Hello,

I want to restrict a particular user on my system to use only XFCE. I do not want him to select any other session in GDM. How do I do this in Slack 10.1?

Thanks for your help,

Anand

I don't know about the GDM, but even configuring that probably wouldn't stop them, because they could just run that WM from the shell. you could remove all their permissions to the binaries that start the other window managers e.g.
theres probably an easier way to do this but I am still a noob, so this is all I can come up with.

EDIT: hey it made a scrollbar on the code.. I didn't know it did that.. cool.

actually, removing permissions would work well

yeah, but it probably wont change the GDM menu (unless its smart and checks permissions), so if they choose another window manager, they will get an ugly permissions error. also I don't know if this is the best way to set up the permissions, im still learning about permissions and groups etc. what would you do if you needed 4 ppl to have different perms to the same file? cuz theres only 3 things: user, group and others.

EDIT: wait, "could" do it that way? wouldn't blocking their permission to it be the only way?

Since you are using a Slackware based distro, a PAM solution would not work. I think you may need to change one of scripts which is used during x-windows startup or during login to check the UID number of the user and conditionally set the $DESKTOP variable. Because you want to do this for only one user, I don't think simply setting permissions would work. The commands would be used by the other users, so the 'other' permission bit would need to be set. This means that you can't restrict the permissions to this one user without effecting all of the others.

Try using the WDM display manager instead. It has scripts which will let you run any action before login, on login and after logout.

Here's what I did after installing blackbox-0.70.0. Blackbox-0.70.0 installs to a different directory than blackbox-0.65.0, so I had to figure out how to get 0.70 to start instead of 0.65.
as root:
# cd /home/*username*
open '/.xinitrc' with your favorite text editor
go to the bottom and change:
And that should take care of it.
And if you don't want the user to mess with the file, do 'chown root ./.xinitrc' and 'chgrp root ./.xinitrc' to keep them from messing with it. I think that covers it. Any other questions ask. Either I or somene else can answer them.

Placing an appropriate .xsession file in the users hoke directory seems to do what you want with wdm, and might with gdm.

The display manager menu is system-level so you can't change it for just one user. But an .xsession, .Xsession or .Xclients file in $HOME may override or intervene choices made from the menu.

I do not think if it is possible to really prevent this. All solutions I have read from the previous posts can be bypassed. For exemple if gnome-session is not executable, the user can copy all of gnome in its home directory make it executable and launch it from a xsession file (this necessitate to adjust some environement varibales). Perhaps the most secure way would be to path the Xsession file launched by gdm and to remoive the suid bit of X to prevent the user from launching another session from the console.

But even in this case i do see what could prevent this user, once in xfce to lauch whatever he want from it.