Re: nm-connection-editor working only as root
- From: Dan Williams <dcbw redhat com>
- To: Ramon Diaz-Uriarte <rdiaz02 gmail com>
- Cc: networkmanager-list gnome org
- Subject: Re: nm-connection-editor working only as root
- Date: Fri, 04 Nov 2011 11:12:09 -0500
On Fri, 2011-11-04 at 11:48 +0100, Ramon Diaz-Uriarte wrote:
>
>
> On Wed, 02 Nov 2011 20:31:41 -0500,Dan Williams <dcbw redhat com> wrote:
> > On Mon, 2011-10-24 at 11:48 +0200, Ramon Diaz-Uriarte wrote:
> > > Actually, three problems remain ;-).
> > >
> > >
> > > 1. I've rebooted and reloged in several times, but I cannot save a
> > > connection because it complaints about insufficient privileges. (I get a
> > > pop-up message that says "Connection add failed", "Insufficient
> > > privileges").
> > >
> > >
> > > I have logged with kdm (or gdm) and have a local session:
> > >
> > > ramon@Bufo:~$ ck-list-sessions
> > > Session1:
> > > unix-user = '1000'
> > > realname = 'ramon diaz-uriarte'
> > > seat = 'Seat1'
> > > session-type = ''
> > > active = TRUE
> > > x11-display = ':0'
> > > x11-display-device = '/dev/tty7'
> > > display-device = ''
> > > remote-host-name = ''
> > > is-local = TRUE
> > > on-since = '2011-10-23T16:29:00.632372Z'
> > > login-session-id = '4294967295'
>
> > Is this an update or a new connection? This error is coming from
> > PolicyKit, so does this work if you edit the file:
>
> > /usr/share/polkit-1/actions/org.freedesktop.network-manager-settings.system.policy
>
> > and change the following hunk to:
>
> > <action id="org.freedesktop.network-manager-settings.system.modify">
> > <_description>Modify system connections</_description>
> > <_message>System policy prevents modification of system settings</_message>
> > <defaults>
> > <allow_inactive>yes</allow_inactive>
> > <allow_active>auth_admin_keep</allow_active>
> > </defaults>
> > </action>
>
> > then try. If that doesn't work, change it to:
>
> > <action id="org.freedesktop.network-manager-settings.system.modify">
> > <_description>Modify system connections</_description>
> > <_message>System policy prevents modification of system settings</_message>
> > <defaults>
> > <allow_inactive>yes</allow_inactive>
> > <allow_active>yes</allow_active>
> > </defaults>
> > </action>
>
> > no reboot or anything is necessary, the changes take effect immediately.
>
>
> I tried both (note: there were minor differences in syntax, like mine is
> called NetworkManager, not network-manager, etc).
>
> The first one did not work, but the second did. Thanks a lot.
Ok, this is good to know. We now know that your user was marked as
'active' via ConsoleKit (which PolicyKit talks to) but for some reason
PolicyKit wasn't able to show the authentication dialog. If you're
using a GNOME desktop, do you have the
"polkit-gnome-authentication-agent-1" program anywhere in /usr/libexec
or /usr/lib or /usr/lib64 or /usr/bin ? If you're not on a GNOME
desktop, do you ever see PolicyKit authentication dialogs?
> Best,
>
>
> R.
>
>
>
> > Dan
>
> > >
> > > 2. There is the problem of not being able to access my previously defined
> > > connections (versions 0.8.1). They must be somewhere, but the new versions
> > > do not seem to be able to find them.
> > >
> > >
> > >
> > > 3. Finally, connections saved using, say, gksudo nm-connection-editor are
> > > stored under
> > > /etc/NetworkManager/system-connections
> > >
> > > with passwords, etc, as plain text. Sure, they are only readable to root,
> > > but ssn't this a potential problem? If I remember correctly, with previous
> > > versions, you could only access connections (and their passwords) after
> > > entering your password via keyring.
> > >
> > >
> > > Best,
> > >
> > > R.
> > >
> > >
> > >
> > > On Fri, 21 Oct 2011 22:17:01 +0200,Ramon Diaz-Uriarte <rdiaz02 gmail com> wrote:
> > >
> > >
> > >
> > > > On Fri, 21 Oct 2011 21:16:25 +0200,Michael Biebl <biebl debian org> wrote:
> > > > > [1 <text/plain; UTF-8 (quoted-printable)>]
> > > > > Am 21.10.2011 21:14, schrieb Ramon Diaz-Uriarte:
> > > > > >
> > > > > >
> > > > > > On Fri, 21 Oct 2011 16:42:52 +0200,Michael Biebl <biebl debian org> wrote:
> > > > > >> Am 21.10.2011 13:44, schrieb Ramon Diaz-Uriarte:
> > > > > >
> > > > > >> What's the output of ck-list-sessions?
> > > > > >
> > > > > >
> > > > > > Session5:
> > > > > > active = FALSE
> > > > > > is-local = FALSE
> > >
> > > > > That's your problem. Use a login manager, like gdm or kdm, which
> > > > > properly registers a ConsoleKit session.
> > > > > Otherwise the PolicyKit rules used by NM won't work.
> > >
> > > > Login with gdm does work, but only partially. I can now add and edit
> > > > connections as non-root (ck-list-sessions now lists two local
> > > > sessions). But the long list of wireless connections I had defined (prior
> > > > to 0.9) is not there. Is there anyway to get those back?
> > >
> > >
> > > > As well, can I get the PolicyKit rules to work with other login managers?
> > > > I use wdm, but the trick of adding
> > >
> > > > exec ck-launch-session xmonad
> > >
> > > > at the end of my .xinitrc does not seem to work.
> > >
> > >
> > > > Thanks,
> > >
> > >
> > > > R.
> > >
> > >
> > >
> > >
> > > > > Michael
> > >
> > > > > --
> > > > > Why is it that all of the instruments seeking intelligent life in the
> > > > > universe are pointed away from Earth?
> > >
> > > > > [2 OpenPGP digital signature <application/pgp-signature (7bit)>]
> > >
> > > > --
> > > > Ramon Diaz-Uriarte
> > > > Department of Biochemistry
> > > > Universidad Autónoma de Madrid
> > > > Spain
> > >
> > > > http://ligarto.org/rdiaz
> > >
> > > > Temporarily at:
> > > > Structural Biology and Biocomputing Programme
> > > > Spanish National Cancer Centre (CNIO)
> > >
> > > > Phone: +34-91-732-8000 ext. 3019
> > > > Fax: +-34-91-224-6972
>
>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
