How to Lock Down GNOME

Without viruses and other malware, Linux is typically much harder for the average user to mess up. But if you are setting up a GNOME desktop for someone who seems to do things like delete the window list, or for public use, then you should lock down the desktop.

Pessulus is a graphical lockdown editor for GNOME. Instead of finding and changing individual GNOME gconf settings, you can use Pessulus to easily access the most important settings for locking down GNOME.

Install Pessulus from the package pessulus (click the link to install), or by running the command below in your terminal:

sudo apt-get install pessulus

The simplest lock down setup to create is a web kiosk where the user can’t exit the browser. The only web browser that Pessulus supports is Epiphany, the official GNOME web browser.

Install Epiphany from the package epiphany-browser (click the link to install), or by running the command below in your terminal:

sudo apt-get install epiphany-browser

You should set up a second user account to lock down if you haven’t already. The second account will be restricted from using sudo by default, which will hide a lot of administrative utilities from the GNOME menu. Create a second account from System->Administration->Users and Groups. Click Unlock, and then Add User. Look under the User Privileges tab to restrict the new user as necessary.

new user account restrictions

After you’ve created the new user, log into the new account.

Launch Pessulus from System->Administration->Lockdown Editor. Select Epiphany Web Browser from the list of categories. Here you will find options such as disable quit, restricting browsing to chosen domains, and disabling editing the interface. I went ahead and enabled all the restrictions, which seemed to do an excellent job locking down Epiphany.


By the way, if you want to escape from Epiphany yourself, try pressing Alt-F2 to open the Run Application dialog. Run xkill and click on Epiphany to exit it. You can close this loophole in Pessulus with General->Disable command line.

If you want more than a web kiosk, you’ll need to make it so the locked-down user can’t just change the settings back in Pessulus. Instead of just hiding Pessulus from the menu, it’s better to make restrictions mandatory so they can only be changed by the root user. Run Pessulus as root:

sudo pessulus

You will notice that now there are wooden shield icons next to all the options. Click a shield to toggle wooden (optional) and silver (mandatory). Mandatory restrictions cannot be changed by regular users. If you make all the restrictions mandatory then no regular users will be able to use Pessulus.

If you’re setting up a full desktop, I’d recommend at least disabling the command line, locking the panels, and then removing the GNOME menu and adding launchers for applications you specifically want to allow to run.

Read the Pessulus documentation for details on all of the available options.

Archived Comments

Scott Wegner

This looks like a good step towards creating a locked-down guest account. Any advice on adding more restrictions on changing configurations files, setting a user quota, and reverting to a standard session on logout?

Chris Lees

Thanks for this article, I wish I’d known about Pessulus when I was setting up a desktop computer for my friend.


Great stuff, thanks.


Another tool that’s fine for lockdown/hardening/finetuning ist ubuntu tweak[1]

Just to mention it - polarizer



Very good tip, thanks man.


This is nice however you’ll have to indicate more detailed step in order user could satisfy following steps.

Respond via email