Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 9. Restricting the desktop session

You can restrict and control various functionalities on the GNOME desktop environment. You can enforce specific configurations and restrictions to maintain system integrity and prevent unauthorized access.

9.1. Disabling user logout and user switching
Link kopieren

Disabling user logout and user switching can improve security, prevent user errors, and enforce a specific workflow. This can mitigate unauthorized access to sensitive data and disruptions to the workflow caused by users accidentally logging out or switching to another user.

Prerequisites

  • Administrative access.

Procedure

  1. Create a plain text /etc/dconf/db/local.d/00-logout keyfile in the /etc/dconf/db/local.d/ directory with the following content: 

    [org/gnome/desktop/lockdown]
# Disable user logut
disable-log-out=true

# Disable user switching
disable-user-switching=true
    Copy to Clipboard Toggle word wrap

  2. Create a new file under the /etc/dconf/db/local.d/locks/ directory and list the keys or subpaths you want to lock down: 

    # Lock user logout
/org/gnome/desktop/lockdown/disable-log-out

# Lock user switching
/org/gnome/desktop/lockdown/disable-user-switching
    Copy to Clipboard Toggle word wrap

  3. Apply the changes to the system databases: 

    # dconf update
    Copy to Clipboard Toggle word wrap

9.2. Disabling printing
Link kopieren

Disabling printing can prevent unauthorized access to sensitive documents and potential breaches and safeguard confidential information.

Prerequisites

  • Administrative access.

Procedure

  1. Create a plain text /etc/dconf/db/local.d/00-printing keyfile in the /etc/dconf/db/local.d/ directory with the following content: 

    [org/gnome/desktop/lockdown]
# Disable printing
disable-printing=true
    Copy to Clipboard Toggle word wrap

  2. Create a new file under the /etc/dconf/db/local.d/locks/ directory and list the keys or subpaths you want to lock down: 

    # Lock printing
/org/gnome/desktop/lockdown/disable-printing
    Copy to Clipboard Toggle word wrap

  3. Apply the changes to the system databases: 

    # dconf update
    Copy to Clipboard Toggle word wrap

9.3. Disabling filesaving
Link kopieren

Disabling file saving can help to protect sensitive data from unauthorized access and protect against potential data leaks.

Prerequisites

  • Administrative access.

Procedure

  1. Create a plain text /etc/dconf/db/local.d/00-filesaving keyfile in the /etc/dconf/db/local.d/ directory with the following content: 

    [org/gnome/desktop/lockdown]
# Disable saving files on disk
disable-save-to-disk=true
    Copy to Clipboard Toggle word wrap

  2. Create a new file under the /etc/dconf/db/local.d/locks/ directory and list the keys or subpaths you want to lock down: 

    # Lock file saving
/org/gnome/desktop/lockdown/disable-save-to-disk
    Copy to Clipboard Toggle word wrap

  3. Apply the changes to the system databases: 

    # dconf update
    Copy to Clipboard Toggle word wrap

9.4. Disabling the command prompt
Link kopieren

Disabling the command prompt can simplify user interactions with the system, prevent inexperienced users from executing potentially harmful commands that might cause system instability or data loss, and reduce the risk of unauthorized changes to system settings or configurations.

Prerequisites

  • Administrative access.

Procedure

  1. Create a plain text /etc/dconf/db/local.d/00-lockdown keyfile in the /etc/dconf/db/local.d/ directory with the following content: 

    [org/gnome/desktop/lockdown]

# Disable command prompt
disable-command-line=true
    Copy to Clipboard Toggle word wrap

  2. Create a new file under the /etc/dconf/db/local.d/locks/ directory and list the keys or subpaths you want to lock down: 

    # Lock command prompt
/org/gnome/desktop/lockdown/disable-command-line
    Copy to Clipboard Toggle word wrap

  3. Apply the changes to the system databases: 

    # dconf update
    Copy to Clipboard Toggle word wrap
  4. For this settings to take effect, users needs to log out and log back in.

9.5. Disabling repartitioning
Link kopieren

You can override the default system settings that control disk management.

Important

Avoid modifying the /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy file directly. Any changes you make will be replaced during the next package update.

Prerequisites

  • Administrative access.

Procedure

  1. Copy the /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy file under the /etc/share/polkit-1/actions/ directory: 

    # cp /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy /etc/share/polkit-1/actions/org.freedesktop.udisks2.policy
    Copy to Clipboard Toggle word wrap

  2. In the /etc/polkit-1/actions/org.freedesktop.udisks2.policy file, delete any actions that you do not need and add the following lines: 

    <action id="org.freedesktop.udisks2.modify-device">
  <message>Authentication is required to modify the disks settings</message>
     <defaults>
        <allow_any>no</allow_any>
        <allow_inactive>no</allow_inactive>
        <allow_active>yes</allow_active>
      </defaults>
 </action>
    Copy to Clipboard Toggle word wrap

    If you want to restrict access only to the root user, replace <allow_any>no</allow_any> with <allow_any>auth_admin</allow_any>.

Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat