Re: nm-connection-editor working only as root

From: Ramon Diaz-Uriarte <rdiaz02 gmail com>
To: José Queiroz <zekkerj gmail com>
Cc: networkmanager-list gnome org
Subject: Re: nm-connection-editor working only as root
Date: Mon, 07 Nov 2011 10:57:30 +0100

Actually, it seems that the problem was related to my not having 

polkit-gnome-authentication-agent-1

running, as Michael Biebl said, and Dan Williams also pointed to.


So now it is taken care of by starting it from my .xinitrc.


Thanks,

R.


On Sun, 6 Nov 2011 12:15:19 -0200,José Queiroz <zekkerj gmail com> wrote:
> [1  <multipart/alternative (7bit)>]
> [1.1  <text/plain; ISO-8859-1 (quoted-printable)>]
> Ramon, did you ever tried to set up a new user, and see if the same problem
> happens with it?

> If it happens, then the problem surely is in NM; but if not, then the
> problem is in your profile...

> 2011/11/6 Ramon Diaz-Uriarte <rdiaz02 gmail com>

> >
> >
> >
> > On Fri, 04 Nov 2011 11:12:09 -0500,Dan Williams <dcbw redhat com> wrote:
> > > On Fri, 2011-11-04 at 11:48 +0100, Ramon Diaz-Uriarte wrote:
> > > >
> > > >
> > > > On Wed, 02 Nov 2011 20:31:41 -0500,Dan Williams <dcbw redhat com>
> > wrote:
> > > > > On Mon, 2011-10-24 at 11:48 +0200, Ramon Diaz-Uriarte wrote:
> > > > > > Actually, three problems remain ;-).
> > > > > >
> > > > > >
> > > > > > 1. I've rebooted and reloged in several times, but I cannot save a
> > > > > > connection because it complaints about insufficient privileges. (I
> > get a
> > > > > > pop-up message that says "Connection add failed", "Insufficient
> > > > > > privileges").
> > > > > >
> > > > > >
> > > > > > I have logged with kdm (or gdm) and have a local session:
> > > > > >
> > > > > > ramon@Bufo:~$ ck-list-sessions
> > > > > > Session1:
> > > > > >         unix-user = '1000'
> > > > > >         realname = 'ramon diaz-uriarte'
> > > > > >         seat = 'Seat1'
> > > > > >         session-type = ''
> > > > > >         active = TRUE
> > > > > >         x11-display = ':0'
> > > > > >         x11-display-device = '/dev/tty7'
> > > > > >         display-device = ''
> > > > > >         remote-host-name = ''
> > > > > >         is-local = TRUE
> > > > > >         on-since = '2011-10-23T16:29:00.632372Z'
> > > > > >         login-session-id = '4294967295'
> > > >
> > > > > Is this an update or a new connection?  This error is coming from
> > > > > PolicyKit, so does this work if you edit the file:
> > > >
> > > > >
> > /usr/share/polkit-1/actions/org.freedesktop.network-manager-settings.system.policy
> > > >
> > > > > and change the following hunk to:
> > > >
> > > > >   <action
> > id="org.freedesktop.network-manager-settings.system.modify">
> > > > >     <_description>Modify system connections</_description>
> > > > >     <_message>System policy prevents modification of system
> > settings</_message>
> > > > >     <defaults>
> > > > >       <allow_inactive>yes</allow_inactive>
> > > > >       <allow_active>auth_admin_keep</allow_active>
> > > > >     </defaults>
> > > > >   </action>
> > > >
> > > > > then try.  If that doesn't work, change it to:
> > > >
> > > > >   <action
> > id="org.freedesktop.network-manager-settings.system.modify">
> > > > >     <_description>Modify system connections</_description>
> > > > >     <_message>System policy prevents modification of system
> > settings</_message>
> > > > >     <defaults>
> > > > >       <allow_inactive>yes</allow_inactive>
> > > > >       <allow_active>yes</allow_active>
> > > > >     </defaults>
> > > > >   </action>
> > > >
> > > > > no reboot or anything is necessary, the changes take effect
> > immediately.
> > > >
> > > >
> > > > I tried both (note: there were minor differences in syntax, like mine
> > is
> > > > called NetworkManager, not network-manager, etc).
> > > >
> > > > The first one did not work, but the second did. Thanks a lot.
> >
> > > Ok, this is good to know.  We now know that your user was marked as
> > > 'active' via ConsoleKit (which PolicyKit talks to) but for some reason
> > > PolicyKit wasn't able to show the authentication dialog.  If you're
> > > using a GNOME desktop, do you have the
> > > "polkit-gnome-authentication-agent-1" program anywhere in /usr/libexec
> > > or /usr/lib or /usr/lib64 or /usr/bin ?  If you're not on a GNOME
> > > desktop, do you ever see PolicyKit authentication dialogs?
> >
> >
> > I do not use GNOME, but I tested it here. This is what happens:
> >
> > - If I use GNOME, then the first version
> >
> >  <allow_inactive>yes</allow_inactive>
> >  <allow_active>auth_admin_keep</allow_active>
> >
> >
> > works. When I try to add a connection with security, or to modify
> > an existing one, I am prompted for the root password, and then I can
> > modify, etc.
> >
> > Yes, I do have polkit-gnome-authentication-agent-1 in
> > /usr/lib/policykit-1-gnome/
> >
> >
> >
> > - If I do not use GNOME (I use xmonad), then I need the second version
> >
> >  <allow_inactive>yes</allow_inactive>
> >  <allow_active>yes</allow_active>
> >
> > to be able to modify, add, etc. Otherwise, I get a message saying that I do
> > not have sufficient privileges.
> >
> > No, I never see a PolicyKit authentication dialog. However, in case it
> > matters, I do have the daemon running:
> >
> >
> > ramon@Bufo:~$ ps -A -f | grep polkit
> > root      1487     1  0 12:00 ?        00:00:01
> > /usr/lib/policykit-1/polkitd
> >
> >
> > and a bunch of dbus-related stuff:
> >
> > ramon@Bufo:~$ ps -A -f | grep dbus
> > 101       1468     1  0 12:00 ?        00:00:02 /usr/bin/dbus-daemon
> > --system
> > ramon    10239 10197  0 12:59 ?        00:00:00 /usr/bin/ssh-agent
> > /usr/bin/dbus-launch --exit-with-session /bin/bash /home/ramon/.xsession
> > ramon    10242     1  0 12:59 ?        00:00:00 /usr/bin/dbus-launch
> > --exit-with-session /bin/bash /home/ramon/.xsession
> > ramon    10243     1  0 12:59 ?        00:00:00 /usr/bin/dbus-daemon
> > --fork --print-pid 5 --print-address 7 --session
> >
> >
> >
> >
> > Best,
> >
> >
> > R.
> >
> >
> > > > Best,
> > > >
> > > >
> > > > R.
> > > >
> > > >
> > > >
> > > > > Dan
> > > >
> > > > > >
> > > > > > 2. There is the problem of not being able to access my previously
> > defined
> > > > > > connections (versions 0.8.1). They must be somewhere, but the new
> > versions
> > > > > > do not seem to be able to find them.
> > > > > >
> > > > > >
> > > > > >
> > > > > > 3. Finally, connections saved using, say, gksudo
> > nm-connection-editor are
> > > > > > stored under
> > > > > > /etc/NetworkManager/system-connections
> > > > > >
> > > > > > with passwords, etc, as plain text. Sure, they are only readable
> > to root,
> > > > > > but ssn't this a potential problem? If I remember correctly, with
> > previous
> > > > > > versions, you could only access connections (and their passwords)
> > after
> > > > > > entering your password via keyring.
> > > > > >
> > > > > >
> > > > > > Best,
> > > > > >
> > > > > > R.
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Fri, 21 Oct 2011 22:17:01 +0200,Ramon Diaz-Uriarte <
> > rdiaz02 gmail com> wrote:
> > > > > >
> > > > > >
> > > > > >
> > > > > > > On Fri, 21 Oct 2011 21:16:25 +0200,Michael Biebl <
> > biebl debian org> wrote:
> > > > > > > > [1  <text/plain; UTF-8 (quoted-printable)>]
> > > > > > > > Am 21.10.2011 21:14, schrieb Ramon Diaz-Uriarte:
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Fri, 21 Oct 2011 16:42:52 +0200,Michael Biebl <
> > biebl debian org> wrote:
> > > > > > > > >> Am 21.10.2011 13:44, schrieb Ramon Diaz-Uriarte:
> > > > > > > > >
> > > > > > > > >> What's the output of ck-list-sessions?
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Session5:
> > > > > > > > >   active = FALSE
> > > > > > > > >   is-local = FALSE
> > > > > >
> > > > > > > > That's your problem. Use a login manager, like gdm or kdm,
> > which
> > > > > > > > properly registers a ConsoleKit session.
> > > > > > > > Otherwise the PolicyKit rules used by NM won't work.
> > > > > >
> > > > > > > Login with gdm does work, but only partially. I can now add and
> > edit
> > > > > > > connections as non-root (ck-list-sessions now lists two local
> > > > > > > sessions). But the long list of wireless connections I had
> > defined (prior
> > > > > > > to 0.9) is not there. Is there anyway to get those back?
> > > > > >
> > > > > >
> > > > > > > As well, can I get the PolicyKit rules to work with other login
> > managers?
> > > > > > > I use wdm, but the trick of adding
> > > > > >
> > > > > > > exec ck-launch-session xmonad
> > > > > >
> > > > > > > at the end of my .xinitrc does not seem to work.
> > > > > >
> > > > > >
> > > > > > > Thanks,
> > > > > >
> > > > > >
> > > > > > > R.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > > > Michael
> > > > > >
> > > > > > > > --
> > > > > > > > Why is it that all of the instruments seeking intelligent life
> > in the
> > > > > > > > universe are pointed away from Earth?
> > > > > >
> > > > > > > > [2 OpenPGP digital signature <application/pgp-signature
> > (7bit)>]
> > > > > >
> > > > > > > --
> > > > > > > Ramon Diaz-Uriarte
> > > > > > > Department of Biochemistry
> > > > > > > Universidad Autónoma de Madrid
> > > > > > > Spain
> > > > > >
> > > > > > > http://ligarto.org/rdiaz
> > > > > >
> > > > > > > Temporarily at:
> > > > > > > Structural Biology and Biocomputing Programme
> > > > > > > Spanish National Cancer Centre (CNIO)
> > > > > >
> > > > > > > Phone: +34-91-732-8000 ext. 3019
> > > > > > > Fax: +-34-91-224-6972
> > > >
> > > >
> >
> >
> > --
> > Ramon Diaz-Uriarte
> > Department of Biochemistry, Lab B-25.
> > Facultad de Medicina (UAM)
> > Arzobispo Morcillo, 2
> > 28029 Madrid
> > Spain
> >
> >
> > Phone: +34-91-497-2412
> >
> > Email: rdiaz02 gmail com
> >       ramon diaz iib uam es
> >
> > http://ligarto.org/rdiaz
> >
> > _______________________________________________
> > networkmanager-list mailing list
> > networkmanager-list gnome org
> > http://mail.gnome.org/mailman/listinfo/networkmanager-list
> >
> [1.2  <text/html; ISO-8859-1 (quoted-printable)>]

> [2  <text/plain; us-ascii (7bit)>]
> _______________________________________________
> networkmanager-list mailing list
> networkmanager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list
-- 
Ramon Diaz-Uriarte
Department of Biochemistry, Lab B-25.
Facultad de Medicina (UAM)
Arzobispo Morcillo, 2
28029 Madrid
Spain


Phone: +34-91-497-2412

Email: rdiaz02 gmail com
       ramon diaz iib uam es

http://ligarto.org/rdiaz
References:
- Re: nm-connection-editor working only as root
  - From: Dan Williams
- Re: nm-connection-editor working only as root
  - From: Ramon Diaz-Uriarte
- Re: nm-connection-editor working only as root
  - From: Dan Williams
- Re: nm-connection-editor working only as root
  - From: Ramon Diaz-Uriarte
- Re: nm-connection-editor working only as root
  - From: =?ISO-8859-1?Q?Jos=E9_Queiroz?=
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]