Disabling the gnome 3 user list

To disable the Gnome 3 login list as found in Fedora 17+, and soon, Red Hat Enteprise Linux, read on. [NOTE: If you’re running Fedora 21, see this post instead!]

I think all experienced system administrators would agree with this statement from 2010 found in Red Hat Bug 666330:

The gdm greeter displays a list of all valid user accounts. That is not acceptable for an Enterprise Class OS. It is a significant security lapse that should have been corrected before GA.

My only emmendation would be to insert the word “juvenile” between the words “significant” and “security”.

The Gnome login user list is one of the more annoying “features” that has crept into enterprise Linux over the years. The solution that follows works in Gnome 3. It appears on StackExchange, among other places.

Create a new file /etc/dconf/db/gdm.d/01-local-settings.

Edit to include the following:


Update the dconf db:

dconf update

Restart gdm:

systemctl restart gdm

That’s all there is to it.

In earlier versions of Fedora and RHEL the cure was to log in as root and use gconftool-2 to edit gdm’s Gnome configuration with the following commands:

xhost +SI:localuser:gdm

sudo -u gdm \
gconftool-2 \
--type bool \
--set /apps/gdm/simple-greeter/disable_user_list true

Although the aforementioned bug was closed, the behavior of defaulting to listing all system users on the login page has persisted in RHEL 6. Apparently Microsoft envy has overcome both the Gnome and Red Hat crews to the point that they’re incapable of fixing this. As a result we’re all going to simply add this to the ever growing list of stupid, juvenile crap that we have to correct before putting a system into production.

This entry was posted in Security, System Administration on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).