RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1656016 - GDM service ignores /etc/gdm/custom.conf
Summary: GDM service ignores /etc/gdm/custom.conf
Keywords:
Status: CLOSED DUPLICATE of bug 1647621
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: gdm
Version: 7.6
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Ray Strode [halfline]
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-04 13:20 UTC by Patrik Wenger
Modified: 2018-12-11 21:34 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-12-04 14:57:46 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Patrik Wenger 2018-12-04 13:20:28 UTC 
Description of problem:
Settings in /etc/gdm/custom.conf are ignored by the GDM service. I'd like to pass the option `-nolisten tcp` to X as part of a server hardening process, but unable to do so.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Put this into /etc/gdm/custom.conf:
```
[security]
DisallowTCP=true
```

2. Restart GDM service
3. Check Port 6000/tcp with port scanner: `nmap -nsT -p6000 localhost`

Actual results:
Port is open.


Expected results:
Port should be closed.

Additional info:
It seems the `startx` script is not used when starting GDM, meaning if I hardcode `-nolisten tcp` in there, it's still not passed to X when starting the GDM service. But it WILL get passed to X when starting X using `startx`.

System was up-to-date as of 2 weeks ago. Temporarily no internet access on the it, and right now it's unavailable to me. But we will have to fix the issue before going productive.
Comment 2 Michael Boisvert 2018-12-04 13:58:50 UTC 
I don't believe it is being fully ignored as I am able to enable and disable XDMCP via custom.conf.
Comment 3 Patrik Wenger 2018-12-04 14:03:25 UTC 
I'm pretty sure that the file is ignored since I also tried

```
[greeter]
SystemMenu=false
```

which I have to fix too, and was ignored too.

Any idea as to why the file might get ignored?
Comment 4 Michael Boisvert 2018-12-04 14:29:32 UTC 
(In reply to Patrik Wenger from comment #3)
> I'm pretty sure that the file is ignored since I also tried
> 
> ```
> [greeter]
> SystemMenu=false
> ```
> 
> which I have to fix too, and was ignored too.
> 
> Any idea as to why the file might get ignored?

Not sure, I was looking through an older Fedora bug with the same issue. If there are duplicate sections or improper permissions, this may cause the issue.
Comment 5 Ray Strode [halfline] 2018-12-04 14:57:46 UTC 
[greeter]
SystemMenu

is not a valid option in Red Hat Enterprise Linux 7.

-nolisten tcp should be the default, but due to a bug in Red Hat Enterprise Linux 7.6, it's not.

This defect is being tracked by bug 1647621

*** This bug has been marked as a duplicate of bug 1647621 ***
Comment 6 Patrik Wenger 2018-12-04 15:05:44 UTC 
Okay, thanks. What to do to remove the shutdown menu from GDM's login screen?

So you're saying that it's not X listening on 6000/tcp? Because I used `fuser` and also `netstat -tlnp`, both telling me that it's X, not some cloud software.
Comment 7 Michael Boisvert 2018-12-04 15:08:11 UTC 
(In reply to Patrik Wenger from comment #6)
> Okay, thanks. What to do to remove the shutdown menu from GDM's login screen?
> 
> So you're saying that it's not X listening on 6000/tcp? Because I used
> `fuser` and also `netstat -tlnp`, both telling me that it's X, not some
> cloud software.

You'd like to disable the power/restart button(s) in GDM?
Comment 8 Ray Strode [halfline] 2018-12-04 15:55:31 UTC 
(In reply to Patrik Wenger from comment #6)
> Okay, thanks. What to do to remove the shutdown menu from GDM's login screen?
Looks like there's docs here:

https://access.redhat.com/solutions/2020763

If you have any problems, please open a case with support at access.redhat.com.

> So you're saying that it's not X listening on 6000/tcp? Because I used
> `fuser` and also `netstat -tlnp`, both telling me that it's X, not some
> cloud software.
Oh, sorry for the confusion.  It is definitely X on your system listening on the port.  The cloud software tie-in isn't exactly relevant to your situation. The reason it's part of the puzzle is that since X doesn't normally use the port, the cloud software ended up using the port by default.  But since X is erroneously using the port in 7.6, the cloud software can't, and is failing out of the box.  The cloud software shouldn't be using that port by default, an X shouldn't be using the port at all.  bug 1647621 is the bug being used to track the fix for X. and bug 1649511 is the bug being used to track the fix for the cloud software.
Comment 9 Patrik Wenger 2018-12-11 21:34:04 UTC 
Thanks for the help.
Note You need to log in before you can comment on or make changes to this bug.