Bug 1506370
| Summary: | [RFE] disable show text in GDM login screen/lock screen | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Joe Wright <jwright> | ||||
| Component: | gnome-shell | Assignee: | Ray Strode [halfline] <rstrode> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Desktop QE <desktop-qa-list> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 7.6 | CC: | alanm, bgollahe, justin.vandebrake.ctr, mboisver, mclasen, modehnal, robert.w.hood, rstrode, tpelka | ||||
| Target Milestone: | rc | Keywords: | FutureFeature | ||||
| Target Release: | 7.8 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | gsettings-desktop-schemas-3.28.0-3.el7 gnome-shell-3.28.3-13.el7 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2020-03-31 19:38:46 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1727111 | ||||||
| Attachments: |
|
||||||
TEST SETUP
Distro: RHEL 7.7 Workstation
Component version:
gnome-shell-3.28.3-11.el7
gsettings-desktop-schemas-3.28.0-2.el7
TEST PROCEDURE
1. Download and install Brew builds:
gnome-shell-3.28.3-13.el7
gsettings-desktop-schemas-devel-3.28.0-3.el7
2. Follow steps from RHEL 7 Desktop Migration and Administration Guide:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/desktop_migration_and_administration_guide/custom-default-values-system-settings#lock-down-specific-settings
3. Create a local database for machine-wide settings.
# cat > /etc/dconf/db/local.d/00-password-policy << EOF
[org/gnome/desktop/lockdown]
disable-show-password=true
EOF
4. Override the user's setting to prevent the user from changing it.
# cat > /etc/dconf/db/local.d/locks/00-disable-show-password << EOF
/org/gnome/desktop/lockdown/disable-show-password
EOF
5. # dconf update
6. Try to log as user "test". The option "Show password" is not visible.
7. Log in a GNOME session as user test.
8. Try to modify the password policy:
$ dconf write /org/gnome/desktop/lockdown/disable-show-password false
error: The operation attempted to modify one or more non-writable keys
This is the intended behavior.
RESULT
Upgrading component: gnome-shell
from: 3.28.3-11.el7
to: 3.28.3-13.el7
Upgrading component: gsettings-desktop-schemas
from: 3.28.0-2.el7
to: 3.28.0-3.el7
has fixed the bug.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1021 I assumed the fix was incorporated into the 7.8 Maipo RHEL7 kernel. I am unable to disable the "show text" option on the gnome-login screen: cat > /etc/dconf/db/local.d/00-password-policy << EOF [org/gnome/desktop/lockdown] disable-show-password=true EOF cat > /etc/dconf/db/local.d/locks/00-disable-show-password << EOF /org/gnome/desktop/lockdown/disable-show-password true EOF dconf update Tested on (.x86_64): Red HAt Enterprise Linux Server release 7.8 (Maipo) gnome-shell-3.28.3-24.el7 gsettings-desktop-schemas-3.28.0-3.el7 kernel-3.10.0-1127.el7 Working configuration on 7.8 Maipo: For the login screen: # cat > /etc/dconf/db/gdm.d/00-login-screen << EOF [org/gnome/desktop/lockdown] disable-show-password=true EOF For the lockscreen: # cat > /etc/dconf/db/local.d/00-lockscreen << EOF [org/gnome/desktop/lockdown] disable-show-password=true EOF # cat > /etc/dconf/db/local.d/locks/00-lockscreen << EOF /org/gnome/desktop/lockdown/disable-show-password EOF Apply the settings: # dconf update |
Created attachment 1608422 [details] Screenshot from reproducing the bug after component update