2

In Gnome on Centos 7, does anyone know how to disable "Log in as another user" on the lock screen? I can disable user switching using:

disable-user-switching=true

I achieve this be adding: /etc/dconf/db/local.d/00-user-switching

[org/gnome/desktop/lockdown]
# Prevent the user from user switching
disable-user-switching=true

/etc/dconf/db/local.d/locks/lockdown

# Lock this key to disable user switching
/org/gnome/desktop/lockdown/disable-user-switching

This works nicely preventing the user switching option, but you can still switch users via the lock screen .

The reason as to why I'm doing this is because we're implementing a VNC recording solution. If a second person logs in, they are on a different display and therefore, VNC does not present that display to the client trying to record the screen as the original user stays on display 0 and the new user logged in is on display 1.

e.g.

[support@mymachine ~]$ who
fred       :0           2018-09-26 08:27 (:0)
jenny  pts/0        2018-09-28 09:43 (192.168.1.3)
pete :1           2018-09-28 08:13 (:1)

So what happens is that Fred logs locks his screen, Jenny clicks on "Log in as another user" and logs in which is fine, but it does not log Fred out. She therefore generates a new display and when you try and VNC, we can only see Freds original lock screen on Display 0 because Jenny has a new Display on 1.

BinkyBong
  • 21
  • 1
  • I've actually found a workaround by adding `export DISPLAY=:0` to the end of `/etc/bashrc` to force all users to used Display 0, however - while it works, it has the side effect of making users log in twice. The 1st time, the gdm resets and returns the user back to the login screen effectively also logging the other user out. The 2nd time they login, it manages to let them in. Anyone come up with a more elegant solution? – BinkyBong Sep 28 '18 at 14:37
  • This is also relevant to HP RGS / Z Central Remote Boost. Selecting that link breaks the `rgsender` process for the original login session (it's tied to the graphics driver itself) but leaves it zombie, and `rgsender` cannot spawn a second time because of the zombie... – Rich Sep 03 '20 at 21:09

1 Answers1

0

Disable autospawning secondary VTs

In /etc/systemd/logind.conf set these two lines:

NAutoVTs=2
ReserveVT=2

Note that systemd wants logind to always have one VT reserved for TUI login. Setting both values to =1 overrides gdm's ability to spawn on VT1. Cf. systemd for Administrators, Part XVI at the systemd designer's blog.

After reboot, you have VT1 running gdm, and VT2 reserved for TUI login. "Log in as another user" cannot spawn another VT.

Note: this might be a useless answer since it doesn't prevent Xwayland systems (EL8) spawning the login window (on my test box at :1024). Even on EL7 it might not prevent gdm from trying to find another VT. In which case it's a bug in either gdm, or in the Gnome screenlock.

Rich
  • 380
  • 4
  • 11