Home Community User Groups Special Interest Groups NI Linux Real-Time NI Linux Real-Time Discussions Topic

NI Linux Real-Time Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Anyone tried using a Desktop Manager (XDM, GDM, ?DM) on a linux RT cRIO?

Anyone tried using a Desktop Manager (XDM, GDM, ?DM) on a linux RT cRIO?

‎06-04-2019 10:52 AM - edited ‎06-04-2019 10:54 AM

Hi Folks,

 

So I am concerned that it looks like to me that someone could walk up to my 9038, plug in a monitor, keyboard and mouse, and hey presto, they have access to an X-Windows environment (XFCE I think) with lvuser credentials. OK, maybe they have to reboot the cRIO with the monitor plugged in and maybe they have to activate the display via the web interface. But in principle, someone can get access to the system without so much as a login.

 

I know you can turn off the panel that allows you to start a terminal and other tools. And I know you can turn off the whole thing so nothing gets displayed.

 

But I can't help but wonder if you can install a desktop manager such as XDM or GDM, whose job is to provide a graphical login.

 

I presume that it would be impossible to login as lvuser if a desktop manager was used, but the point is to prevent unauthorized access so that might be OK.

 

Any thoughts?

0 Kudos
Message 1 of 4
(2,333 Views)
Reply

Re: Anyone tried using a Desktop Manager (XDM, GDM, ?DM) on a linux RT cRIO?

‎06-04-2019 01:52 PM

One option is to use a screen locker, like slock-pam. You need to build it from source like this:

 

opkg update

opkg install git libx11-dev libpam-dev

git clone https://github.com/Miciah/slock-pam.git

cd slock-pam/

make

make install

 

Next you'll need to set a password for lvuser. By default, lvuser's password is disabled so it can't interactively log in. Set a password by running "passwd lvuser".

 

Finally run "slock-pam" from the UI to engage the lock. Type your password to open the screen.

 

0 Kudos
Message 2 of 4
(2,305 Views)
Reply

Re: Anyone tried using a Desktop Manager (XDM, GDM, ?DM) on a linux RT cRIO?

‎06-04-2019 02:31 PM

Hi Haris,

 

I attended your security presentation at NI Week this year. Good stuff!

 

slock-pam sounds like a good solution. I am just trying to think where I put the call so that the X-Display is locked from the start instead of requiring the operator to lock it. But I know that is an ordinary Linux question.

 

Thanks!

0 Kudos
Message 3 of 4
(2,299 Views)
Reply

Re: Anyone tried using a Desktop Manager (XDM, GDM, ?DM) on a linux RT cRIO?

‎06-04-2019 03:57 PM

Thanks, I'm glad you found it helpful.

 

You could configure the screen lock to autostart by writing a shortcut file like /home/lvuser/.config/autostart/01-slock-pam.desktop with the following lines:

 

[Desktop Entry]
Encoding=UTF-8
Exec=slock-pam

 

The screen lock now engages immediately on startup.

 

Message 4 of 4
(2,291 Views)
Reply