Re: Only root can utilize nm-applet and nmcli as part of NetworkManager - how can other users use it w/o root?
- From: Dan Williams <dcbw redhat com>
- To: poma <pomidorabelisima gmail com>
- Cc: networkmanager-list gnome org
- Subject: Re: Only root can utilize nm-applet and nmcli as part of NetworkManager - how can other users use it w/o root?
- Date: Thu, 08 Jan 2015 10:39:29 -0600
On Wed, 2015-01-07 at 23:42 +0100, poma wrote:
On 07.01.2015 18:29, Dan Williams wrote:
On Mon, 2015-01-05 at 19:14 +0100, Thomas Schneider wrote:
Hello!
I have installed latest version of NetworkManager and nmcli
respectively + OpenVPN plugin or NetworkManager.
user pc1-asus:~$ apt-cache policy network-manager
network-manager:
Installiert: 0.9.10.0-5
Installationskandidat: 0.9.10.0-5
Versionstabelle:
*** 0.9.10.0-5 0
500 http://ftp.debian.org/debian/ jessie/main i386 Packages
100 /var/lib/dpkg/status
user pc1-asus:~$ apt-cache policy network-manager-gnome
network-manager-gnome:
Installiert: 0.9.10.0-2
Installationskandidat: 0.9.10.0-2
Versionstabelle:
*** 0.9.10.0-2 0
500 http://ftp.debian.org/debian/ jessie/main i386 Packages
100 /var/lib/dpkg/status
user pc1-asus:~$ apt-cache policy network-manager-openvpn
network-manager-openvpn:
Installiert: 0.9.10.0-1
Installationskandidat: 0.9.10.0-1
Versionstabelle:
*** 0.9.10.0-1 0
500 http://ftp.debian.org/debian/ jessie/main i386 Packages
100 /var/lib/dpkg/status
user pc1-asus:~$ apt-cache policy network-manager-openvpn-gnome
network-manager-openvpn-gnome:
Installiert: 0.9.10.0-1
Installationskandidat: 0.9.10.0-1
Versionstabelle:
*** 0.9.10.0-1 0
500 http://ftp.debian.org/debian/ jessie/main i386 Packages
100 /var/lib/dpkg/status
All maintained connections are working. This includes OpenVPN
connection type, too.
However, in order to use either nm-applet or command-line client
nmcli, I need to be root.
The issue I'm facing is that with older release I could use either
nm-applet or nmcli without root authorization.
This becomes a critical issue in a multi-user desktop PC where most
user neither have root authorization nor can utilize sudo.
Question:
How can I ensure that both, nm-applet and nmcli, can be used without
root authorization?
It's certainly intended that they can all be used without root. When
you try to run 'nmcli' as a normal user, what error do you get? What is
the output of "nmcli gen perm" as a normal user?
$ nmcli -v
nmcli tool, version 0.9.10.0-14.git20140704.fc21
$ nmcli general permissions
PERMISSION VALUE
org.freedesktop.NetworkManager.enable-disable-network yes
org.freedesktop.NetworkManager.enable-disable-wifi yes
org.freedesktop.NetworkManager.enable-disable-wwan yes
org.freedesktop.NetworkManager.enable-disable-wimax yes
org.freedesktop.NetworkManager.sleep-wake no
org.freedesktop.NetworkManager.network-control yes
org.freedesktop.NetworkManager.wifi.share.protected yes
org.freedesktop.NetworkManager.wifi.share.open yes
org.freedesktop.NetworkManager.settings.modify.system yes
org.freedesktop.NetworkManager.settings.modify.own yes
org.freedesktop.NetworkManager.settings.modify.hostname auth
Is this expected output?
Yes, that is expected output for "permissive" installs.
What manages the sleep state?
The sleep-wake permission is actually unused. It was previously used
for the "private" Sleep() dbus method, the only user of which was
pm-utils scripts. Unfortunately the pm-utils scripts didn't wait for a
dbus reply, which meant NM couldn't determine the UID of the caller,
which meant polkit permission couldn't be used. So instead, the Sleep()
method is locked to root and the permission isn't used.
When upower or systemd are active, NetworkManager listens internally for
suspend/resume signals from those services instead of using permissions
or a D-Bus method.
Dan
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
