Setting Up XDM on Debian/Ubuntu Linux

XDM, short for X Display Manager, is my favorite login manager for its simplicity. Sure, gdm and kdm are visually pleasant, but why do I have to install all the dependencies if xdm provides the same functionality as them? After all, xdm can launch GNOME and KDE for you — you just need to fix your ~/.xsession file. This post will serve as my notes on installation, configuration and customization of xdm.

All configuration of xdm, except for distribution-specific settings, is done by modifying the files in the /etc/X11/xdm directory. For now, I'll just go over what I have in my xdm files.

/etc/X11/xdm/Xaccess

This file is used to tell xdm who can use xdm. Therefore, if you are happy to let anyone access the X-Windows desktop locally or remotely, then you would just put an asterisk (*) in Xaccess as I did.

*

If you are very keen on security, you would put only the following in Xaccess. This only allows local users to have access to xdm.

localhost
127.0.0.1

However, even if Xaccess is set up as above, remote xdm login may still be possible with SSH X11 forwarding.

/etc/X11/xdm/Xresources

Xresources file is used to fine-tune the behavior and appearance of XDM. Here is what I put in my Xresources file:

Xcursor.theme: redglass

xlogin*login.translations: #override \
 Ctrl<Key>R: abort-display()\n\
 <Key>F1: set-session-argument(failsafe) finish-field()\n\
 <Key>Delete: delete-character()\n\
 <Key>Left: move-backward-character()\n\
 <Key>Right: move-forward-character()\n\
 <Key>Home: move-to-begining()\n\
 <Key>End: move-to-end()\n\
 Ctrl<Key>KP_Enter: set-session-argument(failsafe) finish-field()\n\
 <Key>KP_Enter: set-session-argument() finish-field()\n\
 Ctrl<Key>Return: set-session-argument(failsafe) finish-field()\n\
 <Key>Return: set-session-argument() finish-field()

xlogin*greeting: Welcome to CLIENTHOST
xlogin*namePrompt: Login:\040
xlogin*passwdPrompt: Password:\040
xlogin*fail: Login incorrect

xlogin*greetFace: Serif-21:bold:italic
xlogin*face: Sans-15
xlogin*promptFace: Sans-15:bold
xlogin*failFace: Sans-16:bold

xlogin*geometry: 600x400
xlogin*borderWidth: 1
xlogin*frameWidth: 5
xlogin*innerFramesWidth: 2
xlogin*shdColor: grey30
xlogin*hiColor: grey90
xlogin*background: grey
xlogin*greetColor: Blue3
xlogin*failColor: red
*Foreground: black
*Background: #fffff0

xlogin*logoFileName: /usr/share/X11/xdm/pixmaps/penguin_doll_200x300.xpm
xlogin*useShape: true
xlogin*logoPadding: 10

I think the settings are self-explanatory. This is how xdm would look with the above settings. The penguin image was taken from here.

/etc/X11/xdm/Xresources

The Xresources file allows you to specify how many X servers to run and their command arguments. In my case, I run Xorg and Xvfb. Xorg is the standard X server, and Xvfb is a server that runs totally in memory without depending on the video hardware. To see what's going on with Xvfb, I use x11vnc and gvncviewer.

# Default X.org server
:0 local /usr/bin/Xorg :0 vt7 -br -dpi 96 -nolisten TCP

:1 local /usr/local/bin/Xvfb :1 -dpi 96 -screen 0 1024x768x16

/etc/X11/xdm/Xsetup

Xsetup allows you to write any command to run when xdm displays the login screen. In my case, I run gm to set up the background image and run x11vnc to remotely access Xvfb via VNC.

#!/bin/sh
#
# This script is run as root before showing login widget.

gm display -window root /usr/share/wallpapers/Board_Tile_Gray.jpg
xkbcomp -dflts -I/usr/share/X11/xkb /etc/X11/xkb/server-0.xkm $DISPLAY

PID_XVFB=$(pidof Xvfb)
PID_X11VNC=$(pidof x11vnc)
if [ -n "$PID_XVFB" -a -z "$PID_X11VNC" ]; then
  x11vnc -display :1 -bg -xkb -nopw -nc_cr -forever -listen localhost -auth $(find /var/lib/xdm/authdir/authfiles -name \*:1\*) > /var/log/x11vnc.log 2>&1
fi

/etc/X11/xdm/xdm-config

In xdm-config, there is only one line that I bother to change. This line enables remote xdm logins.

! SECURITY: do not listen for XDMCP or Chooser requests
! Comment out this line if you want to manage X terminals with xdm
DisplayManager.requestPort:     177

/etc/X11/xdm/xdm-options

I think xdm-options is Debian specific. I don't think I made any change in this file.

# configuration options for xdm
# See xdm.options(5) for an explanation of the available options.

no-ignore-nologin
no-restart-on-upgrade
no-start-on-install
use-sessreg

Resetting XDM

There are other files in /etc/X11/xdm directory that you can safely leave as is. After you make any change with the files, have xdm reread the config files.

kill -1 $(pidof xdm)

If you want to force xdm to kill all running sessions and restart, enter the following command.

/etc/init.d/xdm restart

That's all I have to write about xdm for now. In summary, xdm is a simple, yet functional login manager that is easy to set up.

Using UnionfsFuse on Debian/Ubuntu Linux

Unionfs-fuse is a user-space implementation of unionfs that makes it possible to run Linux over a read-only medium, such as CD-ROM. Unionfs-fuse is a convenient alternative to kernel implementations (unionfs, aufs and overlayfs), so users don't have to patch the kernel in order to try unionfs. There are many possible uses of unionfs:

• Create a live CD
  
• Run Linux from a read-only filesystem image, such as a squashfs file
  
• Freeze an existing Linux system and save all changes in the memory
  

Unionfs achieves all this by merging a read-only filesystem and a writeable filesystem into a single virtual filesystem and mount it at a certain mount point. Let's try and apply unionfs-fuse to the third situation above. Basically, we need to create an initramfs file containing unionfs-fuse and a custom init script. The basic procedure is like this:

1. Load kernel drivers necessary to access the underlying storage device
   
2. Mount the read-only filesystem image at /opt
   
3. Mount tmpfs at /opt/tmp and create a directory /opt/tmp/.change
   
4. Use unionfs-fuse to merge the two and mount it at /mnt
   
5. Use chroot and start /sbin/init to boot the new unionfs filesystem
   

To carry about the above steps, an init script might look like this:

#!/bin/dash
# Use the small but functional dash to process this script

# Mount /proc, /sys, /dev and /dev/pts just in case
mount -t proc none /proc
mount -t sysfs none /sys
mount -t devtmpfs none /dev
mkdir -m 755 /dev/pts
mount -t devpts -o gid=5,mode=620 none /dev/pts

# Write commands here to load modules necessary to access a hard drive
modprobe pata_via
modprobe sd_mod

# Mount the Linux filesystem read-only at /opt
mount -r /dev/sda6 /opt

# Mount tmpfs at /opt/tmp
mount -t tmpfs none /opt/tmp
mkdir /opt/tmp/.change

# Create a unionfs mount at /mnt
modprobe fuse
unionfs-fuse -o allow_other,use_ino,suid,dev,nonempty,kernel_cache \
   -o cow,chroot=/opt,max_files=32768 /tmp/.change=RW:/=RO /mnt

# Make sure that init exists and is executable
if [ -x /mnt/sbin/init ]; then
  mount --move /dev /mnt/dev
  mount --move /proc /mnt/proc
  mount --move /sys /mnt/sys

# Start init from the root filesystem with runlevel 5.
  exec chroot /mnt /sbin/init 5
fi

The computer will boot into a virtual unionfs, consisting of writable tmpfs on top of read-only root filesystem. Make sure to modify /etc/rc.local so that it contains the following snippet of code.

for i in `ps ax | grep unionfs | grep -v grep | awk '{print $1}'`; do
  echo $i > /var/run/sendsigs.omit.d/unionfs.$i;
done

This prevents Linux from killing unionfs-fuse during shutdown so the system will properly shut down.

Related Posts

• Manually Creating initrd / initramfs to Boot Linux