I do not use GNOME, but I tested it here. This is what happens:
On Fri, 04 Nov 2011 11:12:09 -0500,Dan Williams <dcbw redhat com> wrote:
> On Fri, 2011-11-04 at 11:48 +0100, Ramon Diaz-Uriarte wrote:
> >
> >
> > On Wed, 02 Nov 2011 20:31:41 -0500,Dan Williams <dcbw redhat com> wrote:
> > > On Mon, 2011-10-24 at 11:48 +0200, Ramon Diaz-Uriarte wrote:
> > > > Actually, three problems remain ;-).
> > > >
> > > >
> > > > 1. I've rebooted and reloged in several times, but I cannot save a
> > > > connection because it complaints about insufficient privileges. (I get a
> > > > pop-up message that says "Connection add failed", "Insufficient
> > > > privileges").
> > > >
> > > >
> > > > I have logged with kdm (or gdm) and have a local session:
> > > >
> > > > ramon@Bufo:~$ ck-list-sessions
> > > > Session1:
> > > > unix-user = '1000'
> > > > realname = 'ramon diaz-uriarte'
> > > > seat = 'Seat1'
> > > > session-type = ''
> > > > active = TRUE
> > > > x11-display = ':0'
> > > > x11-display-device = '/dev/tty7'
> > > > display-device = ''
> > > > remote-host-name = ''
> > > > is-local = TRUE
> > > > on-since = '2011-10-23T16:29:00.632372Z'
> > > > login-session-id = '4294967295'
> >
> > > Is this an update or a new connection? This error is coming from
> > > PolicyKit, so does this work if you edit the file:
> >
> > > /usr/share/polkit-1/actions/org.freedesktop.network-manager-settings.system.policy
> >
> > > and change the following hunk to:
> >
> > > <action id="org.freedesktop.network-manager-settings.system.modify">
> > > <_description>Modify system connections</_description>
> > > <_message>System policy prevents modification of system settings</_message>
> > > <defaults>
> > > <allow_inactive>yes</allow_inactive>
> > > <allow_active>auth_admin_keep</allow_active>
> > > </defaults>
> > > </action>
> >
> > > then try. If that doesn't work, change it to:
> >
> > > <action id="org.freedesktop.network-manager-settings.system.modify">
> > > <_description>Modify system connections</_description>
> > > <_message>System policy prevents modification of system settings</_message>
> > > <defaults>
> > > <allow_inactive>yes</allow_inactive>
> > > <allow_active>yes</allow_active>
> > > </defaults>
> > > </action>
> >
> > > no reboot or anything is necessary, the changes take effect immediately.
> >
> >
> > I tried both (note: there were minor differences in syntax, like mine is
> > called NetworkManager, not network-manager, etc).
> >
> > The first one did not work, but the second did. Thanks a lot.
> Ok, this is good to know. We now know that your user was marked as
> 'active' via ConsoleKit (which PolicyKit talks to) but for some reason
> PolicyKit wasn't able to show the authentication dialog. If you're
> using a GNOME desktop, do you have the
> "polkit-gnome-authentication-agent-1" program anywhere in /usr/libexec
> or /usr/lib or /usr/lib64 or /usr/bin ? If you're not on a GNOME
> desktop, do you ever see PolicyKit authentication dialogs?
- If I use GNOME, then the first version
works. When I try to add a connection with security, or to modify
<allow_inactive>yes</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
an existing one, I am prompted for the root password, and then I can
modify, etc.
Yes, I do have polkit-gnome-authentication-agent-1 in
/usr/lib/policykit-1-gnome/
- If I do not use GNOME (I use xmonad), then I need the second version
to be able to modify, add, etc. Otherwise, I get a message saying that I do
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
not have sufficient privileges.
No, I never see a PolicyKit authentication dialog. However, in case it
matters, I do have the daemon running:
ramon@Bufo:~$ ps -A -f | grep polkit
root 1487 1 0 12:00 ? 00:00:01 /usr/lib/policykit-1/polkitd
and a bunch of dbus-related stuff:
ramon@Bufo:~$ ps -A -f | grep dbus
101 1468 1 0 12:00 ? 00:00:02 /usr/bin/dbus-daemon --system
ramon 10239 10197 0 12:59 ? 00:00:00 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session /bin/bash /home/ramon/.xsession
ramon 10242 1 0 12:59 ? 00:00:00 /usr/bin/dbus-launch --exit-with-session /bin/bash /home/ramon/.xsession
ramon 10243 1 0 12:59 ? 00:00:00 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
Best,
R.
> > Best,
> >
> >
> > R.
> >
> >
> >
> > > Dan
> >
> > > >
> > > > 2. There is the problem of not being able to access my previously defined
> > > > connections (versions 0.8.1). They must be somewhere, but the new versions
> > > > do not seem to be able to find them.
> > > >
> > > >
> > > >
> > > > 3. Finally, connections saved using, say, gksudo nm-connection-editor are
> > > > stored under
> > > > /etc/NetworkManager/system-connections
> > > >
> > > > with passwords, etc, as plain text. Sure, they are only readable to root,
> > > > but ssn't this a potential problem? If I remember correctly, with previous
> > > > versions, you could only access connections (and their passwords) after
> > > > entering your password via keyring.
> > > >
> > > >
> > > > Best,
> > > >
> > > > R.
> > > >
> > > >
> > > >
> > > > On Fri, 21 Oct 2011 22:17:01 +0200,Ramon Diaz-Uriarte <rdiaz02 gmail com> wrote:
> > > >
> > > >
> > > >
> > > > > On Fri, 21 Oct 2011 21:16:25 +0200,Michael Biebl <biebl debian org> wrote:
> > > > > > [1 <text/plain; UTF-8 (quoted-printable)>]
> > > > > > Am 21.10.2011 21:14, schrieb Ramon Diaz-Uriarte:
> > > > > > >
> > > > > > >
> > > > > > > On Fri, 21 Oct 2011 16:42:52 +0200,Michael Biebl <biebl debian org> wrote:
> > > > > > >> Am 21.10.2011 13:44, schrieb Ramon Diaz-Uriarte:
> > > > > > >
> > > > > > >> What's the output of ck-list-sessions?
> > > > > > >
> > > > > > >
> > > > > > > Session5:
> > > > > > > active = FALSE
> > > > > > > is-local = FALSE
> > > >
> > > > > > That's your problem. Use a login manager, like gdm or kdm, which
> > > > > > properly registers a ConsoleKit session.
> > > > > > Otherwise the PolicyKit rules used by NM won't work.
> > > >
> > > > > Login with gdm does work, but only partially. I can now add and edit
> > > > > connections as non-root (ck-list-sessions now lists two local
> > > > > sessions). But the long list of wireless connections I had defined (prior
> > > > > to 0.9) is not there. Is there anyway to get those back?
> > > >
> > > >
> > > > > As well, can I get the PolicyKit rules to work with other login managers?
> > > > > I use wdm, but the trick of adding
> > > >
> > > > > exec ck-launch-session xmonad
> > > >
> > > > > at the end of my .xinitrc does not seem to work.
> > > >
> > > >
> > > > > Thanks,
> > > >
> > > >
> > > > > R.
> > > >
> > > >
> > > >
> > > >
> > > > > > Michael
> > > >
> > > > > > --
> > > > > > Why is it that all of the instruments seeking intelligent life in the
> > > > > > universe are pointed away from Earth?
> > > >
> > > > > > [2 OpenPGP digital signature <application/pgp-signature (7bit)>]
> > > >
> > > > > --
> > > > > Ramon Diaz-Uriarte
> > > > > Department of Biochemistry
> > > > > Universidad Autónoma de Madrid
> > > > > Spain
> > > >
> > > > > http://ligarto.org/rdiaz
> > > >
> > > > > Temporarily at:
> > > > > Structural Biology and Biocomputing Programme
> > > > > Spanish National Cancer Centre (CNIO)
> > > >
> > > > > Phone: +34-91-732-8000 ext. 3019
> > > > > Fax: +-34-91-224-6972
> >
> >
--
Ramon Diaz-Uriarte
Department of Biochemistry, Lab B-25.
Facultad de Medicina (UAM)
Arzobispo Morcillo, 2
28029 Madrid
Spain
Phone: +34-91-497-2412
Email: rdiaz02 gmail com
ramon diaz iib uam es
http://ligarto.org/rdiaz
_______________________________________________
networkmanager-list mailing list
networkmanager-list gnome org
http://mail.gnome.org/mailman/listinfo/networkmanager-list