Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

13.8. Locking Down User Logout and User Switching

Follow these steps to prevent the user from logging out.
  1. Create the /etc/dconf/profile/user profile which contains the following lines:
    user-db:user
    system-db:local
    local is the name of a dconf database.
  2. Create the directory /etc/dconf/db/local.d/ if it does not already exist.
  3. Create the key file /etc/dconf/db/local.d/00-logout to provide information for the local database:
    [org/gnome/desktop/lockdown]
    # Prevent the user from user switching
    disable-log-out=true
    
  4. Override the user's setting and prevent the user from changing it in /etc/dconf/db/local.d/locks/lockdown:
    # Lock this key to disable user logout
    /org/gnome/desktop/lockdown/disable-log-out
    
  5. Update the system databases:
    # dconf update
  6. Users must log out and back in again before the system-wide settings take effect.

Important

Users can evade the logout lockdown by switching to a different user, which can thwart system administrator's intentions. That is the reason why it is recommended to disable "user switching" as well to prevent this scenario from occurring.

Procedure 13.8. Prevent the User form Switching to a Different User Account

  1. Create the /etc/dconf/profile/user profile which contains the following lines:
    user-db:user
    system-db:local
    local is the name of a dconf database.
  2. Create the directory /etc/dconf/db/local.d/ if it does not already exist.
  3. Create the key file /etc/dconf/db/local.d/00-user-switching to provide information for the local database:
    [org/gnome/desktop/lockdown]
    # Prevent the user from user switching
    disable-user-switching=true
    
  4. Override the user's setting and prevent the user from changing it in /etc/dconf/db/local.d/locks/lockdown:
    # Lock this key to disable user switching
    /org/gnome/desktop/lockdown/disable-user-switching
    
  5. Update the system databases:
    # dconf update
  6. Users must log out and back in again before the system-wide settings take effect.