Setting Gnome registry (GConf) mandatory settings automatically

Paul Whittaker asked:

TL;DR: Have found some possibilities, but documentation leaves too many questions unanswered for me to deploy them with confidence.

I’d like to roll out some mandatory GConf settings across the user workstations on our network. After some investigation there appear to be several options for changing mandatory settings, but each leaves me with questions about how to apply it correctly.

gconf-editor

  • Method: From the GUI, run gksudo gconf-editor and select File > New Mandatory Window.
  • Pros:
    • Definitely works: this is what I’ve used on smaller installation in the past.
  • Cons:
    • Not automated, so not really an option.
    • Scales poorly with large numbers of settings.

gconftool-2

  • Method: Call gconftool-2 with the ‘--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory‘ option.
  • Pros:
    • Can be automated.
  • Cons:
    • Apparently conflicting directions on use of --direct flag.
    • (minor) Requires separate command for each individual setting.

/etc/gconf/gconf.xml.mandatory/

  • Method: Alter/create files under /etc/gconf/gconf.xml.mandatory/ directly.
  • Pros:
    • Fits well with our existing file distribution infrastructure.
    • Scales well to large numbers of settings.
  • Cons:
    • Appears not to be an officially supported method.
    • Unclear how to avoid upsetting gconfd.
    • Wrapper script to stop/restart gconfd might cause user issues.

The GNOME documentation gives some examples for gconftool-2 which all use the --direct flag. However, the manual page says that the --direct flag ‘Requires that gconfd is not running.’ Is that not relevant for this scenario (I’d be running as root, not a logged in user), or would I need to detect whether a gconfd is running and pass/not pass that flag accordingly?

I’d ideally like to sync the files in /etc/ directly, but I can’t find any indication of how the daemons might respond to this (e.g. whether they might pick up inconsistent settings, or need to be restarted). Sandwiching the file updates between commands to stop/restart gconfd should avoid problems with the daemon itself, but I imagine could play havoc with an active user session.

Can anyone with more experience of GConf clarify any of these matters, or provide details of methods that they’re using? We’re running Ubuntu 12.04 LTS, but I’d be happy to hear of solutions running on any platform.

My answer:


Given your requirements, I’d go with adding settings to /etc/gconf/gconf.xml.mandatory (I presume you’re using puppet, chef, or something similar). You will need to log the user out and stop gconfd (gconftool-2 --shutdown; it usually remains running for a few minutes after logout) to have settings changes take effect.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.