Using the desktop environment in RHEL 8

Red Hat Enterprise Linux 8

Configuring and customizing the GNOME 3 desktop environment on RHEL 8

Red Hat Customer Content Services

Abstract

This document describes how to customize and use GNOME 3, which is the only desktop environment available in RHEL 8. The basics of using GNOME Shell and displaying the graphics are given, as well as the instructions for system administrators for configuring GNOME on a low level and customizing the desktop environment for multiple users. The documentation also describes how to handle selected system administration tasks using the desktop environment.

Providing feedback on Red Hat documentation

We appreciate your input on our documentation. Please let us know how we could make it better. To do so:

For simple comments on specific passages, make sure you are viewing the documentation in the Multi-page HTML format. Highlight the part of text that you want to comment on. Then, click the Add Feedback pop-up that appears below the highlighted text, and follow the displayed instructions.
For submitting more complex feedback, create a Bugzilla ticket:
1. Go to the Bugzilla website.
2. As the Component, use Documentation.
3. Fill in the Description field with your suggestion for improvement. Include a link to the relevant part(s) of documentation.
4. Click Submit Bug.

Chapter 1. Starting using GNOME

1.1. What GNOME 3 is

Red Hat Enterprise Linux 8 is shipped with the default desktop environment GNOME 3.

GNOME 3 represents a presentation layer that provides a graphical user interface as well as the focused working environment, which enables you to access all your work from one place.

1.2. GNOME environments

GNOME 3 provides two essential environments:

GNOME Standard
GNOME Classic

Both environments can use two different protocols to build a graphical user interface:

The X11 protocol, which uses X.Org as the display server.
The Wayland protocol, which uses GNOME Shell as the Wayland compositor and display server.
This solution of display server is further referred as GNOME Shell on Wayland.

Note

Note that the graphics based on the Wayland protocol are not available for virtual machines that use the qxl driver.

You can find the current list of environments for which Wayland-based graphics are unavailable in the /usr/lib/udev/rules.d/61-gdm.rules file.

The default combination in Red Hat Enterprise Linux 8 is GNOME Standard environment using GNOME Shell on Wayland as the display server.

However, due to Section 2.2, “Current Wayland limitations”, you may want to switch the graphics protocol stack.

You may also want to swich from GNOME Standard to GNOME Classic.

For more information about graphics based on the Wayland protocol, see Section 2.1, “Key differences between the Wayland and X11 protocol”.

For information on how to switch the environments, see Selecting GNOME environment.

1.2.1. GNOME Standard

GNOME Standard user interface includes these major components:

Top bar
The horizontal bar at the top of the screen provides access to some of the basic functions of GNOME Standard, such as the Activities Overview, clock and calendar, system status icons, and the system menu.
System menu
The system menu is located in the top right corner, and enables you:
- Updating settings
- Controlling the sound bar
- Finding information about your Wi-Fi connection
- Switching user
- Logging out
- Turning off the computer
Activities Overview
The Activities Overview features windows and applications views that let the user run applications and windows and switch between them.
The search entry at the top allows for searching various items available on the desktop, including applications, documents, files, and configuration tools.
The vertical bar on the left side contains a list of favorite and running applications. You can add or remove applications from the default list of favorites according to your needs.
The workspace list displayed on the right side allows the user to switch between multiple workspaces, or move applications and windows from one workspace to another.
Message tray
The message tray provides access to pending notifications. The message tray shows when the user presses Super+M.

The GNOME 3 Standard Desktop

gnome standard new

1.2.2. GNOME Classic

GNOME Classic represents a mode for users who prefer a more traditional desktop experience that is similar to GNOME 2 environment used with Red Hat Enterprise Linux 6. It is based on GNOME 3 technologies, and at the same time it includes multiple features similar to GNOME 2.

GNOME Classic user interface consists of these major components:

Applications and Places
The Applications menu is displayed at the top left of the screen. It gives the user access to applications organized into categories. The user can also open the Activities Overview from that menu.
The Places menu is displayed next to the Applications menu on the top bar. It gives the user quick access to important folders, for example Downloads or Pictures.
Taskbar
The taskbar is displayed at the bottom of the screen, and features:
- A window list
- A notification icon displayed next to the window list
- A short identifier for the current workspace and total number of available workspaces displayed next to the notification icon
Four available workspaces
In GNOME Classic, the number of workspaces available to the user is by default set to 4.
Minimize and maximize buttons
Window titlebars in GNOME Classic feature the minimize and maximize buttons that let the user quickly minimize the windows to the window list, or maximize them to take up all of the space on the desktop.
A traditional Super+Tab window switcher
In GNOME Classic, windows in the Super+Tab window switcher are not grouped by application.
System menu
The system menu is located in the top right corner, and enables you:
- Updating settings
- Controlling the sound bar
- Finding information about your Wi-Fi connection
- Switching user
- Logging out
- Turning off the computer

The GNOME 3 Classic Desktop with the Rhythmbox application and the Favorites submenu of the Applications menu

gnome classic new

1.3. Selecting GNOME environment and display protocol

The default desktop environment for Red Hat Enterprise Linux 8 is GNOME Standard with GNOME Shell on Wayland as the display server.

However, due to Section 2.2, “Current Wayland limitations”, you may want to switch the graphics protocol stack.

You may also want to swich from GNOME Standard to GNOME Classic. See Section 1.2, “GNOME environments” for differences between these two environments.

For switching between various combinations of GNOME environment and graphics protocol stacks, use the following procedure.

Procedure

From the login screen (GDM), click the cogwheel next to the Sign In button.
Note
You cannot access this option from the lock screen. The login screen appears when you first start Red Hat Enterprise Linux 8 or when you log out of your current session.
From the drop-down menu that appears, select the option that you prefer.
Note
Note that in the menu that appears on the login screen, the X.Org display server is marked as X11 display server.

Important

The change of GNOME environment and graphics protocol stack resulting from the above procedure is persistent across user logouts, and also when powering off or rebooting the computer.

1.4. Launching applications

This section describes various approaches that you can use to launch available applications in GNOME 3.

Procedure

Press Alt+F2 to make the Enter a Command screen appear.
Write the name of the executable into the Enter a Command screen:

This approach works both in GNOME Standard and GNOME Classic environment.

Procedure

In GNOME Standard, go to Activities Overview and click on the Show Applications icon in the vertical bar on the left side.
Note that you can choose between displaying all or just the frequent applications by using the Frequent/All switch at the bottom of the screen.
Alternatively, you can also start typing the name of the required application in the search entry.

Procedure

In GNOME Classic, go to Applications menu.
Choose the required application from one of the available categories.
The available categories include:
- Favorites
- Accessories
- Internet
- Office
- Sound & Video
- Sundry
- System Tools
- Utilities

Procedure

Open a terminal.
Type the name of the required application on the command line.

This approach works both in GNOME Standard and GNOME Classic environment.

1.5. Installing applications

This section describes various approaches that you can use to install a new application in GNOME 3.

Procedure

Use one of the approaches described in Launching applications to launch GNOME Software.
Note
GNOME Software is a utility, which enables you to install and update applications and gnome-shell extensions through a graphical environment. This utility is based on the PackageKit technology, which serves as its back end. GNOME Software offers mainly the desktop applications, which are the applications that include the *.desktop file. The available applications are grouped into multiple categories according to their purpose.
Choose the application to be installed from one of the available categories.
- Audio & Video
- Communication & News
- Productivity
- Graphics & Photography
- Add-ons
- Developer Tools
- Utilities
Click the selected application, and then click the Install button.

Note
Add-ons include for example GNOME Shell extensions, codecs or fonts.

Procedure

Start opening a file that is associated with an application or applications that are currently not installed on your system.
GNOME will automatically identify suitable application in which the file can be opened, and will offer to download the application.

Procedure

Download the required rpm package.
Open the directory that includes the downloaded rpm in the Nautilus file manager.
Note
The downloads are by default stored in the /home/user/Downloads directory.
Double-click the icon of the rpm to install it.

Procedure

Start typing the name of the required application in the search entry.

GNOME will automatically find the application in a respective repository, and will display the application’s icon.

Click the application’s icon that automatically appears to open GNOME Software.
Click again the icon of the application and finish the installation in GNOME Software as described above.

Procedure

Open a terminal.
Run the yum install command with the name of the required application:
```
~]# yum install <application_name>
```

1.6. Desktop icons

In RHEL 8, the Desktop icons functionality is no longer provided by the Nautilus file manager, but by the desktop icons gnome-shell extension available in the gnome-shell-extension-desktop-icons package.

Desktop icons in GNOME Classic

The GNOME Classic environment includes the gnome-shell-extension-desktop-icons package by default. Desktop icons are always on, and cannot be turned off. If you want to create a desktop icon for a file, you just need to put this file into the /Desktop directory, and the icon appears automatically.

Desktop icons in GNOME Standard

If you have only the GNOME Standard environment available, and not GNOME Classic, you must install gnome-shell-extension-desktop-icons.

After the package has been installed, you can switch the desktop icons on or off by using the Tweaks application:

Go to Tweaks, and select Extensions - Desktop icons, and switch it on.
Put the required file into the /Desktop directory, and the icon appears automatically on your desktop.

1.7. Handling sound

In Red Hat Enterprise Linux 8, sound is handled by the PulseAudio sound server that lets programs output the audio using the Pulseaudio daemon.

For more information on PulseAudio, see the pulseaudio man page.

To handle sound, you can use one of these two graphical applications in GNOME:

System menu
Tweaks tool
GNOME Control Center

System menu is located in the top right corner, and it only enables you to set the intensity of the sound output or sound input through the sound bar. The sound bar for input sound is available only if you are running an application that is supposed to use an iternal microphone (built-in audio), such as some teleconference tools.

Tweaks tool only enables you to configure the Over-Amplification.

tweaks sound

GNOME Control Center provides more options to configure sound. You can launch this tool by using one of the approaches described in Launching applications. Moreover, you can also launch it from the System menu by clicking on its icon.

When GNOME Control Center opens, choose Sound from the left vertical bar.

gcc sound

Through GNOME Control Center - Sound, you can configure the following:

Output sound
Input sound
Sound effects
Applications

The Output and Input menus show only the built-in audio devices unless you connect any external device that can handle sound.

The Output menu enables you to select the required profile from available analog or digital profiles that are displayed depending on available output devices.

The Applications menu shows all currently running applications that can process sound, and allows you to amplify or lower the sound of a particular application.

1.8. Handling graphics and photos

GNOME Shell provides multiple tools to handle graphics and photography.

You can check the available tools under the Graphics & Photography menu in GNOME Software:

Open the GNOME software.
Go to Graphics & Photography.

The available tools include:

Photos
For accessing, organizisng and sharing your photos.
GNU Image Manipulation Program
For creating images and editing photographs.
Inkspace
For creating and editing scalable vector graphics images.
XSane
For scanning images with a scanner.
LibreOffice Draw
For create and editing drawings, flow charts, and logos.

1.9. Handling printing

In GNOME Shell, printing can be set up using the GNOME Control center GUI.

1.9.1. Starting GNOME control center for setting up printing

Procedure

Use one of the approaches described in Section 1.4, “Launching applications” to start the GNOME Control center GUI.
Moreover, you can also start the GNOME Control center from the system menu in the top right corner by clicking on the "Settings" icon.
When the GNOME Control center GUI appears, go to:

Devices → Printers

Figure 1.1. GNOME Control center configuration tool

1.9.2. Adding a new printer in GNOME Control center

This section describes how to add a new printer using the GNOME Control center GUI.

Prerequisites

To be able to add a new printer using the GNOME Control center GUI, you must click on Unlock, which appears on the right side of the top bar, and authenticate as one of the following users:

Superuser
Any user with the administrative access provided by sudo (users listed within /etc/sudoers)
Any user belonging to the printadmin group in /etc/group

Procedure

Open the Add Printer dialog.
Select one of the available printers (including also network printers), or enter printer IP address or the hostname of a printer server.

1.9.3. Configuring a printer in GNOME Control center

This section describes how to configure a new printer, and how to maintain a configuration of a printer using the GNOME Control center GUI.

Displaying printer’s settings menu

Procedure

Click the "settings" button on the right to display a settings menu for the selected printer:

Displaying and modifying printer’s details

Procedure

Click Printer Details to display and modify selected printer’s settings:

With this menu you can:

Search for Drivers
GNOME Control Center communicates with PackageKit that searches for a suitable driver suitable in available repositories.
Select from Database
This option enables you to select a suitable driver from databases that have already been installed on the system.
Install PPD File
This option enables you to select from a list of available postscript printer description (PPD) files that can be used as a driver for your printer.

gnome control center printer details more

Setting the default printer

Procedure

Click Use Printer by Default to set the selected printer as the default printer:

Removing a printer

Procedure

Click Remove Printer to remove the selected printer:

1.9.4. Printing a test page in GNOME Control Center

This section describes how to print a test page to make sure that the printer functions properly.

You might want to print a test page if one of the below prerequisites is met.

Prerequisites

A printer has been set up.
A printer configuration has been changed.

Procedure

Click the "settings" button on the right to display a settings menu for the selected printer:
Click Printing Options → Test Page

1.9.5. Setting print options using GNOME Control center

This section describes how to set print options using the GNOME Control center GUI.

Procedure

Click the "settings" button on the right to display a settings menu for the selected printer:
Click Printing Options

1.10. Sharing media between applications

Red Hat Enterprise Linux 8 includes the PipeWire media server, which ensures access to multimedia devices and media sharing between applications.

When running a remote desktop session on GNOME Shell on Wayland, PipeWire and the VNC server is used. The functionality of remote desktop session is provided by the gnome-remote-desktop and pipewire packages.

On X.Org, just VNC is needed to run a remote desktop session. This functionality on X.Org is provided by the vino package.

PipeWire is used also with teleconference tools such as BlueJeans when running on GNOME Shell on Wayland. In such case, the pipewire service is activated automatically when you start sharing your screen within the teleconference tool.

To check the status of the pipewire service, run:

~]$ systemctl --user status pipewire

1.11. Customizing GNOME Shell environment with the Tweaks tool

You can customize the GNOME Shell environment for a particular user by using the Tweaks tool.

To open Tweaks, use one of the approaches described in Section 1.4, “Launching applications”.

To choose the required item that you want to customize, use the vertical menu on the left. For example you can choose the applications to start automatically when you log in by using the Statup Applications menu, or you can customize your top bar appearance by using the Top Bar menu.

The Tweaks tool

tweaks tool

Customizing startup applications in Tweaks

startup applications

Customizing the appearance of your top bar in Tweaks

tweaks top bar

Chapter 2. Displaying graphics

In Red Hat Enterprise Linux 8, you can choose between two protocols to build a graphical user interface:

X11
Wayland

The X11 protocol uses X.Org as the display server. Displaying graphics based on this protocol works the same way as in Red Hat Enterprise Linux 7, where this was the only option.

The Wayland protocol on Red Hat Enterprise Linux 8 uses GNOME Shell as its compositor and display server, which is further referred as GNOME Shell on Wayland. Displaying graphics based on the Wayland protocol has some differences and limitation compared to X11. For more information, see Key differences between the Wayland and X11 protocol and Current Wayland limitations.

New installations of Red Hat Enterprise Linux 8 automatically select GNOME Shell on Wayland. However, you can switch to X.Org, or select the required combination of GNOME environment and display server as described in Section 1.3, “Selecting GNOME environment and display protocol”.

Note that there are also a few environments where X.Org is preferred over GNOME Shell on Wayland, such as:

Cirrus graphics used in a VM environment
Matrox graphics
Aspeed graphics
QXL graphics used in a VM environment
Nvidia graphics when used with the proprietary driver

Important

The Nvidia graphics by default use Nouveau, which is an open source driver. Nouveau is supported on Wayland, hence you can use Nvidia graphics with Nouveau on GNOME Shell on Wayland without any limitations. However, using Nvidia graphics with proprietary Nvidia binary drivers is not supported on GNOME Shell on Wayland. In this case, you need to switch to X.Org as described in Section 1.3, “Selecting GNOME environment and display protocol”.

Note

You can find the current list of environments for which Wayland is not available in the /usr/lib/udev/rules.d/61-gdm.rules file.

For additional information on the Wayland project, see Wayland documentation.

2.1. Key differences between the Wayland and X11 protocol

2.1.1. X11 Applications

Client applications need to be ported to the Wayland protocol or use a graphical toolkit that has a Wayland backend, such as GTK, to be able to work natively with the compositor and display server based on Wayland.

Legacy X11 applications that cannot be ported to Wayland automatically use Xwayland as a proxy between the X11 legacy clients and the Wayland compositor. Xwayland functions both as an X11 server and a Wayland client. The role of Xwayland is to translate the X11 protocol into the Wayland protocol and reversely, so that X11 legacy applications can work with the display server based on Wayland.

On GNOME Shell on Wayland, Xwayland is started automatically at startup, which ensures that most X11 legacy applications work as expected when using GNOME Shell on Wayland. However, the X11 and Wayland protocols are different, and hence some clients relying on X11-specific features may behave differently under Xwayland. For such specific clients, you can switch to the X.Org display server as described in Section 1.3, “Selecting GNOME environment and display protocol”.

2.1.2. libinput

Red Hat Enterprise Linux 8 uses a new unified input stack, libinput, which manages all common device types, such as mice, touchpads, touchscreens, tablets, trackballs and pointing sticks. This unified stack is used both by the X.Org and by the GNOME Shell on Wayland compositor.

GNOME Shell on Wayland uses libinput directly for all devices, and no switchable driver support is available. Under X.Org, libinput is implemented as the X.Org libinput driver, and driver support is outlined below.

2.1.2.1. Mice, touchscreens, trackballs, pointing sticks

Red Hat Enterprise Linux 8 uses the X.Org libinput driver for these devices. The X.Org evdev driver, which was used in Red Hat Enterprise Linux 7, is available as fallback where required.

2.1.2.2. Touchpads

Red Hat Enterprise Linux 8 uses the X.Org libinput driver for touchpads. The X.Org synaptics driver, which was used for touchpads in Red Hat Enterprise Linux 7, is no longer available.

2.1.2.3. Graphics tablets

Red Hat Enterprise Linux 8 continues using the X.Org wacom driver, which was used for tablet devices in Red Hat Enterprise Linux 7. However, the X.Org libinput driver is available where required.

2.1.2.4. Other input devices

Red Hat Enterprise Linux 7 used the X.Org evdev driver for other input devices that are not included not in the above categories. Red Hat Enterprise Linux 8 uses the X.Org libinput driver by default but can fall back to the X.Org evdev driver if a device is incompatible with libinput.

2.1.3. Gestures

GNOME Shell on Wayland supports new touchpad and touchscreen gestures. These gestures include:

Switching workspaces by dragging up or down with four fingers.
Opening the Activities Overview by bringing three fingers closer together.

2.2. Current Wayland limitations

2.2.1. Nvidia drivers

Proprietary Nvidia binary drivers are not supported with GNOME Shell on Wayland. To avoid any complications while using the Nvidia GPU, GNOME Shell automatically falls back to X.Org, which means that the login screen does not provide any option based on the Wayland protocol.

Note

The Nouveau driver is still supported and is the default driver for Nvidia graphics.

2.2.2. Remote desktop

With GNOME Shell on Wayland, VNC support is provided by the gnome-remote-desktop package. Remote access using VNC via gnome-remote-desktop currently requires an already logged in session, and only the primary monitor is accessible. Screen sharing with GNOME Shell on Wayland is possible using the PipeWire media server. For more details on the PipeWire media server, see PipeWire project.

For more advanced VNC usage, you need to switch to X.org, where traditional VNC tools are available.

2.2.3. X Display Manager

The X Display Manager Control Protocol (XDMCP) is not supported with GNOME Shell on Wayland.

Hence, it is not possible to use the X display manager to start a session on the X.Org display server from the same or another computer.

2.2.4. Additional Limitations

The following additional limitations related to the Wayland protocol should be noted:

X.Org screen manipulation utilities are not available.
The xrandr utility is not supported because Wayland handles layout, rotations, and resolutions differently.
The GNOME Shell cannot be restarted using the ALT+F2/r method.
Due to stability issues, using X11 instead of Wayland is recommended in virtual environments.
Wayland does not support the custom or niche devices that cannot be handled by the libinput driver.

Chapter 3. Configuring GNOME at low level

3.1. Introduction to configuring GNOME

To be able to configure the GNOME Desktop Environment, you need to understand these basic terms:

dconf
GSettings
gsettings

dconf has two different meanings.

Firstly, dconf is a key-based Binary Large Object (BLOB) database for storing GNOME configurations. dconf manages user settings such as GDM, application, and proxy settings, and serves as the back end for GSettings.

Secondly, dconf is a command-line utility which is used for reading and writing individual values or entire directories from and to a dconf database.

GSettings is a high-level API for application settings which serves as the front end for dconf.

gsettings is a command-line tool which is used to view and change user settings.

3.2. Managing user and system GNOME settings

dconf allows system administrators and users several levels of control over GNOME configuration:

Administrators can define default settings that apply to all users.
Users can override the defaults with their own settings.
Administrators can also lock settings to prevent users from overriding them.

3.3. Displaying GSettings values for desktop applications

3.3.1. Using dconf-editor and gsettings utility

Viewing and editing of the GSettings values can be achieved with one of the following tools:

dconf-editor GUI tool
gsettings command-line utility

Note

The dconf-editor is not installed on the system by default. To install it, run the following command as the root user:

~]# yum install dconf-editor

The dconf-editor and gsettings utility has the following in common:

allow browsing and changing options for system and application preferences
allow to change preferences
can be run by regular users, because both tools are intended to browse and modify the current user’s GSettings database

The dconf-editor provides a GUI for browsing the settings and their editing. It presents the hierarchy of settings in a tree-view and also displays additional information about each setting, including the description, type and default value.

The gsettings utility can be used to display and set dconf values. gsettings utility supports Bash completion for commands and settings. This tools also allows you to automate configuration in shell scripts. ⁠

Figure 3.1. dconf-editor showing org.gnome.destop.background GSettings keys

3.3.2. Additional information

For more information on the dconf-editor tool, see the dconf-editor(1) man page and the dconf-editor Project documentation.
For more information on the gsettings utility, see the gsettings(1) man page.

3.4. Using dconf profiles

3.4.1. Introduction to dconf profiles

A dconf profile is a list of system’s hardware and software configuration databases, which the dconf system collects.

The dconf profiles allow you to compare identical systems to troubleshoot hardware or software problems.

The dconf system stores its profiles in the text files which can be located either within the /etc/dconf/profile/ directory or elsewhere. The $DCONF_PROFILE environment variable can specify a relative path to the file from /etc/dconf/profile/, or an absolute path, such as in a user’s home directory.

Note that key pairs which are set in a dconf profile override the default settings.

3.4.2. Selecting a dconf profile

On startup, dconf consults the $DCONF_PROFILE environment to find the name of the dconf profile to open. The result depends on whether the variable is set or not:

If set, dconf attempts to open the profile named in the variable and aborts if this step fails.
If not set, dconf attempts to open the profile named user and uses an internal hard-wired configuration if this step fails.

Each line in a dconf profile specifies one dconf database.

The first line indicates the database used to write changes. The remaining lines show read-only databases.

The following is a sample profile stored in /etc/dconf/profile/user:

user-db:user
system-db:local
system-db:site

In this example, the dconf profile specifies three databases. user is the name of the user database which can be found in ~/.config/dconf, and local and site are system databases, located in /etc/dconf/db/.

Note

To apply a new dconf user profile to the user’s session, you need to log out and log in, because the dconf profile for a session is determined at login.

Warning

As a user or application developer, do not manipulate dconf directly. To manipulate dconf, always use the dconf-editor or the gsettings utility. The only exception to use dconf directly is when setting system-wide default configurations, because the aforementioned tools do not allow to manipulate such configurations.

3.5. Configuring custom default values

Machine-wide default settings can be set by providing a default for a key in a dconf profile. These defaults can be overridden by the user.

Setting a default for a key has two prerequisites:

the user profile exists
the value for the key was added to a dconf database

For example, to set the default background:

Create the user profile in /etc/dconf/profile/user:
```
user-db:user
system-db:local
```
where local is the name of a dconf database.

Create a keyfile for the local database in /etc/dconf/db/local.d/01-background, which contains the following default settings:

~]# dconf path

[org/gnome/desktop/background]

# GSettings key names and their corresponding values
picture-uri='file:///usr/local/share/backgrounds/wallpaper.jpg'
picture-options='scaled'
primary-color='000000'
secondary-color='FFFFFF'

In the default setting of the keyfile, the following GSettings keys are used:

Table 3.1. org.gnome.desktop.background schemas GSettings Keys

Key Name	Possible Values	Description
picture-options	"none", "wallpaper", "centered", "scaled", "stretched", "zoom", "spanned"	Determines how the image set by wallpaper_filename is rendered.
picture-uri	filename with the path	URI to use for the background image. Note that the backend only supports local `file://` URIs.
primary-color	default: 000000	Left or Top color when drawing gradients, or the solid color.
secondary-color	default: FFFFFF	Right or Bottom color when drawing gradients, not used for solid color.

Edit the keyfile according to your preferences.
For more information, see Section 3.3, “Displaying GSettings values for desktop applications”.
Update the system databases:
```
~]# dconf update
```

When the user profile is created or changed, the user needs to log out and log in again before the changes will be applied.

If you want to avoid creating a user profile, you can use the dconf command-line utility to read and write individual values or entire directories from and to a dconf database. For more information, see the dconf(1) man page.

3.5.1. Locking down specific settings

By using the lockdown mode in dconf, you can prevent users from changing specific settings.

To lock down a GSettings key:

Create a locks subdirectory in the keyfile directory such as /etc/dconf/db/local.d/locks/.
Add any number of files with keys that you want to lock into this directory.

Without enforcing the system settings using a lockdown, any settings that users make take precedence over the system settings. User can thus override the system settings with their own.

For example, to lock settings for the default wallpaper:

Set a default wallpaper.
Create a new /etc/dconf/db/local.d/locks/ directory.

Create a new file in /etc/dconf/db/local.d/locks/00-default-wallpaper with the following contents, listing one key per line:

# Prevent users from changing values for the following keys:
/org/gnome/desktop/background/picture-uri
/org/gnome/desktop/background/picture-options
/org/gnome/desktop/background/primary-color
/org/gnome/desktop/background/secondary-color

Update the system databases:
```
~]# dconf update
```

3.6. Storing user settings over NFS

For dconf to work correctly when using Network File System (NFS) home directories, the dconf keyfile back end must be used.

Note that dconf keyfile back end only works properly if the glib2-fam package is installed. Without this package, notifications on configuration changes made on remote machines are not displayed properly.

With Red Hat Enterprise Linux 8, glib2-fam is available in the BaseOs repository.

To set the dconf keyfile back end:

Ensure that the glib2-fam package is installed on the system.
To verify whether the package is installed on the system:
```
~]#  yum list installed
```
If glib2-fam is not in the list of installed packages, install it by running:
```
~]# yum install glib2-fam
```
Create or edit the /etc/dconf/profile/user file on every client.
At the very beginning of /etc/dconf/profile/user file, add the following line:
```
service-db:keyfile/user
```

The dconf keyfile back end takes effect the next time that the user logs in. It polls the keyfile to determine whether updates have been made, so settings may not be updated immediately.

3.7. Setting GSettings keys properties

This section describes how to set GSettings keys properties for a single-logged user.

Each GSettings key can have only one value in a dconf database. Setting the same key to a different value at a different place of the dconf database overrides the previous value.

Values of some keys are of array type. For array type, you can specify the value of the key as a list of multiple elements separated by a comma.

To set a GSettings key of array type, follow this syntax:

key=['option1', 'option2']

The following example shows setting of the org.gnome.desktop.input-sources.xkb-options GSettings key whose value is of array type: ⁠

Example settings of the org.gnome.desktop.input-sources.xkb-options GSettings Key

[org/gnome/desktop/input-sources]
# Enable Ctrl-Alt-Backspace for all users
# Set the Right Alt key as the Compose key and enable it
xkb-options=['terminate:ctrl_alt_bksp', 'compose:ralt']

3.8. Working with GSettings keys on command line

This section focuses on using of the gsettings command to configure, manipulate and manage the GSettings keys. The most frequent use cases that can be resolved by using the gsettings command are shown.

3.8.1. Setting key value

To set a value of a key:

gsettings set SCHEMA [:PATH] KEY

Note that the value is specified as a serialised GVariant.

Example 3.1. Adding selected applications into the favorite applications key

To add selected applications among your favorite applications:

$ gsettings set org.gnome.shell favorite-apps "['firefox.desktop', 'evolution.desktop', 'rhythmbox.desktop', 'shotwell.desktop', 'org.gnome.Nautilus.desktop', 'org.gnome.Software.desktop', 'yelp.desktop', 'org.gnome.Terminal.desktop', 'org.gnome.clocks.desktop']"

If the operation succeeds, no return code is shown. As a result, all listed applications are added to favorite applications. The change is valid immediately.

3.8.2. Monitoring key changes

To monitor a key for changes and print values that changed:

gsettings monitor SCHEMA [:PATH] [KEY]

Note that if the KEY argument is not specified, all keys in the schema are monitored. Monitoring continues until the process is terminated.

Example 3.2. Monitoring changes of the favorite applications key

To monitor the changes of the favorite applications key, open two terminals and run:

In the first terminal:

$ gsettings monitor org.gnome.shell favorite-apps

In the second terminal:

$ gsettings set org.gnome.shell favorite-apps "['firefox.desktop', 'evolution.desktop', 'rhythmbox.desktop', 'shotwell.desktop', 'org.gnome.Nautilus.desktop', 'org.gnome.Software.desktop', 'yelp.desktop', 'org.gnome.Terminal.desktop']"

As a result, a notification whether and how favorite applications changed is displayed in the first terminal:

favorite-apps: ['firefox.desktop', 'evolution.desktop', 'rhythmbox.desktop', 'shotwell.desktop', 'org.gnome.Nautilus.desktop', 'org.gnome.Software.desktop', 'yelp.desktop', 'org.gnome.Terminal.desktop']

3.8.3. Checking whether key is writable

To check whether a key is writable:

gsettings writable SCHEMA [:PATH] KEY

Example 3.3. Checking whether the favorite applications key is writable

To check whether the favorite applications key is writable:

$ gsettings writable org.gnome.shell favorite-apps

As a result, the return code shows True.

3.8.4. Checking key valid values

To check the range of valid values for a key:

gsettings range SCHEMA [:PATH] KEY

Example 3.4. Checking the range of valid values for the remember-mount-password key

To check valid values for the remember-mount-password key:

$ gsettings range org.gnome.shell remember-mount-password

As a result, the return code displays type of the key value, which is type b in this particular case. For more information, see GNOME developer.

3.8.5. Checking description of valid key values

To check the description of valid values for a key:

gsettings describe SCHEMA [:PATH] KEY

Example 3.5. Checking the description of valid values for the picture-uri key

To check the description of valid values for the picture-uri key:

$ gsettings describe org.gnome.desktop.screensaver picture-uri

As a result, the following output is displayed:

URI to use for the background image. Note that the backend only supports local file:// URIs.

3.8.6. Querying key value

To get the value of a key:

gsettings get SCHEMA [:PATH] KEY VALUE

Note that the value is displayed as a serialised GVariant.

Example 3.6. Querying value of the remember-mount-password key

To get value of the remember-mount-password key:

$ gsettings get org.gnome.shell remember-mount-password

As a result, the return code displays false.

3.8.7. Resetting key value

To reset the value of a key:

gsettings reset SCHEMA [:PATH] KEY

If resetting succeeds, no return code is displayed. Default values are in stored dconf and gsettings-desktop-schemas files.

Example 3.7. Resetting the lock-delay key to its default value

The default value of the lock-delay key is 0, and it is stored in the /usr/share/glib-2.0/schemas/org.gnome.desktop.screensaver.gschema.xml file.

Users can set the value of lock-delay as needed.

For example, to set the lock-delay key for screensaver to 200:

$ gsettings set org.gnome.desktop.screensaver lock-delay 200

To reset the lock-delay key for screensaver to its default value:

$ gsettings reset org.gnome.desktop.screensaver lock-delay

As a result, the value of lock-delay value is set to 0.

3.8.8. Resetting schema

To reset a schema:

gsettings reset-recursively SCHEMA [:PATH]

Example 3.8. Resetting the org.gnome.desktop.screensaver schema to its defaults

To reset the org.gnome.desktop.screensaver schema to its defaults:

$ gsettings reset-recursively org.gnome.desktop.screensaver

As a result, the lock-delay value is reset to 0, and other keys within the org.gnome.desktop.screensaver schema that were changed by user are reset to their defaults as well.

3.8.9. Listing installed non-relocatable schemas

To list installed schemas that are non-relocatable:

gsettings list-schemas [--print-paths]

If the [--print-paths] argument is specified , the path where each schema is mapped is printed as well.

Example 3.9. Listing installed non-relocatable schemas

To list all schemas installed on your system that are non-relocatable:

$ gsettings list-schemas

As a result, a full list of schemas is returned. The following list is truncated.

org.gnome.rhythmbox.library
org.gnome.shell.overrides
org.gnome.system.proxy.https
org.gnome.clocks
org.gnome.eog.fullscreen
org.gnome.login-screen
org.gnome.eog.view

3.8.10. Listing schema keys

To list the keys that are in the selected schema:

gsettings list-keys SCHEMA [:PATH]

Example 3.10. Listing keys in the org.gnome.shell schema

To list keys in the org.gnome.shell schema:

$ gsettings list-keys org.gnome.shell

As a result, a list of keys is returned. The following list is truncated.

enabled-extensions
command-history
remember-mount-password
always-show-log-out
had-bluetooth-devices-setup
looking-glass-history
disable-user-extensions
app-picker-view
disable-extension-version-validation
development-tools
favorite-apps

3.8.11. Listing schema children

To list children of a selected schema:

gsettings list-children SCHEMA [:PATH]

Note that the list is empty if there are no children.

Example 3.11. Listing children of the org.gnome.shell schema

To list children of the org.gnome.shell schema:

$ gsettings list-children org.gnome.shell

As a result, the following output is returned:

keyboard org.gnome.shell.keyboard
keybindings org.gnome.shell.keybindings

3.8.12. Listing schema’s keys and values

To list keys and values of a selected schema recursively:

gsettings list-recursively [SCHEMA [:PATH]]

Note that if the schema whose keys you want to list is not specified, all keys within all schemas are listed.

Example 3.12. Listing keys and values recursively

To list keys and values in all schemas recursively:

$ gsettings list-recursively

As a result, all key and values in all schemas on system are listed, as shown below. Note that the following list is truncated.

org.gnome.nautilus.desktop network-icon-visible false
org.gnome.nautilus.desktop font ''
org.gnome.nautilus.desktop network-icon-name 'Network Servers'
org.gnome.nautilus.desktop home-icon-name 'Home'
org.gnome.nautilus.desktop volumes-visible true
org.gnome.Vinagre always-enable-listening false
org.gnome.Vinagre always-show-tabs false
org.gnome.Vinagre show-accels false
org.gnome.Vinagre history-size 15
org.gnome.Vinagre shared-flag true

3.9. Acknowledgements

Certain portions of this text first appeared in the GNOME Desktop System Administration Guide. Copyright © 2014 The GNOME Project, Michael Hill, Jim Campbell, Jeremy Bicha, Ekaterina Gerasimova, minnie_eg, Aruna Sankaranarayanan, Sindhu S, Shobha Tyagi, Shaun McCance, David King, and others. Licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

The editors of this Red Hat Enterprise Linux 8 documentation would like to thank the GNOME community members for their valuable contributions to the GNOME Desktop System Administration Guide.

Chapter 4. Customizing desktop appearance

This section explains how system administrators can customize appearance of the desktop environment for different users of the system.

4.1. Customizing desktop backgrounds

As a system administrator, you can configure the default desktop background, add extra backgrounds, or add multiple backgrounds using the dconf utility.

If the users of the system are not permitted to change background from the defaults, system administrator needs to lock the settings using the locks directory. Otherwise, each user can customize the background according to their preferences.

4.1.1. Customizing the default desktop background

You can configure the default desktop background and its appearance by setting the relevant GSettings keys in the org.gnome.desktop.background schema.

For more information about GSettings, see Section 3.1, “Introduction to configuring GNOME”.

Use the following procedure to set the default background:

Procedure

Create a local database for machine-wide settings in /etc/dconf/db/local.d/00-background:

# Specify the dconf path
[org/gnome/desktop/background]

# Specify the path to the desktop background image file
picture-uri='file:///usr/local/share/backgrounds/wallpaper.jpg'
# Specify one of the rendering options for the background image:
# 'none', 'wallpaper', 'centered', 'scaled', 'stretched', 'zoom', 'spanned'
picture-options='scaled'
# Specify the left or top color when drawing gradients or the solid color
primary-color='000000'
# Specify the right or bottom color when drawing gradients
secondary-color='FFFFFF'

Optionally, if you want an user to not be able to change the default background, override the user’s setting in the /etc/dconf/db/local.d/locks/background file:

# List the keys used to configure the desktop background
/org/gnome/desktop/background/picture-uri
/org/gnome/desktop/background/picture-options
/org/gnome/desktop/background/primary-color
/org/gnome/desktop/background/secondary-color

Update the system databases:
```
# dconf update
```
Users must log out and back in again before the system-wide settings take effect.

4.1.2. Adding extra backgrounds

You can make extra backgrounds available to users on your system.

Procedure

Use the org.gnome.desktop.background schemas to create a file in the xml format specifying your extra background’s appearance.

Table 4.1. Frequently used org.gnome.desktop.background schemas GSettings Keys

Key Name	Possible Values	Description
picture-options	"none", "wallpaper", "centered", "scaled", "stretched", "zoom", "spanned"	Determines how the image set by wallpaper_filename is rendered.
color-shading-type	"horizontal", "vertical", and "solid"	Determines shade the background color.
primary-color	default: #023c88	Left or Top color when drawing gradients, or the solid color.
secondary-color	default: #5789ca	Right or Bottom color when drawing gradients, not used for solid color.

idef::desktop-title[] The full range of options can be found in the dconf-editor GUI or the gsettings command-line utility. For more information, see Section 3.3, “Displaying GSettings values for desktop applications”. endif::

Store the *.xml file under the /usr/share/gnome-background-properties/ directory.

When an user clicks their name in the top right corner, chooses Settings, and in the Personal section of the table selects Background, they will see the new background available.

Example implementation of org.gnome.desktop.background GSettings keys

An example extra backgrounds file with one <wallpaper> element

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE wallpapers SYSTEM "gnome-wp-list.dtd">
<wallpapers>
  <wallpaper deleted="false">
    <name>Company Background</name>
    <name xml:lang="de">Firmenhintergrund</name>
    <filename>/usr/local/share/backgrounds/company-wallpaper.jpg</filename>
    <options>zoom</options>
    <shade_type>solid</shade_type>
    <pcolor>#ffffff</pcolor>
    <scolor>#000000</scolor>
  </wallpaper>
</wallpapers>

In one configuration file, you can specify multiple <wallpaper> elements to add more backgrounds as shown in the following example with two <wallpaper> elements, adding two different backgrounds.

An example extra backgrounds file with two <wallpaper> elements

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE wallpapers SYSTEM "gnome-wp-list.dtd">
<wallpapers>
  <wallpaper deleted="false">
    <name>Company Background</name>
    <name xml:lang="de">Firmenhintergrund</name>
    <filename>/usr/local/share/backgrounds/company-wallpaper.jpg</filename>
    <options>zoom</options>
    <shade_type>solid</shade_type>
    <pcolor>#ffffff</pcolor>
    <scolor>#000000</scolor>
  </wallpaper>
  <wallpaper deleted="false">
    <name>Company Background 2</name>
    <name xml:lang="de">Firmenhintergrund 2</name>
    <filename>/usr/local/share/backgrounds/company-wallpaper-2.jpg</filename>
    <options>zoom</options>
    <shade_type>solid</shade_type>
    <pcolor>#ff0000</pcolor>
    <scolor>#00ffff</scolor>
  </wallpaper>
</wallpapers>

4.1.3. Setting the screen shield

Screen shield is the screen that quickly slides down when the system is locked. It is controlled by the org.gnome.desktop.screensaver.picture-uri GSettings key. GDM uses its own dconf profile, so you can set the default background by changing the settings in that profile.

For more information on GSettings and dconf, see Section 3.1, “Introduction to configuring GNOME”.

Procedure

Create a gdm database for machine-wide settings in /etc/dconf/db/gdm.d/01-screensaver:
```
[org/gnome/desktop/screensaver]
picture-uri='file:///opt/corp/background.jpg'
```
Replace /opt/corp/background.jpg with the path to the image file you want to use as the screen shield. Supported formats are PNG, JPG, JPEG, and TGA. Note that the image will be scaled if necessary to fit the screen.
Update the system databases:
```
# dconf update
```
Users must log out and back in again before the system-wide settings take effect.

Troubleshhoting

If the screen shield does not update, you can:

Make sure that you have updated the system databases by running the dconf update command as the root user.
Try restarting GDM.

4.2. Using GNOME Shell extensions to customize desktop environment

GNOME Shell extensions allow for the customization of the default GNOME Shell interface and its parts, such as window management and application launching.

Important

Before deploying third-party GNOME Shell extensions on Red Hat Enterprise Linux, make sure to read the following document to learn about the Red Hat support policy for third-party software:How does Red Hat Global Support Services handle third-party software, drivers, and/or uncertified hardware/hypervisors?

4.2.1. Enabling machine-wide extensions

Prerequisite:

To make extensions available to all users on the system, install them in the /usr/share/gnome-shell/extensions directory.

Procedure

Create a local database file for machine-wide settings in /etc/dconf/db/local.d/00-extensions:
```
[org/gnome/shell]
# List all extensions that you want to have enabled for all users
enabled-extensions=['myextension1@myname.example.com', 'myextension2@myname.example.com']
```
The enabled-extensions key specifies the enabled extensions using the extensions' uuid (myextension1@myname.example.com and myextension2@myname.example.com).
Update the system databases:
```
# dconf update
```
Users must log out and back in again before the system-wide settings take effect.
Note
There is currently no way to enable additional extensions for users who have already logged in. This does not apply for existing users who have installed and enabled their own GNOME extensions.

4.2.2. Locking down enabled extensions

You can prevent the user from enabling or disabling extensions by locking down the org.gnome.shell.enabled-extensions key.

Procedure

Create a local database file for machine-wide settings in /etc/dconf/db/local.d/00-extensions:
```
[org/gnome/shell]
# List all extensions that you want to have enabled for all users
enabled-extensions=['myextension1@myname.example.com', 'myextension2@myname.example.com']
```
The enabled-extensions key specifies the enabled extensions using the extensions' uuid (myextension1@myname.example.com and myextension2@myname.example.com).
Override the user’s setting and prevent the user from changing it in /etc/dconf/db/local.d/locks/extensions:
```
# Lock the list of mandatory extensions
/org/gnome/shell/enabled-extensions
```
Update the system databases:
```
# dconf update
```
Users must log out and back in again before the system-wide settings take effect.

After locking down the org.gnome.shell.enabled-extensions, any extensions installed in ~/.local/share/gnome-shell/extensions or /usr/share/gnome-shell/extensions that are not listed in the org.gnome.shell.enabled-extensions key will not be loaded by GNOME Shell, thus preventing the user from using them.

4.2.3. Setting up mandatory extensions

In GNOME Shell, you can provide a set of extensions that the user has to use.

Prerequisites

The extensions must be installed under the /usr/share/gnome-shell/extensions directory.

Procedure

Create a local database file for machine-wide settings in /etc/dconf/db/local.d/00-extensions-mandatory:
```
[org/gnome/shell]
# List all mandatory extensions
enabled-extensions=['myextension1@myname.example.com', 'myextension2@myname.example.com']
```
The enabled-extensions key specifies the enabled extensions using the extensions' uuid (myextension1@myname.example.com and myextension2@myname.example.com).
Override the user’s setting and prevent the user from changing it in /etc/dconf/db/local.d/locks/extensions-mandatory:
```
# Lock the list of mandatory extensions
/org/gnome/shell/enabled-extensions
```
Update the system databases:
```
# dconf update
```
Users must log out and back in again before the system-wide settings take effect.

Chapter 5. Customizing GNOME desktop features

5.1. Enabling the CTRL+ALT+BACKSPACE shortcut

The Ctrl+Alt+Backspace shortcut key combination is used for terminating the X.Org display server.

You might want to terminate X.Org especially when:

A program caused X.Org to stop working.
You need to switch from your logged-in session quickly.
You have launched a program that failed.
You cannot operate in the current session.
Your screen freezes.

To enable the Ctrl+Alt+Backspace shortcut to forcibly terminate X.Org by default for all users, you need to set the org.gnome.desktop.input-sources.xkb-options GSettings key.

Procedure

Create a local database for machine-wide settings in /etc/dconf/db/local.d/00-input-sources:

[org/gnome/desktop/input-sources]
# Enable Ctrl-Alt-Backspace for all users
xkb-options=['terminate:ctrl_alt_bksp']

Override the user’s setting, and prevent the user from changing it in /etc/dconf/db/local.d/locks/input-sources:
```
# Lock the list of enabled XKB options
/org/gnome/desktop/input-sources/xkb-options
```
Update the system databases for the changes to take effect:
```
# dconf update
```
Users must log out and back in again before the system-wide settings take effect.

If the Ctrl+Alt+Backspace key combination is enabled, all users can terminate X.Org , which brings them back to the login prompt.

5.2. Disabling command-line access

To disable command-line access for a desktop user, you need to make configuration changes in a number of different contexts:

Section 5.2.1, “Setting the org.gnome.desktop.lockdown.disable-command-line Key”
Section 5.2.2, “Disabling virtual terminal switching on X.Org”
Remove Terminal and any other application that provides access to the terminal from the Applications menu and Activities Overview in GNOME Shell. This is done by removing menu items for those applications.

Note

The following steps do not remove the desktop user’s permissions to access a command line, but rather remove the ways that the desktop user could access command line.

5.2.1. Setting the org.gnome.desktop.lockdown.disable-command-line Key

This approach prevents the user from:

Accessing the terminal
Specifying a command line to be executed by using the Alt+F2 command prompt

Procedure

Create a local database for machine-wide settings in /etc/dconf/db/local.d/00-lockdown:
```
[org/gnome/desktop/lockdown]
# Disable command-line access
disable-command-line=true
```
Override the user’s setting and prevent the user from changing it in /etc/dconf/db/local.d/locks/lockdown:
```
# Lock the disabled command-line access
/org/gnome/desktop/lockdown
```
Update the system databases:
```
# dconf update
```
Users must log out and back in again before the system-wide settings take effect.

5.2.2. Disabling virtual terminal switching on X.Org

With the X.Org display server, users can normally use the Ctrl+Alt+function key shortcuts to switch from the GNOME Desktop and X.Org to a virtual terminal. You can disable access to all virtual terminals by modifying the X.Org configuration. The X.Org configuration should be modified by adding the DontVTSwitch option to the Serverflags section of an X configuration file in the /etc/X11/xorg.conf.d/ directory, as shown by the following procedure.

Important

You cannot apply the procedure if GNOME Shell on Wayland is used as the display server.

Procedure

Create or edit an X configuration file in the /etc/X11/xorg.conf.d/ directory:
Note
By convention, these host-specific configuration file names start with two digits and a hyphen and always have the .conf extension. Thus, the following file name can be /etc/X11/xorg.conf.d/10-xorg.conf.
```
Section "Serverflags"

Option "DontVTSwitch" "yes"

EndSection
```
Restart the X.Org display server for the changes to take effect.

5.3. Preventing the computer from suspending when closing the lid

When closing the lid of your laptop, the computer by default suspends in order to save power. You can prevent the computer from suspending when closing the lid by changing the setting for that behavior.

Warning

Some laptops can overheat if they are left running with the lid closed, especially if they are in a confined place. Therefore, consider whether changing the default setting from suspend to an other option is beneficial in your case.

Procedure

Open the /etc/systemd/logind.conf file for editing.
Find the HandleLidSwitch=suspend line in the file.
If it is quoted out with the # character at the start, unquote it by removing #.
If the line is not present in the file, add it.
Replace the default suspend parameter with:
- lock for the screen to lock
- ignore for nothing to happen
- poweroff for the computer to switch off
  For example:
```
[Login]
HandleLidSwitch=lock
```
Save your changes, and close the editor.
Run the following command so that your changes preserve the next restart of the system:
```
# systemctl restart systemd-logind.service
```

Warning

Restarting the service forcibly interrupts any currently running GNOME session of any desktop user who is logged in. This can result in users losing unsaved data.

For more information on the /etc/systemd/logind.conf file, see the logind.conf man page.

5.4. Changing behavior when pressing the power button in graphical target mode

When the machine is booted to a graphical login screen or user session, hitting the power button makes the machine suspend by default. This happens both in cases when the user presses the power button physically or when pressing a virtual power button from a remote console. To achieve a different behavior when pressing the power button, set the function of this button with dconf.

For example, if you want the system to shutdown after pressing the power button, use the following procedure:

Procedure

Create a local database for system-wide settings in the /etc/dconf/db/local.d/01-power file:
```
[org/gnome/settings-daemon/plugins/power]
power-button-action='interactive'
```
Override the user’s setting, and prevent the user from changing it in the /etc/dconf/db/local.d/locks/01-power file:
```
/org/gnome/settings-daemon/plugins/power/power-button-action
```
Update the system databases:
```
# dconf update
```
Log out and back in again before the system-wide settings take effect.

This configuration initiates a system shutdown after pressing the power button. To configure the system differently, you can set the behavior of particular buttons.

Options for particular buttons:

nothing
does nothing
suspend
suspends the system
hibernate
hibernates the system
interactive
shows a pop-up query asking the user what to do
With interactive mode, the system powers off automatically after 60 seconds when hitting the power button. However, you can choose a different behavior from the pop-up query as shown in the figure below.
Pop-up query for interactive mode

Chapter 6. Locking down selected tasks

This section describes how to lock down for users the following tasks:

Printing
File saving on disk
Repartitioning
User logout and user switching

6.1. Locking down printing

You can disable the print dialog from being shown to users. This can be useful if you are giving temporary access to a user or you do not want the user to print to network printers.

Important

The feature only works in applications which support it. Not all GNOME and third party applications have this feature enabled. The changes do not have effect on applications which do not support this feature.

To provent applications from printing, lock down the org.gnome.desktop.lockdown.disable-printing key:

Procedure

Create the user profile in /etc/dconf/profile/user unless it already exists:
```
user-db:user
system-db:local
```
Create a local database for machine-wide settings in the etc/dconf/db/local.d/00-lockdown file:
```
[org/gnome/desktop/lockdown]

# Prevent applications from printing
disable-printing=true
```
Override the user’s setting and prevent the user from changing it in the /etc/dconf/db/local.d/locks/lockdown file:
```
# List the keys used to configure lockdown
/org/gnome/desktop/lockdown/disable-printing
```
Update the system databases:
```
# dconf update
```

Having followed these steps, applications supporting this lockdown key, such as Evolution, Evince, or Gedit, will disable printing.

6.2. Locking file saving on disk

You can disable the Save and Save As dialogs. This can be useful if you are giving temporary access to a user or you do not want the user to save files to the computer.

Important

The feature only works in applications which support it. Not all GNOME and third party applications have this feature enabled. The changes will have no effect on applications which do not support this feature.

To prevent applications from file saving, lock down the org.gnome.desktop.lockdown.disable-save-to-disk key:

Procedure

Create the user profile in /etc/dconf/profile/user unless it already exists:
```
user-db:user
system-db:local
```

Create a local database for machine-wide settings in the /etc/dconf/db/local.d/00-lockdown file:

[org/gnome/desktop/lockdown]

# Prevent the user from saving files on disk
disable-save-to-disk=true

Override the user’s setting and prevent the user from changing it in the /etc/dconf/db/local.d/locks/lockdown file:
```
# Lock this key to disable saving files on disk
/org/gnome/desktop/lockdown/disable-save-to-disk
```
Update the system databases:
```
# dconf update
```

Having followed these steps, applications supporting this lockdown key, for example Videos, Image Viewer, Evolution, Document Viewer, or GNOME Shell, will disable their Save As dialogs.

6.3. Locking repartitioning

polkit enables you to set permissions for individual operations. For udisks2, the utility for disk management services, the configuration is located at /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy. This file contains a set of actions and default values, which can be overridden by system administrator.

Important

polkit configuration stored in /etc overrides the configuration shipped by packages in /usr/share/.

Procedure

Create a file with the same content as in /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy:
```
cp /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy /etc/share/polkit-1/actions/org.freedesktop.udisks2.policy
```
Do not change the /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy file, your changes will be overwritten by the next package update.

Delete the action you do not need, and add the following lines to the /etc/polkit-1/actions/org.freedesktop.udisks2.policy file:

<action id="org.freedesktop.udisks2.modify-device">
  <message>Authentication is required to modify the disks settings</message>
     <defaults>
        <allow_any>no</allow_any>
        <allow_inactive>no</allow_inactive>
        <allow_active>yes</allow_active>
      </defaults>
 </action>

Replace no by auth_admin if you want to ensure only the root user is able to perform the action.

Save the changes.

When the user tries to change the disks settings, the following message is returned:

Authentication is required to modify the disks settings.

6.4. Locking down user logout and user switching

To prevent the user from logging out, use the folowing procedure.

Procedure

Create the /etc/dconf/profile/user profile, which contains the following lines:
```
user-db:user
system-db:local
```
where local is the name of a dconf database
Create the /etc/dconf/db/local.d/ directory if it does not already exist.
Create the /etc/dconf/db/local.d/00-logout key file to provide information for the local database:
```
[org/gnome/desktop/lockdown]
# Prevent the user from user switching
disable-log-out=true
```
Override the user’s setting, and prevent the user from changing it in the /etc/dconf/db/local.d/locks/lockdown file:
```
# Lock this key to disable user logout
/org/gnome/desktop/lockdown/disable-log-out
```
Update the system databases:
```
# dconf update
```
Users must log out and back in again before the system-wide settings take effect.

Important

Users can evade the logout lockdown by switching to a different user. To prevent such scenario, lock down user swithcing as well.

To lock down user switching, use the following procedure:

Procedure

Create the /etc/dconf/profile/user profile, which contains the following lines:
```
user-db:user
system-db:local
```
where local is the name of a dconf database
Create the /etc/dconf/db/local.d/ directory if it does not already exist.
Create the /etc/dconf/db/local.d/00-user-switching key file to provide information for the local database:
```
[org/gnome/desktop/lockdown]
# Prevent the user from user switching
disable-user-switching=true
```
Override the user’s setting, and prevent the user from changing it in the /etc/dconf/db/local.d/locks/lockdown file:
```
# Lock this key to disable user switching
/org/gnome/desktop/lockdown/disable-user-switching
```
Update the system databases:
```
# dconf update
```
Users must log out and back in again before the system-wide settings take effect.

Chapter 7. Managing user sessions

7.1. What GDM is

The GNOME Display Manager (GDM) is a graphical login program running in the background that runs and manages the X.Org display servers for both local and remote logins.

GDM is a replacement for XDM, the X Display Manager. However, GDM is not derived from XDM and does not contain any original XDM code. In addition, there is no support for a graphical configuration tool in GDM, so editing the /etc/gdm/custom.conf configuration file is necessary to change the GDM settings.

7.2. Restarting GDM

When you make changes to the system configuration such as setting up the login screen banner message, login screen logo, or login screen background, restart GDM for your changes to take effect.

Warning

Restarting the service forcibly interrupts any currently running GNOME session of any desktop user who is logged in. This can result in users losing unsaved data.

Procedure

To restart the GDM service, run the following command:
```
# systemctl restart gdm.service
```

Procedure

To display results of the GDM configuration, run the following command:
```
$ DCONF_PROFILE=gdm gsettings list-recursively org.gnome.login-screen
```

7.3. Adding an autostart application for all users

To start an application automatically when the user logs in, create a .desktop file for that application in the /etc/xdg/autostart/ directory. To manage autostart applications for individual users, use the gnome-session-properties application.

Procedure

Create a .desktop file in the /etc/xdg/autostart/ directory:
```
[Desktop Entry]
Type=Application
Name=Files
Exec=nautilus -n
OnlyShowIn=GNOME;
AutostartCondition=GSettings org.gnome.desktop.background show-desktop-icons
```
Replace Files with the name of the application.
Replace nautilus -n with the command you want to use to run the application.
Use the AutostartCondition key to check for a value of a GSettings key.
The session manager runs the application automatically if the key’s value is true. If the key’s value changes in the running session, the session manager starts or stops the application, depending on what the previous value for the key was.

7.4. Configuring automatic login

As an administrator, you can enable automatic login from the Users panel in GNOME Settings, or you can set up automatic login manually in the GDM custom configuration file, as follows.

Run the follwoing procedure to set up automatic login for a user john.

Procedure

Edit the /etc/gdm/custom.conf file, and make sure that the [daemon] section in the file specifies the following:
```
[daemon]
AutomaticLoginEnable=True
AutomaticLogin=john
```
Replace john with the user that you want to be automatically logged in.

7.5. Configuring automatic logout

User sessions that have been idle for a specific period of time can be ended automatically. You can set different behavior based on whether the machine is running from a battery or from mains power by setting the corresponding GSettings key, then locking it.

Warning

Users can potentially lose unsaved data if an idle session is automatically ended.

To set automatic logout for a mains powered machine:

Procedure

Create a local database for machine-wide settings in the /etc/dconf/db/local.d/00-autologout file:

[org/gnome/settings-daemon/plugins/power]
# Set the timeout to 900 seconds when on mains power
sleep-inactive-ac-timeout=900
# Set action after timeout to be logout when on mains power
sleep-inactive-ac-type='logout'

Override the user’s setting, and prevent the user from changing it in the /etc/dconf/db/local.d/locks/autologout file:

# Lock automatic logout settings
/org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-timeout
/org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-type

Update the system databases:
```
# dconf update
```
Users must log out and back in again before the system-wide settings take effect.

The following GSettings keys are of interest:

org.gnome.settings-daemon.plugins.power.sleep-inactive-ac-timeout
The number of seconds that the computer needs to be inactive before it goes to sleep if it is running from AC power.
org.gnome.settings-daemon.plugins.power.sleep-inactive-ac-type
What should happen when the timeout has passed if the computer is running from AC power.
org.gnome.settings-daemon.plugins.power.sleep-inactive-battery-timeout
The number of seconds that the computer needs to be inactive before it goes to sleep if it is running from power.
org.gnome.settings-daemon.plugins.power.sleep-inactive-battery-type
What should happen when the timeout has passed if the computer is running from battery power.

If you want to list available values for a key, use the following procedure:

Procedure

Run the gsettings range command on the required key. For example:

$ gsettings range org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type
enum
'blank'
'suspend'
'shutdown'
'hibernate'
'interactive'
'nothing'
'logout'

7.6. Setting screen brightness and idle time

This section describes how to:

Configure the drop in the brightness leve
Set brightness level
Set idle time

Configuring the drop in the brightness level

To set the drop in the brightness level when the device has been idle for some time:

Procedure

Create a local database for machine-wide settings in the /etc/dconf/db/local.d/00-power file including these lines:
```
[org/gnome/settings-daemon/plugins/power]
idle-dim=true
```
Update the system databases:
```
# dconf update
```
Users must log out and back in again before the system-wide settings take effect.

Setting brightness level

To set brightness level:

Procedure

Create a local database for machine-wide settings in the /etc/dconf/db/local.d/00-power file, as in the following example:
```
[org/gnome/settings-daemon/plugins/power]
idle-brightness=30
```
Replace 30 with the integer value you want to use.
Update the system databases:
```
# dconf update
```
Users must log out and back in again before the system-wide settings take effect.

Setting idle time

To set idle time after which the screen is blanked and the default screensaver is displayed:

Procedure

Create a local database for machine-wide settings in /etc/dconf/db/local.d/00-session, as in the following example:
```
[org/gnome/desktop/session]
idle-delay=uint32 900
```
Replace 900 with the integer value you want to use.
You must include the uint32 along with the integer value as shown.
Update the system databases:
```
# dconf update
```
Users must log out and back in again before the system-wide settings take effect.

7.7. Locking the screen when the user is idle

To enable the screensaver and make the screen lock automatically when the user is idle, follow this procedure:

Procedure

Create a local database for system-wide settings in the etc/dconf/db/local.d/00-screensaver file:

[org/gnome/desktop/session]
# Set the lock time out to 180 seconds before the session is considered idle
idle-delay=uint32 180
[org/gnome/desktop/screensaver]
# Set this to true to lock the screen when the screensaver activates
lock-enabled=true
# Set the lock timeout to 180 seconds after the screensaver has been activated
lock-delay=uint32 180

You must include the uint32 along with the integer key values as shown.

Override the user’s setting, and prevent the user from changing it in the /etc/dconf/db/local.d/locks/screensaver file:

# Lock desktop screensaver settings
/org/gnome/desktop/session/idle-delay
/org/gnome/desktop/screensaver/lock-enabled
/org/gnome/desktop/screensaver/lock-delay

Update the system databases:
```
# dconf update
```
Users must log out and back in again before the system-wide settings take effect.

7.8. Screencast recording

GNOME Shell features a built-in screencast recorder. The recorder allows users to record desktop or application activity during their session and distribute the recordings as high-resolution video files in the webm format.

To make a screencast:

Procedure

To start the recording, press Ctrl+Alt+Shift+R shortcut.
When the recorder is capturing the screen activity, it displays a red circle in the bottom-right corner of the screen.
To stop the recording, press Ctrl+Alt+Shift+R shortcup.
The red circle in the bottom-right corner of the screen disappears.
Navigate to the ~/Videos directory where you can find the recorded video with a file name that starts with Screencast and includes the date and time of the recording.

Note

The built-in recorder always captures the entire screen, including all monitors in multi-monitor setups.

Legal Notice

The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.

Linux® is the registered trademark of Linus Torvalds in the United States and other countries.

Java® is a registered trademark of Oracle and/or its affiliates.

XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.

MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.

Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.

The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.

All other trademarks are the property of their respective owners.