root@node11:~# vi /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf

Seat:\*

user-session=ubuntu
greeter-show-manual-login=true
all-guest=false

"/usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf" 4L, 76C written

root@node11:~# vi /etc/pam.d/gdm-autologin

#%PAM-1.0

auth requisite pam_nologin.so
#auth required pam_succeed_if.so user != root quiet_success

auth optional pam_gdm.so

auth optional pam_gnome_keyring.so

auth required pam_permit.so

@include common-account

SELinux needs to be the first session rule. This ensures that any

lingering context has been cleared. Without this it is possible

that a module could execute code in the wrong domain.

session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close

session required pam_loginuid.so

starts in the proper default security context. Only sessions which are

intended to run in the user's context should be run after this.

session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open

session optional pam_keyinit.so force revoke

session required pam_limits.so

session required pam_env.so readenv=1

session required pam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale

@include common-session

session optional pam_gnome_keyring.so auto_start

@include common-password

"/etc/pam.d/gdm-autologin" 23L, 1193C written

root@node11:~# vi /etc/pam.d/gdm-password

#%PAM-1.0

auth requisite pam_nologin.so
#auth required pam_succeed_if.so user != root quiet_success

@include common-auth

auth optional pam_gnome_keyring.so

@include common-account

SELinux needs to be the first session rule. This ensures that any

lingering context has been cleared. Without this it is possible

that a module could execute code in the wrong domain.

session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close

session required pam_loginuid.so

starts in the proper default security context. Only sessions which are

intended to run in the user's context should be run after this.

pam_selinux.so changes the SELinux context of the used TTY and configures

SELinux in order to transition to the user context with the next execve()

call.

session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open

session optional pam_keyinit.so force revoke

session required pam_limits.so

session required pam_env.so readenv=1

session required pam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale

@include common-session

session optional pam_gnome_keyring.so auto_start

@include common-password

"/etc/pam.d/gdm-password" 25L, 1321C written

root@node11:~# vi /root/.profile

if [ "$BASH" ]; then

if [ -f ~/.bashrc ]; then

. ~/.bashrc

#mesg n 2> /dev/null || true
tty -s && mesg n || true

. "$HOME/.cargo/env"

".profile" 12L, 209C written

root@node11:~#

参考：

https://comate.baidu.com/zh/page/ug2pso36mvo

ubuntu20.04桌面允许root用户登录

SELinux needs to be the first session rule. This ensures that any

lingering context has been cleared. Without this it is possible

that a module could execute code in the wrong domain.

SELinux needs to intervene at login time to ensure that the process

starts in the proper default security context. Only sessions which are

intended to run in the user's context should be run after this.

SELinux needs to be the first session rule. This ensures that any

lingering context has been cleared. Without this it is possible

that a module could execute code in the wrong domain.

SELinux needs to intervene at login time to ensure that the process

starts in the proper default security context. Only sessions which are

intended to run in the user's context should be run after this.

pam_selinux.so changes the SELinux context of the used TTY and configures

SELinux in order to transition to the user context with the next execve()

call.

~/.profile: executed by Bourne-compatible login shells.