[Novalug] .dmrc question

DonJr djr1952 at hotpop.com
Mon Aug 13 21:11:51 EDT 2007 

On Mon, 2007-08-13 at 07:51 -0700, Beartooth wrote:
> On Sun, 12 Aug 2007, DonJr wrote:
> 
> > BECAUSE you did 0644 instead of 0600.
> >
> > The ownership and access permissions have to be what the launch 
> > setup expects, are it complains with the error message you 
> > reported and refuses to use the information.
> 
>  	OK; but why does the error message say, inter alia, "File 
> should ... have 644 permissions"??

The message is coming from 'gdm' the graphic logon manager.

> >  It's a security feature.
> >
> > The same sort of thing goes for other files on your system.
> 
>  	I was guessing that; thanks for the confirmation. Is this 
> a SELinux thing, or is it old?

It's older/younger.

It's a feature of gdm the x-display-manager or graphic login manager.

See the "[Security]" section of the file /etc/gdm/gdm.conf
OR

# 0 is the most restrictive, 1 allows group write permissions, 2 allows all
# write permissions.
RelaxPermissions=0
# Check if directories are owned by logon user.  Set to false, if you have, for
# example, home directories owned by some other user.
CheckDirOwner=true
# Number of seconds to wait after a failed login
#RetryDelay=1

NOTE I don't recommend doing this in any way shape or form.
If you change theses 
 RelaxPermissions  to 2
and 
 CheckDirOwner  to false
you would then be allowed to set "~/.dmrc" to almost any valid(as in
readable by user btth) combo of ownership and permissions you want.

See the following LinuxQuestion.org threads for more information:
<http://www.linuxquestions.org/questions/showthread.php?t=546104>
and
<http://www.linuxquestions.org/questions/showthread.php?t=543505>


>  	I ssh'd into one of the problem machines, did only chmod 
> 0600 .dmrc, and logged out. Then logging back in, I first told it 
> to change session to Gnome -- and the error message popped up yet 
> again. So I rebooted -- and got the same results. Just to check, 
> I shut it down instead of finishing the login, and tried another 
> time, without mentioning sessions. Got the error message yet 
> again.

ssh'ing into a system shouldn't have any effect one way or the other.
With systems{ie local servers} that will be always live/exists behind my
primary firewall, I normally even enable ssh'ing in as ROOT with known
key(s), at least while in the configuration/setup phrase.

>  	Stray thought. Suppose (as btth, not root) I delete 
> /home/btth/.dmrc entirely? Will the first yum command re-create 
> it? Or suppose I delete it and do mkdir .dmrc (still as btth, not 
> root), and then a yum command?

If you just DELETE /home/btth/.dmrc, 'gdm' will then create a NEW one
with proper permission(s) once you select a default X-manger again.


BTW
  What is the permissions of user 'btth's $HOME directory?
IE what does the following return:
  ls -l /home

Is user 'btth' home directory set to allow OTHERS to WRITE to it?
If so then do as user 'btth':
  chmod o-w $HOME



--  
-- 
 Don E. Groves, Jr. 

$ /usr/games/fortune : Avoid gunfire in the bathroom tonight.

More information about the Novalug mailing list