18.04: Bionic Beaver: Login Screen: Modify: remove all options for better security

It extremely bugs me the fact that default login screen on Ubuntu (now using GNOME) is offering too much for an unauthorized user to play with.

I want to control and remove/hide items on the login screen that allow system modification, tweaking, altering, or even information viewing! For example, and with all due respect, by nature, Accessibility options were and are still the most dangerous thing to have enabled at a lock screen IN ANY OS.

Take Microsoft Windows for example, although techie people like to keep it for an authentic, native, and last resort password reset workaround, accessibility options are a physical attacker's gateway to heavens. You can gain full control over a Windows system just by booting any Windows install CD from Windows 7 and up, copying/overwriting a single file and rebooting. That's it.

That said, I wish to know how to remove all those vulnerable entry points from my login screen. It would make my life way lot easier.

Notes:

  • I tried editing /etc/gdm3/greeter.dconf-defaults. No use; crashes GDM.

  • I tried searching for accessibility packages to remove them; but they are deeply integrated with GNOME, cannot do.

  • I tried using gsettings command to disable accessibility toolkit for the gdm user, entirely, but it always fails with errors.

  • I tried running gconf-editor as the gdm user, always fails to start.

Any working tip is extremely appreciated.


Referencing this page I could actually do it!

In this very specific case, the docs are incomplete and/or misleading, because no one will tell you that a disable-restart-buttons=true would also mean that the little accessibility bugger critter will be gone!! For good.

So, with root privileges, do:

  • Create file /etc/dconf/profile/gdm with this content:

    user-db:user
    system-db:gdm
    file-db:/usr/share/gdm/greeter.dconf-defaults
    

    Note that /usr/share/gdm/greeter.dconf-defaults (.dconf) here in Ubuntu, but is /usr/share/gdm/greeter-dconf-defaults (-dconf) in GNOME docs!

  • Create folder and file /etc/dconf/db/gdm.d/00-login-screen, with this content:

    [org/gnome/login-screen]
    disable-restart-buttons=true
    
  • Run dconf update, then reboot.

That's it!