Want to lock down specific system settings, such as extensions and printer accessibility, to prevent others from changing them in Ubuntu or Linux Mint? Here’s how to do the trick step by step with screenshots!
NOTE: this tutorial is tested and works on Ubuntu 20.04, Ubuntu 22.04, Linux Mint 20 (Cinnamon), and Fedora Workstation. It should also works on other Linux with GNOME desktop.
After following this tutorial, certain desktop settings will be applied and locked for ALL users in system! Though, user with
sudo privilege (aka administrator) may un-lock them by editing the config files.
Step 1: Create user profile for dconf.
As you may know,
dconf is a low-level configuration system for GNOME. Usually, we use ‘Dconf Editor‘ or ‘gsettings‘ command to configure hidden settings that are not available in Gnome Control Center and Gnome Tweaks.
Dconf has a feature to lock down certain settings, so all system configuration tool cannot change them any longer. However, we need to first create a user profile for it.
Fedora 35 already has the profile!!! So just skip this step. Verify it via
Firstly, search for and open a ‘terminal’ window from Activities overview screen (or start menu).
Next, run the single command to create a profile file ‘
user‘ under /etc/dconf directory. And, write the 2 lines (
system-db:local) into the file:
sudo sh -c 'echo "user-db:user\nsystem-db:local">/etc/dconf/profile/user'
And, verify the profile via command:
Linux Mint 20 need to first run
sudo mkdir -p /etc/dconf/profileto create the 'profile' folder!
Step 2: Specify key values for certain settings you want to lock!
Say you want to lock background wallpaper and disable printing, firstly you need to write these settings into a config file!
1. Firstly, run command in terminal to create ‘/etc/dconf/db/local.d/locks‘ folder in case it does NOT exist:
sudo mkdir -p /etc/dconf/db/local.d/locks
2. Next, create a config file under ‘local.d‘ and edit it via command:
sudo gedit /etc/dconf/db/local.d/00-lockdown
For Linux Mint Cinnamon, replace
3. When files opens in text editor, input something like this:
[org/gnome/desktop/background] # URI to use for the background image picture-uri='file:///usr/share/backgrounds/Ubuntu_by_Abubakar_NK.jpg' [org/gnome/desktop/lockdown] # prevent user from printing disable-printing=true
Here I set the background image for ‘org/gnome/desktop/background/picture-uri’ and true for ‘org/gnome/desktop/lockdown/disable-printing’. Change these lines accordingly or add more as you mind! For example, set enabled extensions via:
[org/gnome/shell] # All extensions you want to have enabled for all users enabled-extensions=['email@example.com', 'firstname.lastname@example.org', 'email@example.com']
Tip: You may install and use ‘Dconf Editor‘ to find out the keys & values.
Step 3: List the keys you want to lock in config file!
Now create a new config file under ‘/etc/dconf/db/local.d/locks‘ directory, and write down the keys will lock them to the values you set in Step 2.
To do so, run command to create and edit config file:
sudo gedit /etc/dconf/db/local.d/locks/lockdown
When the file opens, add similar lines:
# Prevent changes to the following keys: /org/gnome/desktop/background/picture-uri /org/gnome/desktop/lockdown/disable-printing
Add more lines (one key per line) if have more set in Step 2.
Step 4: Update dconf database:
It’s important to update the database by running command in terminal, so all the previous steps will apply immediately!!
sudo dconf update
NOTE: after running this command. The key values in step 2 take effect and lock down for ALL USERS in system. The lock down applies immediately, but the key values may not for non-current user that’s already logged in.
All configuration tools (e.g., Gnome Tweaks, Settings, dconf editor, or gsettings) can NO longer change these settings until un-lock them via administrator privilege.