- A system administrators guide for GNOME 3
- Content ideas (new)
- Content ideas (old)
A system administrators guide for GNOME 3
GNOME 2 used to have a system administrators guide. Most of its content does not apply anymore, so we are collecting material for a new version here. There's another page collecting some ideas for necessary updates to the guide: SysAdminGuideUpdate but that page is now also outdated.
The new system administrators guide is taking shape at at http://library.gnome.org/admin/system-admin-guide/stable/
We should probably start from scratch and assemble a new system administrators guide for GNOME 3, since such a document is still useful to have. Our documentation team has started to put this material into a new guide. It lives in the gnome-user-docs repository, and you can see an online version of it online:http://library.gnome.org/admin/system-admin-guide/stable/
Content ideas (new)
Sysadmin guide planning (https://wiki.gnome.org/DocumentationProject/Tasks/SysAdminGuide) Get Started with GNOME Administration
- Customization Utilities
- Journald / GNOME Journal
Lockdown User Settings
- Prevent users from changing settings (this can be used for whether the person can change all / some settings)
- Disable webcam
- No change disks/partition/format
- Force users to change their passwords (periodically/once off) (is there a gnome feature / utility that can handle forced password resets?)
- Disable printing
- Disable file saving
Disable hot corner (I think this is just done by an extension - so you would need to require this extension & not allow it to be removed).
- Partial super powers
- Lock down online accounts
- Prevent software installation
- Prevent remote logging
Pre-seed user defaults
- Set power management defaults
- Auto-suspend/auto-dim/auto-screen off (power-dim-screen.page, screen-locking.page) (sort of)
- Create an SSH/PGP key with every account
- Global custom keyboard shortcuts
- Enable the Compose key (compose-key.page)
- Desktop sharing
- Set language and input methods
- Add Nautilus bookmarks (servers-list.page) (just for servers?)
- Default email settings
- Auto-setup Evolution to use PGP keys
- Connect to corporate calendar
- Connect to corporate contacts
- Set the default IM accounts
- Set default online accounts
- Add extra fonts (fonts.page, fonts-user.page) aruna
- Add extra themes jana (plymouth)
- Use dark theme by default
- Set privacy/screen lock (screen-locking.page)
- Add extra backgrounds (backgrounds-extra.page) jana
- Customise favorites on the dashjana
- Set default desktop background (desktop-background.page)
- Access account from multiple machines
- Printer access control
- Date and time/NTP
- Pre-seed multiple machines
- Provide different default settings (for different users?)
- Turn off tracker indexing (privacy/NFS)
- Turn on tracker for other directories
- Allow specific users to change printers, network
- Configure net home directories to support multiple GNOME versions
- Migrate users from GNOME 2 to GNOME 3
- Set machine name
- Show logo on login page (login-logo.page) jana
- Change login page background (not possible)
- Text banner on login page (login-banner.page) jana
- Auto-remove users from login screen after some time (not possible, login-userlist-expire.page.stub)
- Remove the user list from login screen (login-userlist-disable.page)
- Have specific users always on the login screen (not possible, login-userlist-always.page.stub)
- Change shield (login-shield.page)
- Disable the "login shield" and allow users to just log in without it (login-shield-disable.page.stub)
- Change monitor/display settings (/var/lib/gdm/.config/monitors.xml)
- Auto login on startup (login-automatic.page) (user-autologin.page)
- Log in against domains (enterprise login) (login-enterprise.page)
- Set autologout (logout-automatic.page)
- Enable accessibility features by default (accessibility-on.page) (org.gnome.desktop.a11y)
- Provide multiple keyboard layouts on the login screen (keyboard-layout.page) jana
- Set language on the login screen (login-language.page.stub) jana
- Enable fingerprint/smart card readers (login-fingerprint.page.stub/login-smart-card.page.stub) kat
- Add custom session to GDM (session-custom.page.stub)
- Bunch of different default sessions for different users (user-session.page) (sort of)
- Remote home directories (dconf keyfiles) (dconf-nfs-home.page)
- Skip initial setup (initial-setup-skip.page.stub)
- Guest accounts (login-guest.page.stub)
- Log out all users
- Auto wireless defaults
- Set up certificate for connecting to VPN
- Set up default VPN connection (vpn-list.page)
- Set up 4G connnection
- Set default proxies
- Allow connecting to a single wifi network only (possible?)
- Set up network printersjana
- Remote administration
- Auto-start applications on login (autostart-applications.page)
- Provide pre-installed apps
- Set a default homepage for GNOME Web
- Set browser preferences
- Getting custom applications into Activities (should be integrated with "Provide pre-installed apps")
- Link to web apps in Activities (see epiphany)
- Set default NFS shares in GNOME Files
- Set default Samba shares in GNOME Files
- Enable machine-wide extensions (extensions-enable.page)
- Lock down enabled extensions (extensions-lockdown.page)
- Install (install applications?)
- Prevent installation/uninstallation (extensions-lockdown.page, extensions-mandatory.page)
- Set software update rules (e.g., disallow all updates or only allow security updates)
- Auto software updates
- Remotely push updates
- List of default processes (processes.page) Petr
- Add custom help topics to the user guide
- Add a Custom MIME Type for All /Individual Users
- Override the Default Registered Application for All / Individual Users
- Remote debugging or troubleshooting
- Access logs
- View the session logs (session-debug.page)jana
- Debug printer not being in the printer dialog
- GNOME Shell has frozen
Content ideas (old)
This is just a braindump / brainstorming area.
Questions to answer
What happened to ~/.xsession-errors ? That file was very handy to debug session problems, and I can't find it anymore
It is now located at ~/.cache/gdm/session.log. This change was made to comply with the XDG directories spec
- How can I set system-wide power management settings that users can't change (eg: Dim screens after X min)
This is controlled by the org.gnome.settings-daemon.plugins.power.idle-dim-time, idle-dim-ac and idle-dim-battery gsettings keys. See below for how to install and enforce system-wide custom values for gsettings keys.
- How can I set system-wide screen saver locking settings that users can't change (eg: Lock screens after X min)
This is controlled by the org.gnome.desktop.screensaver.lock-delay and lock-enabled gsettings keys. See below for how to install and enforce system-wide custom values for gsettings keys.
- How can I migrate users from GNOME 2 → GNOME 3 (without them getting mad at me)
This is a tough question for any change of this magnitude. It might help to offer them a GNOME shell extensions that bring back certain aspects of the GNOME 2 user experience. A good way to do so is the 'classic mode'
- How can gnome auto-remove user names from GDM screen (for users that haven't logged in since X days)
A crude way to achieve this is to rotate wtmp, since GDM is relying on wtmp to know which users have logged in. A better mechanism for this may appear at some point
- Which tool can I use to explore gsettings ?
dconf-editor is a graphical utility that lets you browse gsettings. The gsettings commandline utility does the same in a non-graphical way; it has very useful bash completion. Note that these tools always operate on the current users gsettings database, so you don't want to run it as root. Also, they require a D-Bus session bus in order to make any changes (since that requires activating the dconf daemon via D-Bus).
- Which tool can I use to create or modify dconf profiles ?
dconf comes with a commandline utility which is also called dconf for this purpose; it is very minimal.
- Which processes should I expect to see running in a pristine, stock GNOME session ?
dbus-daemon, gnome-session, gnome-shell, gnome-settings-daemon, pulseaudio, gnome-keyring-daemon. Depending on the users setup, you might also see various gvfs processes, goa-daemon, gnome-shell-calendar-server, various evolution factory processes, gsd-printer, gnome-screensaver, at-spi2-dbus-launcher, at-spi2-registryd, etc
- How do I install a custom default value for setting xyz for all my users ?
See the description of Key File Directories in dconf/SystemAdministrators
- How do I prevent users from changing the settings xyz ?
See the description of Lockdown in dconf/SystemAdministrators
- How do I make extra backgrounds available to my users ?
Install an xml file describing your extra backgrounds in /usr/share/gnome-background-properties. Here is a small example:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE wallpapers SYSTEM "gnome-wp-list.dtd"> <wallpapers> <wallpaper deleted="false"> <name>Company Background</name> <name xml:lang="de">Firmenhintergrund</name> <filename>/opt/corp/background.jpg</filename> <options>zoom</options> <shade_type>solid</shade_type> <pcolor>#ffffff</pcolor> <scolor>#000000</scolor> </wallpaper> </wallpapers>
- How do I change the default background for new users ?
You can install an override for the org.gnome.desktop.background.picture-uri gsettings key. As an example, here is the file /usr/share/glib-2.0/schemas/org.gnome.desktop.background.fedora.gschema.override that is used in Fedora 17:
- How do I make extra fonts available to my users ?
Copy the fonts into a subdirectory of /usr/share/fonts and run fc-cache
- GNOME used to be great with themes. What happened to that ?
GNOME 3 is focusing on a single, polished experience, and the focus is on making one high-quality theme. That being said, themes are still available via the 'user themes' gnome-shell extension. gnome-tweak-tool supports this extension, too.
- If I need to change the default users theme for a specific reason (eg. make the dark theme the default for a set of users), how do I do that?
See the previous answer, about the 'user themes' shell extension
- Where does the background image on the login screen come from ?
See the org.gnome.desktop.background.picture-uri gsettings key. Note that gdm uses its own DConf profile, the way to change settings in this profile is to place a keyfile in /etc/dconf/db/gdm.d and run dconf update. Here is an example for such a keyfile, could be stored as /etc/dconf/db/gdm.d/corp-login:
Note that these DConf key files are slightly different from the gsettings override files mentioned earlier.
- And what about the background image on the lock screen ?
gnome-screensaver is running in the users session and uses the default value of the org.gnome.desktop.background.picture-uri gsettings key. To change the default, install an override
- I need my institute's logo to appear on the greeter. How ?
See the org.gnome.login-screen.logo gsettings key. Note that gdm uses its own DConf profile; the easiest way is to add this to the DConf keyfile mentioned earlier:
[org/gnome/desktop/background] picture-uri='file:///opt/corp/background.jpg' [org/gnome/login-screen] logo='/opt/corp/logo.png'
- Can I show a disclaimer text on the login screen ?
Yes, this is controlled by the settings org.gnome.login-screen.banner-message-enable and org.gnome.login-screen.banner-message-text. Note that gdm uses its own DConf profile; the easiest way is to add this to the DConf keyfile mentioned earlier
- How do I set up multiple keyboard layouts on the login screen ?
The greeter will show a layout chooser if more than one layout is configured in /etc/X11/xorg.conf
- Can I make certain users always appear in the user list ?
- Can I turn the user list off altogether ?
See the org.gnome.login-screen.disable-user-list gsettings key. Note that gdm uses its own DConf profile; the easiest way is to add this to the DConf keyfile mentioned earlier
- How do I enable my users to use fingerprints for login ?
See the org.gnome.login-screen.enable-fingerprint-authentication gsettings key. Note that gdm uses its own DConf profile; the easiest way is to add this to the DConf keyfile mentioned earlier
- What about smart cards ?
See the org.gnome.login-screen.enable-smartcard-authentication gsettings key. Note that gdm uses its own DConf profile; the easiest way is to add this to the DConf keyfile mentioned earlier
- Where is autologin information for each user stored ?
The accountsservice writes this into the gdm configuration in /etc/gdm/custom.conf; this may change
- How do I make multiple sessions appear on the login screen ?
The session chooser is shown if there is more than one desktop file in /usr/share/xsessions/
- Can I create a 'custom' session ?
Install a desktop file for your custom session in /usr/share/xsessions/. If your custom session is using gnome-session as session manager, you can give it a --session=mysession argument, and define the contents of your session in the file /usr/share/gnome-session/sessions/mysession.session. Here is an example, /usr/share/xsession/custom.desktop:
[Desktop Entry] Encoding=UTF-8 Type=Application Name=Custom session Name[de]=Spezial-Session Comment=This is our custom session Exec=gnome-session --session=mysession TryExec=gnome-session
This would be used together with a session definition file /usr/share/gnome-session/sessions/mysession.session that looks like this:
[GNOME Session] Name=Custom session Name[de]=Spezial-Session RequiredComponents=my-window-manager;my-file-manager;my-custom-component;
Note that the names listed as RequiredComponents are expected to have desktop files behind them. E.g. there should be a /usr/share/applications/my-window-manager.desktop, and so on
- How can I run a certain application whenever a user logs in ?
Install an autostart file for the application in /etc/xdg/autostart/
- Can I give certain users a different session without making them choose it ?
The default session is determined by the Xsession key in the the /var/lib/AccountsService/users/<username> file
- How do I configure a user's home directory to support multiple versions of GNOME (over NFS or shared)?
- Can I allow certain users to configure printers, or install software ?
This is controlled by PolicyKit permissions
- How do I preconfigure VPN for all my users ?
NetworkManager stores system-wide connections in /etc/NetworkManager/system-connections - you can install your canned VPN connections there
- What do I do if a printer does not appear in the print dialog ?
Make sure cups is running; then check for firewall problems
- What do I do if sound does not work ?
Sound can be broken for a variety of reasons, so it is hard to say, but here is a number of things that are worth checking:
Is pulseaudio running ?
Are there any sound-related warnings in the system logs ?
Are the permissions of the sound devices getting set correctly ?
Is the volume muted ?
- How do I lock down access to extensions.gnome.org for my users?
- How do I mandate that the user can enable/disable extensions, but not install them
- How do I provide a set of extensions that the user have to use
- How do I make it easy for my users to access our file shares ?
nautilus stores a list of servers in ~/.config/nautilus/servers, and the list can be prepopulated there
- How do I make custom launchers (keyboard shortcuts) available ot all my users ?