Re: Blocking a user from activating Airplane mode

From: Dan Williams <dcbw redhat com>
To: Phil Reynolds <phil-nm tinsleyviaduct com>
Cc: networkmanager-list gnome org
Subject: Re: Blocking a user from activating Airplane mode
Date: Mon, 16 Sep 2013 16:07:44 -0500

On Mon, 2013-09-16 at 12:06 -0500, Dan Williams wrote:

On Sun, 2013-09-15 at 19:36 +0100, Phil Reynolds wrote:

My partner sometimes uses my laptop, and on two occasions has somehow
activated Airplane mode - this of course drops the WLAN and WWAN
connections. I can't even get the WWAN to work again after this happens
without rebooting.

I am wondering if there is a way I can stop him activating Airplane
mode - it's not something he would ever need to activate anyway.


NetworkManager uses PolicyKit to protect various operations like this.
What you want to do is to ensure that the user cannot obtain these
permissions:


Note that this obviously doesn't stop them from turning airplane mode on
if there's a hardware switch or a soft-key.  That's usually controlled
by BIOS and there's no good way to lock that down, unless BIOS provides
one.

Also note that it only stops *NetworkManager* from touching the airplane
mode status; it won't stop other apps from doing so, if they also
provide the ability to turn airplane mode on/off by talking to the
kernel directly.

Dan

org.freedesktop.NetworkManager.enable-disable-wifi
org.freedesktop.NetworkManager.enable-disable-wwan

which you'd do by writing some PolicyKit rules to deny that user these
two permissons.  Rules are just files that get dropped
into /etc/polkit-1/rules.d and look like this:

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.NetworkManager.enable-disable-wifi" ||
        action.id == "org.freedesktop.NetworkManager.enable-disable-wwan") {
        if (subject.isInGroup("wheel")) {
            return polkit.Result.YES;
        } else {
            return polkit.Result.NO;
        }
    }
});

(or something along those lines) which will deny this permission
completely to any user who is not in the Unix 'wheel' group.  There
should be a good bit of info out there on writing policykit rules.

Hope this helps,
Dan

_______________________________________________
networkmanager-list mailing list
networkmanager-list gnome org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

References:
- Blocking a user from activating Airplane mode
  - From: Phil Reynolds
- Re: Blocking a user from activating Airplane mode
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]