1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
Initial Setup
=============
The first time a new system is booted is a special situation. There is
no user account yet, and a few basic setup steps need to be performed
before it can be considered fully usable. The initial setup mode is an
attempt to solve these problems.
When in initial setup mode, GDM does not bring up the regular greeter
for the login screen, but instead starts the `gnome-initial-setup`
application in a special session. `gnome-initial-setup` offers a series
of steps to:
1. Select a language
2. Select a keyboard layout
3. Connect to the network
4. Adjust some privacy settings
5. Set the right location/timezone
6. Configure software sources
7. Set up online accounts
8. Create a new user account
9. Configure parental controls
In terms of the user experience, we want the initial setup to seamlessly
switch to the regular user session. In particular, we don't want to
make the user enter their credentials again on the login screen.
We can't run the `gnome-initial-setup` application with the correct user,
since the user account does not exist yet at that time. Therefore, GDM
runs `gnome-initial-setup` as a `gnome-initial-setup` use. When
`gnome-inital-setup` is done, it then initiates an autologin for the newly
created user account to switch to the ‘real’ session.
Due to this arrangement, we need to copy all the settings that have been
changed during the initial setup session from the `gnome-initial-setup`
user to the real user.
Mechanics
=========
By default, this functionality is enabled in GDM. To disable it, add the
following to GDM's configuration file:
```ini
[daemon]
InitialSetupEnable=False
```
(By default, this file lives at `/etc/gdm/custom.conf`, but this can be
customized at GDM build time. For Debian-like systems, use
`/etc/gdm3/daemon.conf`.)
If enabled, GDM will trigger Initial Setup only if there are no users configured
yet and some other conditions also hold. You can force GDM to run Initial Setup
even if users exist by appending `gnome.initial-setup=1` to the kernel command line.
The session that gdm starts for the initial-setup session is
defined by the file
`/usr/share/gnome-session/sessions/gnome-initial-setup.session`.
Like the regular greeter session, it uses the desktop files in
`/usr/share/gdm/greeter/applications/`.
`gnome-initial-setup` also has an "existing user" mode which activates
`gnome-initial-setup` when a user first logs in. The
`gnome-initial-setup-first-login.desktop` in the
[xdg autostart][] directory uses `gnome-session` to check if the user has a
`gnome-initial-setup-done` file in their `XDG_CONFIG_DIR`; if they don't,
`gnome-initial-setup` will launch with pages that are suitable for a
non-privileged user and on exiting will write the done file. However, since
GNOME 40, this mode would interfere with the first-login tour
prompt, so `gnome-initial-setup` silently writes the stamp file and exits.
[xdg autostart]: https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html
"The Desktop Application Autostart Specification"
Tips for development
====================
Enterprise Login
----------------
Initial Setup can configure the system to be part of an enterprise domain.
This functionality is available if `realmd` is installed (or, more precisely,
the name `org.freedesktop.realmd` is owned on the system bus) and hidden if not.
The FreeIPA project runs a [demo server](https://www.freeipa.org/page/Demo),
which may be useful to test this functionality if you do not have an
enterprise domain of your own to test against.
|