Numero uno, the article you were reading is most likely from the GNOME 2 days. GConf was the GNOME 2 configuration mechanism; DConf (I know it's confusing) is the new and "improved" (don't get me started on its idiocies) configuration system used by GNOME 3 and MATE alike. Anyway, the directory to change permissions on is /home/desktopuser/.config/dconf
, and you can use the following command to make it unwritable by desktopuser:
chmod u-w /home/desktopuser/.config/dconf/user
However, that's not enough to deter anybody who can use the terminal and change permissions! To truly lock the database down, do the following commands as the administrator dude:
sudo chmod 040 /home/desktopuser/.config/dconf/user
sudo chown [name of the administrator] /home/desktopuser/.config/dconf/user
Now the administrator owns the configuration database (you can change ownership to root instead, if you prefer), but the administrator can't read the file themselves; only members of the group desktopuser
(which by default is only the user desktopuser
) can even read the file, and nobody can write to it.
After you do this, "nobody" can change your desktop settings!