.

-----------------------
Steve Stites
 
Old 03-04-2008, 05:04 PM   #3
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
assuming you're staying with gdm on the X side, you can write a script for the /etc/X11/gdm/PostLogin/ directory using zenity to require a usage box. if a script executed in there returns 1 (condusive with a rejection of terms) the login would be terminated. equivalent for a console could be done in many ways, potentially with a dialog box triggered via pam_script.
 
Old 03-04-2008, 05:05 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Quote:
Originally Posted by jailbait View Post
I would approach this problem by creating spoofs of the login programs. Find out the names of the two login programs you are using, one graphical and one command line. Change the names of these two programs to unique names. Then write replacements for these two programs. The replacement programs will display your security message. When the user dismisses the message the programs will then execute the normal login programs under their unique names.

-----------------------
Steve Stites
Hmmm? Fork GDM???
 
Old 03-04-2008, 05:39 PM   #5
jailbait
Guru
 
Registered: Feb 2003
Location: Blue Ridge Mountain
Distribution: Debian Wheezy, Debian Jessie
Posts: 7,589

Rep: Reputation: 187Reputation: 187
Quote:
Originally Posted by acid_kewpie View Post
Hmmm? Fork GDM???
I don't think of it as a fork. I think of it as a front end to GDM. You could accomplish the same thing without renaming GDM by finding the scripts which call GDM and telling them to call the front end which then calls GDM after the user acknowledges the message.

After thinking about your comment, renaming GDM is probably not a good idea and changing the calling script to call the front end is probably better. The same is also true for whatever dialog script front end is written for the console login.

---------------------
Steve Stites
 
Old 03-05-2008, 08:01 AM   #6
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
Quote:
Originally Posted by jailbait View Post
... renaming GDM is probably not a good idea and changing the calling script to call the front end is probably better.
Looking through /etc/gdm/gdm.conf I see a Greeter= line under [daemon] which is currently set to /usr/lib/gdm/gdmgreeter. I would think this would let you specify your own "pre-greeter" in gdm.conf-custom which in turn could (after "I Agree" or whatever) call the existing gdmgreeter. But I don't have near enough knowledge to know what the content of the custom "pre-greeter" should be.
 
Old 03-05-2008, 08:06 AM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
i'm totally lost here guys... gdm already provides the exact framework that is being sought here... why is there any discussion of fundamentally changing it??
 
Old 03-05-2008, 04:48 PM   #8
jailbait
Guru
 
Registered: Feb 2003
Location: Blue Ridge Mountain
Distribution: Debian Wheezy, Debian Jessie
Posts: 7,589

Rep: Reputation: 187Reputation: 187
Quote:
Originally Posted by acid_kewpie View Post
i'm totally lost here guys... gdm already provides the exact framework that is being sought here... why is there any discussion of fundamentally changing it??
My original thought was that cambie is going to have to write a program to create the dialog box that he wants. The dialog box displays a security message and then goes away after the user clicks acknowledgment and the normal login screen is displayed. I don't think GDM can be configured to do this as GDM is currently written. GDM allows you to specify a welcome message but you cannot make this welcome message interactive.

The discussion has moved along to where blackhole54 is suggesting that the best place to start the dialog box is in the GDM control file gdm.conf-custom. cambie could write his custom dialog box and tell GDM to use cambie's program in place of GDM's greeter and remote greeter. After reading the web page linked to below I think that blackhole54's idea will probably work for both local and remote GDM logins.

http://palermo.linux.it/Documenti/Xgl/nvidia/gdm.conf

For init 3 logins I think that cambie will probably have to plug his custom dialog box somewhere into SSH, perhaps in sshd_config. I can find where to specify a SSH banner (/etc/issue.net) but I can't see any way to make the banner interactive.

----------------------
Steve Stites
 
Old 03-05-2008, 05:03 PM   #9
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
nah.... nah...

as above, stick a script in the PostLogin directory and use Zenity to show a yes/no dialog. if you it no, pass the exit code out of the script, and the login session terminates. it's all there already.

as for init 3, pam_script would cover all angles implicitly, and use a very similar model to the gdm one too - nice to keep things arhitecurally similar even if they are totally isolated.
 
Old 03-06-2008, 01:53 AM   #10
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
Quote:
Originally Posted by acid_kewpie View Post
stick a script in the PostLogin directory and use Zenity to show a yes/no dialog.
Wouldn't that put the message up after the user entered credentials? I thought the OP wanted it before.

BTW, I thought my suggestion was using the existing framework.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Pop-up dialogue box while using Firefox mikieboy Linux - Security 4 12-13-2006 08:10 AM
Nautilus Annoying Warning box madiyaan Linux - Software 1 09-29-2005 10:03 AM
SSL pop up box tommytomato Linux - General 1 07-03-2004 06:13 AM
how to produce pop-up message box / alert window from shell script peb Linux - Newbie 3 02-25-2004 04:14 AM
Qmail pop box size YourForum Linux - Software 0 11-30-2003 09:15 AM


All times are GMT -5. The time now is 10:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration