Being presented with a list of users on a login screen can be handy, saving you precious seconds from typing your username before entering your password. There are times, however, where you might not want to disclose the users that reside on a system, removing a potential attack surface from unwanted prying eyes.
The steps below look at how to configure GDM from listing users on the login screen at boot.
All users
- Create or modify the gdm keyfile
/etc/dconf/db/local.d/00-login-screenand add the below lines to the keyfile.
sudo vim /etc/dconf/db/local.d/00-login-screen
[org/gnome/login-screen]
# Do not show the user list
disable-user-list=true- After the file is modified, run “dconf update” as the root user to have it take effect. Also restart the gmd service if the changes are not reflecting.
sudo dconf update
sudo systemctl restart gdm- Log out from the session and verify the login screen. It should now not show any user list on the login screen and instead ask for a username to be entered.
Specific users
In this method, an individual user is removed from the user list which appears on the login screen. So if we disable the user “Linus”, it will not appear in the user list while other users will still be there on the list.
- Modify the user profile settings file
/var/lib/AccountsService/users/[username]and modify the lineSystemAccount=falsetoSystemAccount=true. So if the username is Linus, you need to edit the profile settings file/var/lib/AccountsService/users/Linus.
sudo vim /var/lib/AccountsService/users/john
id='centos'
version-id='8'
[User]
Icon=/home/john/.face
SystemAccount=false- Logout from the account and verify the login screen. The user
Linusshould not appear in the user list now.