RHEL 10 must disable the user list at login for graphical user interfaces.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-281287 | RHEL-10-700840 | SV-281287r1166813_rule | CCI-000381 | medium |
| Description | ||||
| Leaving the user list enabled is a security risk because it allows anyone with physical access to the system to enumerate known user accounts without authenticated access to the system. | ||||
| STIG | Date | |||
| Red Hat Enterprise Linux 10 Security Technical Implementation Guide | 2026-03-11 | |||
Details
Check Text (C-281287r1166813_chk)
Note: This requirement assumes the use of the RHEL 10 default graphical user interface, the GNOME desktop environment. If the system does not have any graphical user interface installed, this requirement is not applicable.
Verify RHEL 10 disables the user login list for graphical user interfaces with the following command:
$ gsettings get org.gnome.login-screen disable-user-list
true
If the setting is "false", this is a finding.
Fix Text (F-85753r1166812_fix)
Configure RHEL 10 to disable the user list at login for graphical user interfaces.
Note: The example below is using the database "local" for the system. If the system is using another database in "/etc/dconf/profile/user", the file should be created under the appropriate subdirectory.
Create a database to contain the systemwide screensaver settings (if it does not already exist) with the following command:
$ sudo vi /etc/dconf/db/local.d/02-login-screen
[org/gnome/login-screen]
disable-user-list=true
Update the system databases:
$ sudo dconf update