Chapter 16. Enabling and enforcing GNOME Shell extensions

GNOME Shell Extensions are add-ons that enhance the functionality and appearance of the GNOME desktop environment. Users can enable extensions for their own desktop session or for all users on the sytem.

16.1. Enabling system-wide GNOME Shell extensions

You can automatically enable GNOME extensions for all users, eliminating the need for individual installations. Existing users with personalized extensions are not affected.

Prerequisites

  • Administrative access

Procedure

  1. Download the extension archive from the GNOME Extensions website.
  2. Extract the archive into the /usr/share/gnome-shell/extensions/ directory:

    # unzip -q <extension-file.zip> -d /usr/share/gnome-shell/extensions/

    Replace <extension-file.zip> with the name of the extension zip file.

  3. Adjust the permissions to ensure that the extension files are readable and executable by everyone:

    # chmod -R 755 /usr/share/gnome-shell/extensions/<extension-directory>/

    Replace <extension-directory> with the name of the extension directory.

  4. Create a new /etc/dconf/db/local.d/00-extensions file with the following content:

    [org/gnome/shell]
    enabled-extensions=['myextension1@myname.example.com', 'myextension2@myname.example.com']

    Replace the UUIDs (myextension1@myname.example.com, myextension2@myname.example.com) with the ones you want to enable. You can find the UUID of an extension on its GNOME Shell Extensions website page.

  5. Apply the changes to the system databases:

    # dconf update

After completing these steps, the specified extensions are enabled by default for all new users on your system.

16.2. Restricting GNOME Shell extensions

By locking down specific GNOME Shell extensions, you can ensuring that a predefined set of extensions is consistently available to all users. You can configure a set of mandatory extensions and prevent users from modifying them. The specified extensions are mandatory for all users, and the Looking Glass tool is disabled to ensure compliance with the predefined configuration.

Prerequisites

  • Administrative access

Procedure

  1. Create a new /etc/dconf/db/local.d/00-extensions file with the following content:

    [org/gnome/shell]
    enabled-extensions=['myextension1@myname.example.com', 'myextension2@myname.example.com']
    development-tools=false

    Replace the UUIDs (myextension1@myname.example.com, myextension2@myname.example.com) with the ones you want to enable. You can find the UUID of an extension on its GNOME Shell Extensions website page.

  2. To prevent users from changing these settings, create a new /etc/dconf/db/local.d/locks/extensions file with the following content:

    /org/gnome/shell/enabled-extensions
    /org/gnome/shell/development-tools
  3. Apply the changes to the system databases:

    # dconf update

Extensions that are not listed in the org.gnome.shell.enabled-extensions file are not loaded by the GNOME Shell, preventing the user from using them.