On Wed, 15 Aug 2018 at 22:11, Michal Suchánek
On Mon, 13 Aug 2018 20:22:56 +0300 Andrei Borzenkov
wrote: 13.08.2018 19:40, Michal Suchanek пишет:
On Sat, 11 Aug 2018 10:03:04 +0300 Andrei Borzenkov
wrote: 10.08.2018 18:34, Michal Suchánek пишет:
Hello,
I updated my system and now NM applet tells me "not authorized" on pretty much any operation.
Not sure what "NM applet" is, but works for me in GNOME - I can disconnect and connect with default wired profile as normal user.
It works for me as well on another machine and used to work on this one before the update.
It automatically connects to pre-configured WiFi but disconnecting, reconnecting, configuring, etc. is forbidden.
It does not even ask for password?
Why would it?
Because it is normally controlled by PolicyKit and I'd expect it to request authorization.
That would be insane and that's certainly not what the NM supplied policy mandates.
I looked at the policy file shipped with NM and it is quite permissive.
Is there something to be done?
Start with checking nmcli, nmtui and nm-connection-editor - do they behave identically?
Of course, it's the policy. At least root is allowed to change the connections:
hramrach@neko:~> nmcli c down MicroFocus Connection 'MicroFocus' deactivation failed: Not authorized to deactivate connections
This message comes from NM which means nmcli could at least connect to it, so connection was not blocked by D-Bus policy.
Sure, if it was the NM applet would not be able to list networks or even connections.
Looks like something with polkit.
Certainly. That is what it looks like from the start
Managed to solve the issue. You can use nmcli command to list the permissions. e.g NOTE: run nmcli under your own userid $ nmcli general permissions PERMISSION VALUE org.freedesktop.NetworkManager.enable-disable-network auth org.freedesktop.NetworkManager.enable-disable-wifi auth org.freedesktop.NetworkManager.enable-disable-wwan auth org.freedesktop.NetworkManager.enable-disable-wimax auth org.freedesktop.NetworkManager.sleep-wake auth org.freedesktop.NetworkManager.network-control no org.freedesktop.NetworkManager.wifi.share.protected auth org.freedesktop.NetworkManager.wifi.share.open auth org.freedesktop.NetworkManager.settings.modify.system auth org.freedesktop.NetworkManager.settings.modify.own auth org.freedesktop.NetworkManager.settings.modify.hostname auth org.freedesktop.NetworkManager.settings.modify.global-dns auth org.freedesktop.NetworkManager.reload auth org.freedesktop.NetworkManager.checkpoint-rollback auth org.freedesktop.NetworkManager.enable-disable-statistics no org.freedesktop.NetworkManager.enable-disable-connectivity-check no Now let's say I want to prevent NetworkManager to ask for password to enable shared protected wifi connections. You just need to add the following line in /etc/polkit-default-privs.local org.freedesktop.NetworkManager.wifi.share.protected yes Now run the command /sbin/set_polkit_default_privs $ sudo /sbin/set_polkit_default_privs Now you will find the permission taken effect $ nmcli general permissions PERMISSION VALUE org.freedesktop.NetworkManager.enable-disable-network auth org.freedesktop.NetworkManager.enable-disable-wifi auth org.freedesktop.NetworkManager.enable-disable-wwan auth org.freedesktop.NetworkManager.enable-disable-wimax auth org.freedesktop.NetworkManager.sleep-wake auth org.freedesktop.NetworkManager.network-control no org.freedesktop.NetworkManager.wifi.share.protected yes org.freedesktop.NetworkManager.wifi.share.open auth org.freedesktop.NetworkManager.settings.modify.system auth org.freedesktop.NetworkManager.settings.modify.own auth org.freedesktop.NetworkManager.settings.modify.hostname auth org.freedesktop.NetworkManager.settings.modify.global-dns auth org.freedesktop.NetworkManager.reload auth org.freedesktop.NetworkManager.checkpoint-rollback auth org.freedesktop.NetworkManager.enable-disable-statistics no org.freedesktop.NetworkManager.enable-disable-connectivity-check no -- Regards Manvendra - http://www.indimail.org GPG Pub Key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC7CBC760014D250C -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org