In GNOME Shell, you can prevent the user from enabling or disabling extensions by locking down the org.gnome.shell.enabled-extensions and org.gnome.shell.development-tools keys. This allows you to provide a set of extensions that the user has to use.
Locking down the org.gnome.shell.development-tools key ensures that the user cannot use GNOME Shell’s integrated debugger and inspector tool (Looking Glass) to disable any mandatory extensions.
Create a user profile in /etc/dconf/profile/user:
user-db:user system-db:local
Create a local database for machine-wide settings in /etc/dconf/db/local.d/00-extensions:
[org/gnome/shell] # List all extensions that you want to have enabled for all users enabled-extensions=['myextension1@myname.example.com', 'myextension2@myname.example.com'] # Disable access to Looking Glass development-tools=false
The enabled-extensions key specifies the enabled extensions using the extensions’ uuid (myextension1@myname.example.com and myextension2@myname.example.com).
The development-tools key is set to false to disable access to Looking Glass.
Override the user’s setting and prevent the user from changing it in /etc/dconf/db/local.d/locks/extensions:
# Lock the list of enabled extensions /org/gnome/shell/enabled-extensions /org/gnome/shell/development-tools
Update the system databases:
# dconf update
After locking down the org.gnome.shell.enabled-extensions and org.gnome.shell.development-tools keys, any extensions installed in ~/.local/share/gnome-shell/extensions or /usr/share/gnome-shell/extensions that are not listed in the org.gnome.shell.enabled-extensions key will not be loaded by GNOME Shell, thus preventing the user from using them.
Got a comment? Spotted an error? Found the instructions unclear? Send feedback about this page.