Disabling the graphical user list in the Gnome Display Manager (GDM) greeter

In CentOS 6 and 7, the GDM greeter/login screen offers a graphical chooser of all users on the system with names and images displayed. In many situations this is undesirable behavior for security or performance reasons. The situation is compounded because GDM scans all user accounts for images to display from the users' home directories which can add a significant delay and cause all home directories to be (auto)mounted. This tip describes how to disable these behaviours.

CentOS 6 and 7 use Gnome 2 and 3 respectively requiring different settings to be changed.

CentOS 6

CentOS 6 uses Gnome 2 whose settings are supposed to be configured with gconftool-2 but there seem to be various issues with using gconftool-2 to manipulate this setting. A reliable way to disable the graphical user list is to edit the file /etc/gconf/gconf.xml.defaults/%gconf-tree.xml as root and search for the second, single line instance of disable_user_list (I think the first is just the default/documentation setting) and change the value to true. The line should then look something like

<entry name="disable_user_list" mtime="1415197704" schema="/schemas/apps/gdm/simple-greeter/disable_user_list" type="bool" value="true"/>

The next time gdm restarts (e.g. on logging out), this should take effect.

CentOS 7

CentOS 7 uses Gnome 3 whose settings are configured via a database maintained with dconf.

Disabling the graphical user list

The method is described in the upstream vendor's Desktop_Migration_and_Administration_Guide section 10.4.4. You can disable the display of the restart and shutdown buttons here too.

As root, create a file /etc/dbconf/db/gdm.d/00-login-screen with contents

[org/gnome/login-screen]
#Do not show the user list
disable-user-list=true
#Do not show restart buttons
disable-restart-buttons=true

Save the file and issue the command

dconf update 

Disabling the scanning of home directories

This is not documented for Gnome 3, but does seem to work.

As root edit the file /etc/gdm/custom.conf so that the greeter section reads

[greeter]
IncludeAll = false

Save the file and issue the command

dconf update 

TipsAndTricks/DisableGDMUserlist (last edited 2016-01-15 11:35:13 by BrianSmith)