To disable command-line access for your desktop user, you need to make configuration changes in a number of different contexts. Bear in mind that the following steps do not remove the desktop user's permissions to access a command line, but rather remove the ways that the desktop user could access the command line.
Set the org.gnome.desktop.lockdown.disable-command-line
GSettings key, which prevents the user from accessing the terminal or
specifying a command line to be executed (the
Prevent users from accessing the
Disable switching to virtual terminals (VTs) with the
Remove
We have yet to cover removing a menu item in this guide. We don’t want system admins having to modify .desktop files as those could be overwritten on system update.
Create a
# Specify the dconf path
[org/gnome/desktop/lockdown]
# Disable the command prompt
disable-command-line=true
Override the user’s setting and prevent the user from changing it in
# List the keys used to configure lockdown
/org/gnome/desktop/lockdown/disable-command-line
Users can normally use the
If the computer is running the X Window System, you can disable
access to all virtual terminals by adding a DontVTSwitch option
to the Serverflags section in an X configuration file in the
Create or edit an X configuration file in
Section "Serverflags"
Option "DontVTSwitch" "yes"
EndSection
Restart the X server for the changes to take effect.