Suchen
SupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

13.4. Disabling Command-Line Access

download PDF
To disable command-line access for your desktop user, you need to make configuration changes in a number of different contexts. Bear in mind that the following steps do not remove the desktop user's permissions to access a command line, but rather remove the ways that the desktop user could access command line.
  • Set the org.gnome.desktop.lockdown.disable-command-line GSettings key, which prevents the user from accessing the terminal or specifying a command line to be executed (the Alt+F2 command prompt).
  • Disable switching to virtual terminals (VTs) with the Ctrl+Alt+function key shortcuts by modifying the X server configuration.
  • Remove Terminal and any other application that provides access to the terminal from the Applications menu and Activities Overview in GNOME Shell. This is done by removing menu items for those applications. For detailed information on how to remove a menu item, see Section 12.1.2, “Removing a Menu Item for All Users”.

13.4.1. Setting the org.gnome.desktop.lockdown.disable-command-line Key

  1. Create a local database for machine-wide settings in /etc/dconf/db/local.d/00-lockdown: 
    [org/gnome/desktop/lockdown]
# Disable command-line access
disable-command-line=true
  2. Override the user's setting and prevent the user from changing it in /etc/dconf/db/local.d/locks/lockdown: 
    # Lock the disabled command-line access
/org/gnome/desktop/lockdown
  3. Update the system databases: 
    # dconf update
  4. Users must log out and back in again before the system-wide settings take effect.

13.4.2. Disabling Virtual Terminal Switching

Users can normally use the Ctrl+Alt+function key shortcuts (for example Ctrl+Alt+F2) to switch from the GNOME Desktop and X server to a virtual terminal. You can disable access to all virtual terminals by adding a DontVTSwitch option to the Serverflags section in an X configuration file in the /etc/X11/xorg.conf.d/ directory.

Procedure 13.4. Disabling Access to Virtual Terminals

  1. Create or edit an X configuration file in the /etc/X11/xorg.conf.d/ directory:

    Note

    By convention, these host-specific configuration file names start with two digits and a hyphen and always have the .conf extension. Thus, the following file name can be /etc/X11/xorg.conf.d/10-xorg.conf. 
    Section "Serverflags"

Option "DontVTSwitch" "yes"

EndSection
  2. Restart the X server for your changes to take effect.
Red Hat logoGithubRedditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

© 2024 Red Hat, Inc.