Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Our security department is asking that we display a message to users that alerts them that it is a company system. This message should not be a welcome message and it should be a message pop up that must be dismissed before being able to log in. I'm trying to figure some way to do this in both a graphical environment and a runlevel 3 console environment.
As for RL3, we currently display a ssh banner that issues similar warnings to the users before logging in. But it's not a message that has to be dismissed before logging in, and is technically not acceptable according to our security guys.
Our security department is asking that we display a message to users that alerts them that it is a company system. This message should not be a welcome message and it should be a message pop up that must be dismissed before being able to log in. I'm trying to figure some way to do this in both a graphical environment and a runlevel 3 console environment.
I would approach this problem by creating spoofs of the login programs. Find out the names of the two login programs you are using, one graphical and one command line. Change the names of these two programs to unique names. Then write replacements for these two programs. The replacement programs will display your security message. When the user dismisses the message the programs will then execute the normal login programs under their unique names.
assuming you're staying with gdm on the X side, you can write a script for the /etc/X11/gdm/PostLogin/ directory using zenity to require a usage box. if a script executed in there returns 1 (condusive with a rejection of terms) the login would be terminated. equivalent for a console could be done in many ways, potentially with a dialog box triggered via pam_script.
I would approach this problem by creating spoofs of the login programs. Find out the names of the two login programs you are using, one graphical and one command line. Change the names of these two programs to unique names. Then write replacements for these two programs. The replacement programs will display your security message. When the user dismisses the message the programs will then execute the normal login programs under their unique names.
I don't think of it as a fork. I think of it as a front end to GDM. You could accomplish the same thing without renaming GDM by finding the scripts which call GDM and telling them to call the front end which then calls GDM after the user acknowledges the message.
After thinking about your comment, renaming GDM is probably not a good idea and changing the calling script to call the front end is probably better. The same is also true for whatever dialog script front end is written for the console login.
... renaming GDM is probably not a good idea and changing the calling script to call the front end is probably better.
Looking through /etc/gdm/gdm.conf I see a Greeter= line under [daemon] which is currently set to /usr/lib/gdm/gdmgreeter. I would think this would let you specify your own "pre-greeter" in gdm.conf-custom which in turn could (after "I Agree" or whatever) call the existing gdmgreeter. But I don't have near enough knowledge to know what the content of the custom "pre-greeter" should be.
i'm totally lost here guys... gdm already provides the exact framework that is being sought here... why is there any discussion of fundamentally changing it??
i'm totally lost here guys... gdm already provides the exact framework that is being sought here... why is there any discussion of fundamentally changing it??
My original thought was that cambie is going to have to write a program to create the dialog box that he wants. The dialog box displays a security message and then goes away after the user clicks acknowledgment and the normal login screen is displayed. I don't think GDM can be configured to do this as GDM is currently written. GDM allows you to specify a welcome message but you cannot make this welcome message interactive.
The discussion has moved along to where blackhole54 is suggesting that the best place to start the dialog box is in the GDM control file gdm.conf-custom. cambie could write his custom dialog box and tell GDM to use cambie's program in place of GDM's greeter and remote greeter. After reading the web page linked to below I think that blackhole54's idea will probably work for both local and remote GDM logins.
For init 3 logins I think that cambie will probably have to plug his custom dialog box somewhere into SSH, perhaps in sshd_config. I can find where to specify a SSH banner (/etc/issue.net) but I can't see any way to make the banner interactive.
as above, stick a script in the PostLogin directory and use Zenity to show a yes/no dialog. if you it no, pass the exit code out of the script, and the login session terminates. it's all there already.
as for init 3, pam_script would cover all angles implicitly, and use a very similar model to the gdm one too - nice to keep things arhitecurally similar even if they are totally isolated.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.