In RHEL-6, the gnome login screen displays all user accounts. Apparently this behavior of the gdm greeter was inherited from Fedora. This may not be a problem with personal desktops/laptops but, in an enterprise class Linux like RHEL, it could constitute a security vulnerability. I saw complaints from users as early as in Fedora 9. Alan has filed a bugzila against RHEL-6.
It is possible to disable it. Problem is … it is not easy to do it. The following command (one-liner) will disable the gdm greeter’s listing of users:
sudo -u gdm gconftool-2 --type bool --set /apps/gdm/simple-greeter \\ /disable_user_list true
By the way, you can see the set value by:
sudo -u gdm gconftool-2 --get /apps/gdm/simple-greeter/disable_user_list
Note that the command was run as gdm. Running the same gconftool-2 command as root would not work. Alternatively, you can modify the systemwide configuration. It will be just easy if you manually edit the file /etc/gconf/gconf.xml.defaults/%gconf-tree.xml and change the boolean for disable_user_list from false to true.
(1) A simpler way to make the change to “/etc/gconf/gconf.xml.defaults/” is through gcconftool-2:
gconftool-2 /apps/gdm/simple-greeter/disable_user_list –config-source xml:readwrite:/etc/gconf/gconf.xml.defaults –set –type=boolean true
(1) From using Fedora, I thought that the configuration to be edited for this change was under “/etc/gconf/gconf.xml.mandatory/” and not “/etc/gconf/gconf.xml.defaults/”. They both work.
Not unexpectedly, whatever’s set in “*mandatory” trumps whatever’s set in “*defaults”.
I’m unsure of the difference between the two. I tried to over-ride “*defaults” through “~/.gconf” but it didn’t work.
Thanks, Tom, for your useful note.
I tried this and each time the user list keeps coming back. This is with RHEL 6. Very frustrating. I need this user list to simply go away.
Try this as root :
gconftool-2 –direct –config-source=`gconftool-2 –get-default-source` –set /apps/gdm/simple-greeter/disable_user_list –type bool TRUE
It worked through a init 3 && init 5 . Check after a gdm update though.
On Debian 7 this command generates 2 errors; I needed it because Denian 7 was also displaying ID less than 1000; but have kicking it a around has gone back to the old behavior of hiding ID less than 1000
This doesn’t generate any errors,but it doesn’t do anything either:
gconftool-2 –direct –config-source=`gconftool-2 –get-default-source` –set /apps/gdm/simple-greeter/disable_user_list –type bool TRUE