# LightDM, login classes and system limits



## bsduck (Jan 26, 2022)

Hello,

In /etc/login.conf I have the following login class:

```
audio:\
        :memorylocked=unlimited:
```
It allows my main user unlimited memory locking, as recommended by audio/jack.

This works fine from a command line login, and from a X session started by `startx`.
As expected, `ulimit -l` returns *unlimited*.

But that doesn't work if I log in from LightDM.
In that case, `ulimit -l` returns *131072*.

LightDM seems not to care about login classes. Is there a way to change that?

I tried various settings in /usr/local/etc/lightdm/lightdm.conf:
* running LightDM as my user instead of user "lightdm" -> doesn't work (I can't login)
* running LightDM as root -> works but no effect
* `lock-memory=true` -> no effect
* `user-authority-in-system-dir=true` -> no effect
* `dbus-service=false` -> no effect

LightDM's default (131072k) is what is defined for login class "daemon":

```
daemon:\
        :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin:\
        :mail@:\
        :memorylocked=128M:\
        :tc=default:
```
If I set `memorylocked=unlimited` there, I do get unlimited locking in my X session, but I don't think it's a good idea to give all daemons that privilege.

I tried giving the "lightdm" user the same login class as me: no effect, it still follows the "daemon" limits (which makes sense given that lightdm is a nologin user).

I also tried setting a lower limit for my login class while class "daemon" had unlimited: I got unlimited from my X session too.

So it seems the system limits a user gets while logging in from LightDM are invariably what LightDM itself is allowed, and that's what's defined in class "daemon". Not really convenient, and rather broken design. If there's a way to set per-user limits while using LightDM, please let me know! Otherwise I think it's a good reason to avoid using LightDM on FreeBSD.

I'll try other display managers to compare.


----------



## covacat (Jan 26, 2022)

try ligthdm_login_class="default" in rc.conf


----------



## T-Daemon (Jan 26, 2022)

Check this Archlinux wiki: https://wiki.archlinux.org/title/LightDM#X_session_wrapper

```
X session wrapper

If you are migrating from xinit, you will notice that the display is not launched by your shell. This is because, as opposed to your
shell starting the display (and the display inheriting the environment of your shell), LightDM starts your display and does not source
your shell. LightDM launches the display by running a wrapper script and that finally exec's your graphic environment. By default,
/etc/lightdm/Xsession is run.[1]

Environment variables

The script checks and sources /etc/profile, ~/.profile, /etc/xprofile and ~/.xprofile, in that order. If you are using a
shell that does not source any of these files, you can create an ~/.xprofile to do so.
...
```

[1] On FreeBSD that would be /usr/local/etc/lightdm/Xsession


----------



## bsduck (Jan 26, 2022)

covacat said:


> try lightdm_login_class="default" in rc.conf


Nice! I didn't know you could set login classes there, thank you.

Setting it to "default" gives me, as expected, the default limit, which is 64k.
Setting it to my custom class "audio" allows me unlimited locked memory.

This does not solve the problem of missing per-user limits control, but for a personal laptop, it's an acceptable compromise.
I don't think LightDM being allowed to lock all my memory is a major concern, especially with `lock-memory=false` in its configuration file.


----------



## covacat (Jan 26, 2022)

for per user limits you may have play with rctl


----------

