-   Linux - Newbie (
-   -   need help seting system defaults screensaver gnome (

unix1adm 02-15-2010 07:58 AM

need help seting system defaults screensaver gnome
what file do you set the defaults in?
I want to set all my users to use a blank screensaver and a time out of 20min. password required
Have been looking all over the place for a valid config file I can edit and the syntax for it.
I should also mention I want these to be default for all user that CANNOT be changed except by root.
Red Hat running gnome in my case.

I need this for an audit so please advise thank you.

unix1adm 02-15-2010 07:59 AM

I found this here

but they dont tell me where this file is .. When I do a find on the system it give me directories not a file GConf.

find / -name GConf

I'm a systems administrator. How can I set policies for all users of my system?

You can set mandatory policies in GConf. Here are some typical policies for a "locked down" system:

gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type bool \
--set /apps/gnome-screensaver/idle_activation_enabled true
gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type bool \
--set /apps/gnome-screensaver/lock_enabled true
gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type string \
--set /apps/gnome-screensaver/mode blank-only
gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type int \
--set /apps/gnome-screensaver/idle_delay 10

unix1adm 02-15-2010 10:29 AM

ahhh I think I understand this now. This is not a file to be edited but a command to be run on the system...

But I want to edit a default file so when I build a golden image and build systems from that it will have these values already set from the start and I wont have to do this every time.

unix1adm 02-15-2010 10:37 AM

so I tried this in a script and on a command line...

gconftool-2 --direct \
> --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
> --type bool \
> --set /apps/gnome-screensaver/idle_activation_enabled true
Resolved address "xml:readwrite:/etc/gconf/gconf.xml.mandatory" to a writable configuration source at position 0

I cd to /etc/gconf/gconf.xml.mandatory do an ls and I see this
%gconf.xml gnome-screensaver


drwxr-xr-x 2 root root 4096 Feb 15 10:32 .
drwxr-xr-x 3 root root 4096 Feb 15 10:30 ..
-rw-r--r-- 1 root root 468 Feb 15 10:32 %gconf.xml

more %gconf.xml
<?xml version="1.0"?>
<entry name="idle_delay" mtime="1266247854" type="int" value="30">
<entry name="mode" mtime="1266247854" type="string">
<entry name="lock_enabled" mtime="1266247854" type="bool" value="true">
<entry name="idle_activation_enabled" mtime="1266247930" type="bool" val

unix1adm 02-15-2010 10:47 AM

I am guessing this is the file I need to modify. Not sure why the commands are not working and give that error. Still researching

If I run this it works.
gconftool-2 --get /desktop/gnome/background/picture_filename

unix1adm 02-15-2010 10:55 AM

ok so it looks like this is not really an error. I will need to check the setting by logging in and running a vnc connection to see if it works.

I might just be miss reading the msg.

unix1adm 02-15-2010 11:28 AM

So i made the changes and vnc into the server with my uid and I still show a 10 min timeout and default setting.

So the "global" setting I thought would work did not ...

arizonagroovejet 02-15-2010 12:44 PM

I believe that the changes to mandatory settings won't affect any users that are currently logged in and running GNOME. So log out any users running GNOME, set the relevant settings, then log in as someone and run GNOME.

On machines I manage (SUSE Linux Enterprise Desktop, GNOME 2.24) I have a script which sets gconf stuff during boot to ensure my desired config it already in place. Here's what I use:


gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type int  --set /apps/gnome-screensaver/idle_delay 4
gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type boolean --set /apps/gnome-screensaver/lock_enabled true
gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type boolean  --set /apps/gnome-screensaver/idle_activation_enabled true
gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --set --type list --list-type=string /apps/gnome-screensaver/themes [blank-only]

Which means

- The screensaver activates after four minutes. Users cannot change this.
- The screensaver will lock the screen. Users cannot change this.
- Users cannot disable the screensaver.
- The default screensaver is to just blank the screen, but users can change this if they desire.

Change 4 to 20 in the first command and defaults to mandatory in the last command and I think you have what you want.

unix1adm 02-15-2010 01:31 PM

happy camper... for now...I got a nasty msg when I logged out and back in and tried to change the screen saver... Just what i wanted...

Thank you for the help.

unix1adm 02-15-2010 01:46 PM

now the tasks becomes how to remove the menu option all together. I remember stumbling across a link now if I can just find it.

found it

arizonagroovejet 02-15-2010 02:12 PM

You could try removing read permissions from .desktop file for the entry in Control Centre.


$ chmod go-r /usr/share/applications/gnome-screensaver-preferences.desktop
You could also remove read/execute from the executable the .desktop file calls.


$ chmod go-rx /usr/bin/gnome-screensaver-preferences
The permissions will probably be reverted back to the defaults when you install updates though.

unix1adm 02-15-2010 03:04 PM

OK now I stumbled on something and we have to figure out how to lock down individual users from setting a proxy server. Its a server not a WS so it should never go to the internet.

Love Linux... This is getting fun... ;)

All times are GMT -5. The time now is 08:47 PM.