The Struggle with Graphical Environments Is Real

A 5 star hangout for overworked and underpaid system admins.
Post Reply
fresh-pie
Posts: 2
Joined: 2019/11/22 23:49:51

The Struggle with Graphical Environments Is Real

Post by fresh-pie » 2020/08/28 16:03:41

Hey all,

This post is mostly a venting/ranting session for me..

My company has decided to make a switch to CentOS from a SUSE product, which I'm actually pretty excited about. Not only because I'm a fan of this distribution, but it is also giving me an opportunity to build what a cookie-cutter "server" would like in our enterprise from the ground up.. I'm getting a lot of experience with kickstart builds and tools like Foreman for automated discovery and provisioning.

Any who, I'm in the process of designing what our CentOS install will be exactly. For example, what software gets installed and so on.. I love keeping things lean and mean. Something about unnecessary software installed and even worse, running on my system, really grinds my gears. Unfortunately, a requirement for these servers is that they will sometimes need to be accessed by our help desk to launch a particular graphical application. This of course means X11 at the very least will need to be installed.

Ideally, I would install X11 and create a script that simply executes `xinit` against the target application. This way a help desk associate could theoretically SSH in, execute the script and then using a VNC session, remotely control the application. However, these folks are already spoiled in today's environment with a constant GDM session that kicks off Gnome, which means training will be required. Also, I'm not too on sure on how I could ensure folks are not leaving their X sessions open, which could possibly be a security concern. Though on second thought, it would probably die once their SSH session is terminated, but that may be a whole other problem as sometimes the application needs to remain open for awhile to complete jobs.

So trying to avoid GDM and Gnome like the plague, I've looked to SDDM or LightDM as a display manager. However, LightDM seems to maybe have some broken dependencies (I haven't dug too deep into this, may be user error), so I'm giving SDDM a shot. It is light and doesn't have a lot of dependencies, which is great.

Now for a Window Manager. I'm looking at Openbox which is available in EPEL. I love Openbox and use it at home. It is designed to do one thing very well, which is manage graphical windows. But that also means that there is no session locking mechanism, which is a basic requirement for security. I'm not sure of any individual locking applications available in the repositories, but may be worth looking into.

Finally, I'm now experimenting with SDDM and XFCE4. This seems to be a winning combination, as XFCE is pretty light and has almost just right the amount of "creature comfort" utilities, including a session locker.

And with all that, you know what, I'm sure that GDM and Gnome are really just fine and would probably not affect the system in any noticeable way.. I'm just a little crazy I think.

Any ways, rant over. If you read all of this, I'd love to hear your own similar stories. Do you think I'm a nut for doing all this? Or maybe you have some advice?

Thank you for reading :)

User avatar
jlehtone
Posts: 3044
Joined: 2007/12/11 08:17:33
Location: Finland

Re: The Struggle with Graphical Environments Is Real

Post by jlehtone » 2020/08/31 07:40:04

Generally, I follow the "I don't care / whatever" strategy. Having more than minimal installed is thus no offense.

There is "X2Go" (in EPEL), a free fork of "nomachine". It logs in with ssh and starts a desktop session. Client's exist for common platforms, so X11 server is not required on the client.

If the client does have X11 server & desktop, then they can simply ssh tunnel their X11 client applications that they run in the remote host.

A necessary evil that I face is OpenGL quad-buffered stereo. Before, GDM & GNOME 3's use of composite extension and stereo were mutually exclusive. Lightdm & MATE was a solution. Now stereo works with GNOME 3 on some applications, so lightdm & MATE is still the solution.


User sessions ... you do know loginctl kill-user & co?

Post Reply

Return to “CentOS Social”