2

I'd like to have a password request whenever someone tries to start the dconf Editor. Is there any possilility to achieve this?

Braiam
  • 67,791
  • 32
  • 179
  • 269
s3lph
  • 14,314
  • 11
  • 59
  • 82

3 Answers3

1

One possibility is to patch the code to make it show a password dialogue. Or to write a wrapper and place it in, say, /usr/local/bin/dconf-editor. But all that is security theatre only unless you manage ~/.config/dconf/ differently. By default, it is owned by the user who can thus modify it as she likes.

If you want to prevent certain changes in the configuration to be made, you might want to have a look at Pessulus (https://wiki.gnome.org/Pessulus). But you would have to put in a lot of work as it has been deprecated long time ago.

Frederick Nord
  • 549
  • 5
  • 9
0

First edit /usr/share/applications/dconf-editor.desktop file as follow:

  • From terminal open dconf-editor.desktop file using the following command:

    sudo -i gedit /usr/share/applications/dconf-editor.desktop

  • Find the following line:

    Exec=dconf-editor

    and replace it with:

    Exec=pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY dconf-editor

  • Save the file and close it.

Second, change the permission of /usr/bin/dconf-editor file to be executable only by the root. To do this, from terminal run the following command:

sudo chmod go-x /usr/bin/dconf-editor
Radu Rădeanu
  • 169,590
0

You should just remove the dconf editor package:

sudo apt-get remove dconf-editor

so anyone that wants to modify your dconf should know:

  1. Your sudo password or
  2. How to use dconf command line

There's another option, but should not be used if you don't know what you are doing, which is literally put your ~/.conf/dconf directory as read-only.

Braiam
  • 67,791
  • 32
  • 179
  • 269