[opensuse-factory] Still openSUSE 12.1 - NetworkManager does it worst....
Howdy all, *Before* reading my mail, please note: openSUSE 11.4 ran perfect on my machine, after the upgrade to 12.1, networkmanager doesn't run at all.I can't connect to my router anymore (which worked yesterday, even with 12.1). The result is a completely angry user, who just wants his sane and working 11.4-like system back. Please excuse my offending mail, but I'm boiling totally. My problem: After the upgrade, NetworkManager doesn't ran anymore. I did some searching and fixed the problem. Now, today, I started my machine but NM can't connect anymore. It just says something like: Wait for authorization On 11.4 it used to be KWallet which asked my a password for NM. With 12.1 it's a KDE-su like one. Does anyone else has the problem? I'm writing from my notebook because my workstation isn't connected anymore. Please, can you help me? thanks, --kdl -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Lørdag den 19. november 2011 12:24:17 skrev Kim D. Leyendecker:
*Before* reading my mail, please note: openSUSE 11.4 ran perfect on my machine, after the upgrade to 12.1, networkmanager doesn't run at all.I can't connect to my router anymore (which worked yesterday, even with 12.1). The result is a completely angry user, who just wants his sane and working 11.4-like system back. Please excuse my offending mail, but I'm boiling totally.
My problem:
After the upgrade, NetworkManager doesn't ran anymore. I did some searching and fixed the problem. Now, today, I started my machine but NM can't connect anymore. It just says something like:
Wait for authorization
On 11.4 it used to be KWallet which asked my a password for NM. With 12.1 it's a KDE-su like one.
Does anyone else has the problem? I'm writing from my notebook because my workstation isn't connected anymore.
The fantastic new completely refactored NM 0.9 now needs root privs to create or edit connections... But why use NetworkManager on a workstation to begin with? Using NM only makes sense when you have to connect to different networks _often_. You should use ifup on a workstation and save yourself the agony. And see /var/log/NetworkManager for more detailed information on what goes wrong. If plasmoid-networkmanagement is failing, try the gnome applet to see if the problem is with the applet or the backend. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 19.11.2011 12:24, schrieb Kim D. Leyendecker:
Howdy all,
*Before* reading my mail, please note: openSUSE 11.4 ran perfect on my machine, after the upgrade to 12.1, networkmanager doesn't run at all.I can't connect to my router anymore (which worked yesterday, even with 12.1). The result is a completely angry user, who just wants his sane and working 11.4-like system back. Please excuse my offending mail, but I'm boiling totally.
My problem:
After the upgrade, NetworkManager doesn't ran anymore. I did some searching and fixed the problem. Now, today, I started my machine but NM can't connect anymore. It just says something like:
Wait for authorization
On 11.4 it used to be KWallet which asked my a password for NM. With 12.1 it's a KDE-su like one.
Does anyone else has the problem? I'm writing from my notebook because my workstation isn't connected anymore.
Please, can you help me?
thanks, --kdl
Okay, I´m done. I just deleted my previous config and configurated it again. --kdl -- -o) Kim Leyendecker, openSUSE Community Member /\\ GPG Key: 664265369547B825 | leyendecker@opensuse.org _\_v http://www.opensuse.org - Linux for open minds -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Martin Schlander wrote:
The fantastic new completely refactored NM 0.9 now needs root privs to create or edit connections...
This is an incredibly stupid and short sighted decision that will impair adoption of Linux in corporate environments. These days, companies often provide employees with notebook computers, with the expectation they will be used elsewhere. They are also often not in the habit of giving employees admin or root access. This means an employee, at home, travelling on business or just in the local coffee shop, will not be able to use WiFi, unless that company is prepared to send someone with root access along with them. In many locations, WiFi is the only option, as Ethernet is not available. Unless there is some way for an admin to turn off this "feature", it will cause problems for corporate users. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Lørdag den 19. november 2011 13:46:27 skrev James Knott:
Martin Schlander wrote:
The fantastic new completely refactored NM 0.9 now needs root privs to create or edit connections...
This is an incredibly stupid and short sighted decision that will impair adoption of Linux in corporate environments. These days, companies often provide employees with notebook computers, with the expectation they will be used elsewhere. They are also often not in the habit of giving employees admin or root access. This means an employee, at home, travelling on business or just in the local coffee shop, will not be able to use WiFi, unless that company is prepared to send someone with root access along with them. In many locations, WiFi is the only option, as Ethernet is not available. Unless there is some way for an admin to turn off this "feature", it will cause problems for corporate users.
Maybe the sarcasm of my remark (rant) was not sufficiently clear >:-) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sat, Nov 19, 2011 at 13:46, James Knott
This is an incredibly stupid and short sighted decision that will impair adoption of Linux in corporate environments. These days, companies often provide employees with notebook computers, with the expectation they will be used elsewhere. They are also often not in the habit of giving employees admin or root access. This means an employee, at home, travelling on business or just in the local coffee shop, will not be able to use WiFi, unless that company is prepared to send someone with root access along with them. In many locations, WiFi is the only option, as Ethernet is not available. Unless there is some way for an admin to turn off this "feature", it will cause problems for corporate users.
So you didn't read/see Stefan Seyfried's reply in the other thread you participated in on this same topic? Quoting Stefan: "Just uncheck the "available to all users" box in nm-connetion-editor and you won't need root." So.. on to the next rant then, err, I mean discussion :-) C. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Howdy all,
*Before* reading my mail, please note: openSUSE 11.4 ran perfect on my machine, after the upgrade to 12.1, networkmanager doesn't run at all.I can't connect to my router anymore (which worked yesterday, even with 12.1). The result is a completely angry user, who just wants his sane and working 11.4-like system back. Please excuse my offending mail, but I'm boiling totally.
My problem:
After the upgrade, NetworkManager doesn't ran anymore. I did some searching and fixed the problem. Now, today, I started my machine but NM can't connect anymore. It just says something like:
Wait for authorization
On 11.4 it used to be KWallet which asked my a password for NM. With 12.1 it's a KDE-su like one.
Does anyone else has the problem? I'm writing from my notebook because my workstation isn't connected anymore.
Please, can you help me?
thanks, --kdl Now that you mention I had noticed it seems to prefer direct authorization over just being authorized to pull wiht KWallet. I hadn't thought much about
On Saturday, November 19, 2011 12:24:17 PM Kim D. Leyendecker wrote: that change until now. -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Saturday, November 19, 2011 03:03:54 PM C wrote:
Quoting Stefan: "Just uncheck the "available to all users" box in nm-connetion-editor and you won't need root."
So.. on to the next rant then, err, I mean discussion
C. -- I never have that checked, and it still asks for root authorization. Two machines. -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
C wrote:
So you didn't read/see Stefan Seyfried's reply in the other thread you participated in on this same topic?
Quoting Stefan: "Just uncheck the "available to all users" box in nm-connetion-editor and you won't need root."
Actually, I don't recall seeing that one. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
2011/11/19 James Knott
Martin Schlander wrote:
The fantastic new completely refactored NM 0.9 now needs root privs to create or edit connections...
This is an incredibly stupid and short sighted decision that will impair adoption of Linux in corporate environments. These days, companies often provide employees with notebook computers, with the expectation they will be used elsewhere. They are also often not in the habit of giving employees admin or root access. This means an employee, at home, travelling on business or just in the local coffee shop, will not be able to use WiFi, unless that company is prepared to send someone with root access along with them. In many locations, WiFi is the only option, as Ethernet is not available. Unless there is some way for an admin to turn off this "feature", it will cause problems for corporate users.
Very nice, but you missed one point, you only need root if you tick the option to make it available for all users... So all of this is really FUD. Have a nice day. NM
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- Nelson Marques /* http://www.marques.so nmo.marques@gmail.com */ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Nelson Marques wrote:
2011/11/19 James Knott
: Martin Schlander wrote:
The fantastic new completely refactored NM 0.9 now needs root privs to create or edit connections...
This is an incredibly stupid and short sighted decision that will impair adoption of Linux in corporate environments. These days, companies often provide employees with notebook computers, with the expectation they will be used elsewhere. They are also often not in the habit of giving employees admin or root access. This means an employee, at home, travelling on business or just in the local coffee shop, will not be able to use WiFi, unless that company is prepared to send someone with root access along with them. In many locations, WiFi is the only option, as Ethernet is not available. Unless there is some way for an admin to turn off this "feature", it will cause problems for corporate users.
Very nice, but you missed one point, you only need root if you tick the option to make it available for all users... So all of this is really FUD.
I just thought I'd try that. Now, please tell me where that setting is, as I don't see it. I go into Manage Connections and add Wireless. I see a panel where there's an option for "System connection", which I do not select. In "Advanced Permissions", I'm the only user allowed to activate the connection. I scan for the network and enter the password. I then click OK and Apply. Now I'm being asked for the root password (after I find that panel hidden behind the main one) and have to enter the password to save the configuration. So, as far as I can tell, it is not possible to configure a WiFi connection without the root password in 12.1. I just tried again in 11.4 and the process is much the same, but no password required. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am Samstag, 19. November 2011, 20:18:46 schrieb Nelson Marques:
Very nice, but you missed one point, you only need root if you tick the option to make it available for all users... So all of this is really FUD.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.gnome.org/show_bug.cgi?id=646187 http://mail.gnome.org/archives/networkmanager-list/2011- September/msg00216.html Sven -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
I don't know where it is on KDE, just on nm-applet.
NM
2011/11/19 James Knott
Nelson Marques wrote:
2011/11/19 James Knott
: Martin Schlander wrote:
The fantastic new completely refactored NM 0.9 now needs root privs to create or edit connections...
This is an incredibly stupid and short sighted decision that will impair adoption of Linux in corporate environments. These days, companies often provide employees with notebook computers, with the expectation they will be used elsewhere. They are also often not in the habit of giving employees admin or root access. This means an employee, at home, travelling on business or just in the local coffee shop, will not be able to use WiFi, unless that company is prepared to send someone with root access along with them. In many locations, WiFi is the only option, as Ethernet is not available. Unless there is some way for an admin to turn off this "feature", it will cause problems for corporate users.
Very nice, but you missed one point, you only need root if you tick the option to make it available for all users... So all of this is really FUD.
I just thought I'd try that. Now, please tell me where that setting is, as I don't see it. I go into Manage Connections and add Wireless. I see a panel where there's an option for "System connection", which I do not select. In "Advanced Permissions", I'm the only user allowed to activate the connection. I scan for the network and enter the password. I then click OK and Apply. Now I'm being asked for the root password (after I find that panel hidden behind the main one) and have to enter the password to save the configuration.
So, as far as I can tell, it is not possible to configure a WiFi connection without the root password in 12.1. I just tried again in 11.4 and the process is much the same, but no password required.
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- Nelson Marques /* http://www.marques.so nmo.marques@gmail.com */ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am Samstag, 19. November 2011, 15:41:03 schrieb James Knott:
So, as far as I can tell, it is not possible to configure a WiFi connection without the root password in 12.1. I just tried again in 11.4 and the process is much the same, but no password required.
You are right. It's called "system connection" in KDE's applet and "available for all users" in nm-applet but they do the same. Read the bug reports I posted, the issue is known. Root is only needed for creating the connection because it is saved outside user-space. Connecting however works without root password. The thing that bugs me most about it is that formating / and keeping /home does still remove all network connections. Sven -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Lørdag den 19. november 2011 21:11:18 skrev James Knott:
C wrote:
So you didn't read/see Stefan Seyfried's reply in the other thread you participated in on this same topic?
Quoting Stefan: "Just uncheck the "available to all users" box in nm-connetion-editor and you won't need root."
Actually, I don't recall seeing that one.
In the KDE plasmoid it's called "System connections" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Sven Burmeister wrote:
Am Samstag, 19. November 2011, 20:18:46 schrieb Nelson Marques:
Very nice, but you missed one point, you only need root if you tick the option to make it available for all users... So all of this is really FUD.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.gnome.org/show_bug.cgi?id=646187 http://mail.gnome.org/archives/networkmanager-list/2011- September/msg00216.html
Sven
So, it appears someone didn't consider the implications of this "feature". It's going to be a show stopper for corporate users. While it may be working as designed, the design is seriously flawed. Hopefully it gets fixed soon. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Sven Burmeister wrote:
Read the bug reports I posted, the issue is known. Root is only needed for creating the connection because it is saved outside user-space. Connecting however works without root password.
As owner of my computers, it's not a problem to enter the root password. However, it is a serious problem in corporate environments, where a user, who likely won't have the root password, will not be able to use WiFi at home or elsewhere. It's an extremely *STOOPID* design.
The thing that bugs me most about it is that formating / and keeping /home does still remove all network connections.
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Why is that if is you can configure them on a per/user basis ?
NM
2011/11/19 James Knott
Sven Burmeister wrote:
Am Samstag, 19. November 2011, 20:18:46 schrieb Nelson Marques:
Very nice, but you missed one point, you only need root if you tick the option to make it available for all users... So all of this is really FUD.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.gnome.org/show_bug.cgi?id=646187 http://mail.gnome.org/archives/networkmanager-list/2011- September/msg00216.html
Sven
So, it appears someone didn't consider the implications of this "feature". It's going to be a show stopper for corporate users.
While it may be working as designed, the design is seriously flawed. Hopefully it gets fixed soon.
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- Nelson Marques /* http://www.marques.so nmo.marques@gmail.com */ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 19.11.2011 22:31, schrieb James Knott:
As owner of my computers, it's not a problem to enter the root password. However, it is a serious problem in corporate environments, where a user, who likely won't have the root password, will not be able to use WiFi at home or elsewhere. It's an extremely *STOOPID* design.
Yes it is. The whole NM 0.9 is just bullsh*it in my eyes (I was happy using NM 0.8). Anyway, you shouldn´t discuss it here. It would be better to right talk with the upstream projects instead of having endless discussions here (and also spamming our mailboxes ;-) ). So, please go upstream with it, this would be more helpful for us all :-) BTW, Yes, I´m using a workstation and NetworkManager. I started using it with my notebook and I ordered a WLAN card with my new workstation in summer, so, I continued using NM because I liked it and I still think it´s easier then ifup (Or not: I spent 7 hours the first time on my workstation to configurate NM, but, I guess it was my own failure...) kind regards, --kdl -- -o) Kim Leyendecker, openSUSE Community Member /\\ GPG Key: 664265369547B825 | leyendecker@opensuse.org _\_v http://www.opensuse.org - Linux for open minds -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Nelson Marques wrote:
Why is that if is you can configure them on a per/user basis ?
An employee goes on a business trip and has to use WiFi to set up a VPN back to the corporate network. WiFi has to be used because hotels generally do not provide Ethernet. How does he set up the WiFi connection, at the hotel, if he doesn't have the root password? Is the company going to send out someone to configure the WiFi? As I mentioned in another note, I tried to set up a configuration for a single user and guess what? By default it sets up for a single user and still requires root password to do so. There is no method that I could see that allowed configuration of a WiFi connection without root password. Have you tried it in 12.1? I have many times and always had to use the root password. This makes 12.1 unsuitable for corporate users that expect to use WiFi away from the office. Even in the office, they'll have to get support to configure it for the office network. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 11/19/2011 01:59 PM, James Knott wrote:
Nelson Marques wrote:
Why is that if is you can configure them on a per/user basis ?
An employee goes on a business trip and has to use WiFi to set up a VPN back to the corporate network. WiFi has to be used because hotels generally do not provide Ethernet. How does he set up the WiFi connection, at the hotel, if he doesn't have the root password? Is the company going to send out someone to configure the WiFi? As I mentioned in another note, I tried to set up a configuration for a single user and guess what? By default it sets up for a single user and still requires root password to do so. There is no method that I could see that allowed configuration of a WiFi connection without root password.
As a point of reference, the US Department of Defense has a regulation mandating that any military service member, Federal civil servant, or anyone under contract to DoD who has or requires administrative access to any computer, server, or network appliance has to meet education requirements and possess industry recognized certifications. This rule has been on the books since 2005 or so, but is only now being strictly enforced. The requirements are rather onerous and so regular users don't want to meet the requirements and are thusly having their root privileges removed. Many DoD folks use Linux, and if a user-level system, particularly a laptop, requires root authentication, expect this to be be a boon to Microsoft. http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf Regards, Lew -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am Samstag, 19. November 2011, 16:31:57 schrieb James Knott:
Sven Burmeister wrote:
Read the bug reports I posted, the issue is known. Root is only needed for creating the connection because it is saved outside user-space. Connecting however works without root password.
As owner of my computers, it's not a problem to enter the root password. However, it is a serious problem in corporate environments, where a user, who likely won't have the root password, will not be able to use WiFi at home or elsewhere. It's an extremely *STOOPID* design.
I think it does make sense to be able to restrict users to not be able to add more network configs. Whether it should be default is debatable. But allowing everybody to add connections and thus working around the connections set-up by the admin can also be a security risk for corporate IT. I'm not sure but there should be a policy-kit setting somewhere to allow everybody to create connections. Sven -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sunday, November 20, 2011 01:33:17 AM Sven Burmeister wrote:
Am Samstag, 19. November 2011, 16:31:57 schrieb James Knott:
Sven Burmeister wrote:
Read the bug reports I posted, the issue is known. Root is only needed for creating the connection because it is saved outside user-space. Connecting however works without root password.
As owner of my computers, it's not a problem to enter the root password. However, it is a serious problem in corporate environments, where a user, who likely won't have the root password, will not be able to use WiFi at home or elsewhere. It's an extremely *STOOPID* design.
I think it does make sense to be able to restrict users to not be able to add more network configs. Whether it should be default is debatable. But allowing everybody to add connections and thus working around the connections set-up by the admin can also be a security risk for corporate IT.
I'm not sure but there should be a policy-kit setting somewhere to allow everybody to create connections.
Sven If you want to restrict users, you use ifup. That needs root. Restricting a mobile user from connecting to wifi defeats the purpose of being a mobile user. -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 19.11.2011 12:52, Martin Schlander wrote:
Lørdag den 19. november 2011 12:24:17 skrev Kim D. Leyendecker:
On 11.4 it used to be KWallet which asked my a password for NM. With 12.1 it's a KDE-su like one.
Does anyone else has the problem? I'm writing from my notebook because my workstation isn't connected anymore.
I don't, with all my 12.1 installations. Try nm-applet if KDE fails.
The fantastic new completely refactored NM 0.9 now needs root privs to create or edit connections...
No, it doesn't. Only if you want to create a "system connection", that's the "make this connection available to all users" checkbox. Unfortunately, this checkbox now seems to be the default. If you uncheck it, no root permissions are needed. -- Stefan Seyfried "Dispatch war rocket Ajax to bring back his body!" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 19.11.2011 19:43, Roger Luedecke wrote:
I never have that checked, and it still asks for root authorization. Two machines.
nm-applet? or KDE? -- Stefan Seyfried "Dispatch war rocket Ajax to bring back his body!" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am Sonntag, 20. November 2011, 01:52:32 schrieb Stefan Seyfried:
I don't, with all my 12.1 installations. Try nm-applet if KDE fails.
That won't help since it's a NetworkManager issue.
The fantastic new completely refactored NM 0.9 now needs root privs to create or edit connections...
No, it doesn't. Only if you want to create a "system connection", that's the "make this connection available to all users" checkbox.
Unfortunately, this checkbox now seems to be the default. If you uncheck it, no root permissions are needed.
Wrong, please read the bug reports linked in this thread. Creating a connection does always need root privileges. Sven -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sunday, November 20, 2011 01:52:32 AM Stefan Seyfried wrote:
On 19.11.2011 12:52, Martin Schlander wrote:
Lørdag den 19. november 2011 12:24:17 skrev Kim D. Leyendecker:
On 11.4 it used to be KWallet which asked my a password for NM. With 12.1 it's a KDE-su like one.
Does anyone else has the problem? I'm writing from my notebook because my workstation isn't connected anymore.
I don't, with all my 12.1 installations. Try nm-applet if KDE fails.
The fantastic new completely refactored NM 0.9 now needs root privs to create or edit connections...
No, it doesn't. Only if you want to create a "system connection", that's the "make this connection available to all users" checkbox.
Unfortunately, this checkbox now seems to be the default. If you uncheck it, no root permissions are needed. This is not correct. I just tested it two ways. I deleted the home wifi. Select the home wifi. Popup for wifi password, system connection unchecked, connect automatically checked. Asks for root.
Delete wifi again. Select, and put in password, uncheck connect automatically. Commit change, asks for root again. Here is the screencap with details shown, and its policy kit number. http://wstaw.org/m/2011/11/20/nmneedsrootafterputtinginwifipassword.png -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 19.11.2011 19:43, Roger Luedecke wrote:
I never have that checked, and it still asks for root authorization. Two machines.
nm-applet? or KDE?
On Sunday, November 20, 2011 01:53:45 AM Stefan Seyfried wrote: plasmoid-nm I do not remember if nm-applet needs it too since I only used it once to configure my Mobile Broadband. http://wstaw.org/m/2011/11/20/nmneedsrootafterputtinginwifipassword.png -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am Samstag, 19. November 2011, 14:21:37 schrieb Lew Wolfgang:
As a point of reference, the US Department of Defense has a regulation mandating that any military service member, Federal civil servant, or anyone under contract to DoD who has or requires administrative access to any computer, server, or network appliance has to meet education requirements and possess industry recognized certifications. This rule has been on the books since 2005 or so, but is only now being strictly enforced. The requirements are rather onerous and so regular users don't want to meet the requirements and are thusly having their root privileges removed.
Many DoD folks use Linux, and if a user-level system, particularly a laptop, requires root authentication, expect this to be be a boon to Microsoft.
So DoD wants their users to be able to connect to any network and thus give that network access to the computer, leaving alone connecting to insecure networks etc.? Does not make sense to me. If I want to have a secure laptop within my company I have to restrict network access to networks I trust. Hence that means that either one must not use NM for use cases in which security is important, then your point is mute, because DoD would not use it anyway, neither would any company which wants secure IT. Or security is important then NM has to offer the possibility to restrict access to the network and its connections. As I said before, whether this should be default is something different. Sven -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 20.11.2011 01:59, Sven Burmeister wrote:
Wrong, please read the bug reports linked in this thread. Creating a connection does always need root privileges.
Definitely not here. Nice to see that you know my setup better than I do. -- Stefan Seyfried "Dispatch war rocket Ajax to bring back his body!" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 20.11.2011 02:11, Roger Luedecke wrote:
On Sunday, November 20, 2011 01:52:32 AM Stefan Seyfried wrote:
Delete wifi again. Select, and put in password, uncheck connect automatically. Commit change, asks for root again. Here is the screencap with details shown, and its policy kit number. http://wstaw.org/m/2011/11/20/nmneedsrootafterputtinginwifipassword.png
Reproduce the bug with GNOME. Everybody knows that KDE is borked :-) -- Stefan Seyfried "Dispatch war rocket Ajax to bring back his body!" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sunday, November 20, 2011 02:40:57 AM Stefan Seyfried wrote:
On 20.11.2011 01:59, Sven Burmeister wrote:
Wrong, please read the bug reports linked in this thread. Creating a connection does always need root privileges.
Definitely not here. Nice to see that you know my setup better than I do. Did you do something different to your setup? Mine is default since policykit is greek to me.
Is it possible that for some reason the configurations may be different on different installations? -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sunday, November 20, 2011 02:42:13 AM Stefan Seyfried wrote:
On 20.11.2011 02:11, Roger Luedecke wrote:
On Sunday, November 20, 2011 01:52:32 AM Stefan Seyfried wrote:
Delete wifi again. Select, and put in password, uncheck connect automatically. Commit change, asks for root again. Here is the screencap with details shown, and its policy kit number. http://wstaw.org/m/2011/11/20/nmneedsrootafterputtinginwifipassword.png
Reproduce the bug with GNOME. Everybody knows that KDE is borked :-) It has been reproduced. As soon as I click on the network it asks for root immediately. http://wstaw.org/m/2011/11/20/nm- appletneedsrootimmediatelywhennetworkisselected.png -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Kim Leyendecker wrote:
Anyway, you shouldn´t discuss it here. It would be better to right talk with the upstream projects instead of having endless discussions here (and also spamming our mailboxes ;-) ).
So, please go upstream with it, this would be more helpful for us all :-)
I am an openSUSE user, discussing bugs in openSUSE and even participate in the bug reporting. I expect the builders to take responsibility for the distro problems and if necessary, take them upstream. Your idea is like asking a car owner to discuss problems with an OEM parts maker, because Ford, GM, etc. didn't make the part causing the problem. BTW, I used to do 3rd level support at IBM Canada and if there was a problem with one of my products, it was my responsibility to take it to the developers, even if at another company, if necessary. I'd get fired if I ever told a user to contact the developers themselves. I got my distro from openSUSE and not KDE, so it's openSUSE I deal with. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Martin Schlander wrote:
Lørdag den 19. november 2011 21:11:18 skrev James Knott:
C wrote:
So you didn't read/see Stefan Seyfried's reply in the other thread you participated in on this same topic?
Quoting Stefan: "Just uncheck the "available to all users" box in nm-connetion-editor and you won't need root."
Actually, I don't recall seeing that one.
In the KDE plasmoid it's called "System connections"
I have never selected that and I've always had to enter the root password in 12.1. I never had to in 11.4 or earlier. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Stefan Seyfried wrote:
On 19.11.2011 19:43, Roger Luedecke wrote:
I never have that checked, and it still asks for root authorization. Two machines.
nm-applet? or KDE?
I believe its nm-applet. I see something that's called nm09. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Saturday, November 19, 2011 10:57:47 PM James Knott wrote:
Stefan Seyfried wrote:
On 19.11.2011 19:43, Roger Luedecke wrote:
I never have that checked, and it still asks for root authorization. Two machines.
nm-applet? or KDE?
I believe its nm-applet. I see something that's called nm09. This issue happens with both the GNOME and KDE NetworkManager GUI's. -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Saturday, November 19, 2011 10:43:20 PM James Knott wrote:
Martin Schlander wrote:
Lørdag den 19. november 2011 21:11:18 skrev James Knott:
C wrote:
So you didn't read/see Stefan Seyfried's reply in the other thread you participated in on this same topic?
Quoting Stefan: "Just uncheck the "available to all users" box in nm-connetion-editor and you won't need root."
Actually, I don't recall seeing that one.
In the KDE plasmoid it's called "System connections"
I have never selected that and I've always had to enter the root password in 12.1. I never had to in 11.4 or earlier. I ran some tests to double check it. Both GNOME and KDE require root no matter what option you check or uncheck. -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Sven Burmeister wrote:
I think it does make sense to be able to restrict users to not be able to add more network configs. Whether it should be default is debatable. But allowing everybody to add connections and thus working around the connections set-up by the admin can also be a security risk for corporate IT.
I'm not sure but there should be a policy-kit setting somewhere to allow everybody to create connections.
I don't have a problem with it being an option controlled by root, but the way things are, employees are expected to be able to set up a Wifi connection when away from the office. With 12.1, it is apparently impossible to do so. Apparenty, this problem is due to the settings being stored in a non user area. Perhaps the solution for this is to make that area group writeable. Anyone know where that stuff is stored? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am Samstag, 19. November 2011, 16:31:57 schrieb James Knott:
Sven Burmeister wrote:
Read the bug reports I posted, the issue is known. Root is only needed for creating the connection because it is saved outside user-space. Connecting however works without root password.
As owner of my computers, it's not a problem to enter the root password. However, it is a serious problem in corporate environments, where a user, who likely won't have the root password, will not be able to use WiFi at home or elsewhere. It's an extremely *STOOPID* design.
I think it does make sense to be able to restrict users to not be able to add more network configs. Whether it should be default is debatable. But allowing everybody to add connections and thus working around the connections set-up by the admin can also be a security risk for corporate IT.
I'm not sure but there should be a policy-kit setting somewhere to allow everybody to create connections.
Sven As far as it being an issue of corporate IT though, one could safely assume
On Sunday, November 20, 2011 01:33:17 AM Sven Burmeister wrote: that their tech guy would know the need to restrict and could institute the policy. Having it set as default becomes an issue to new users potentially, whereas a corporate security scenario would be audited anyway. Having it as default behavior serves no purpose. -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Sven Burmeister wrote:
So DoD wants their users to be able to connect to any network and thus give that network access to the computer, leaving alone connecting to insecure networks etc.? Does not make sense to me.
It is possible to increase security by methods such as mandatory firewall limiting connections, forcing VPN to start and changing the default route to the VPN. However, this is why I said it should be configurable by root, so that it can be implemented if necessary. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Sven Burmeister wrote:
I think it does make sense to be able to restrict users to not be able to add more network configs. Whether it should be default is debatable. But allowing everybody to add connections and thus working around the connections set-up by the admin can also be a security risk for corporate IT.
I'm not sure but there should be a policy-kit setting somewhere to allow everybody to create connections.
I don't have a problem with it being an option controlled by root, but the way things are, employees are expected to be able to set up a Wifi connection when away from the office. With 12.1, it is apparently impossible to do so.
Apparenty, this problem is due to the settings being stored in a non user area. Perhaps the solution for this is to make that area group writeable. Anyone know where that stuff is stored? From what I can tell, it looks more like its a setting in policy kit. But as
On Saturday, November 19, 2011 11:08:27 PM James Knott wrote: policy kit is greek to me I can't say for certain. -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Roger Luedecke wrote:
I believe its nm-applet. I see something that's called nm09.
This issue happens with both the GNOME and KDE NetworkManager GUI's.
Well, that proves it. We'll have to take it upstream to KDE. ;-) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am Samstag, 19. November 2011, 23:12:53 schrieb James Knott:
Sven Burmeister wrote:
So DoD wants their users to be able to connect to any network and thus give that network access to the computer, leaving alone connecting to insecure networks etc.? Does not make sense to me.
It is possible to increase security by methods such as mandatory firewall limiting connections, forcing VPN to start and changing the default route to the VPN. However, this is why I said it should be configurable by root, so that it can be implemented if necessary.
Indeed. One might change the default policy settings and leave it to the admin to make them more restrictive if needed. If you read the bug at gnome.org that's what they try to implement, including not asking for a root password in case the connection should only be available to the user that creates it. Sven -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am Sonntag, 20. November 2011, 02:40:57 schrieb Stefan Seyfried:
On 20.11.2011 01:59, Sven Burmeister wrote:
Wrong, please read the bug reports linked in this thread. Creating a connection does always need root privileges.
Definitely not here. Nice to see that you know my setup better than I do.
Come on. Read the reports, ask Vincent etc. and then tell me again it's all KDE's fault and nm-applet does not use the same NM and thus behaves differently. You just try too hard towards blaming KDE. Sven -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am Samstag, 19. November 2011, 23:16:51 schrieb James Knott:
Roger Luedecke wrote:
I believe its nm-applet. I see something that's called nm09.
This issue happens with both the GNOME and KDE NetworkManager GUI's.
Well, that proves it. We'll have to take it upstream to KDE. ;-)
Not in this particular case, but bugs that are not openSUSE specific should always be taken upstream and if a fix is available you can mediate it via openSUSE's bugzilla in case it's worth an official update. Sven -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am Sonntag, 20. November 2011, 02:42:13 schrieb Stefan Seyfried:
On 20.11.2011 02:11, Roger Luedecke wrote:
On Sunday, November 20, 2011 01:52:32 AM Stefan Seyfried wrote:
Delete wifi again. Select, and put in password, uncheck connect automatically. Commit change, asks for root again. Here is the screencap with details shown, and its policy kit number. http://wstaw.org/m/2011/11/20/nmneedsrootafterputtinginwifipassword.png
Reproduce the bug with GNOME. Everybody knows that KDE is borked :-)
How frustrated does one have to be to be that narrow-minded? And ignorant about the reports mentioned in this thread as well. But thanks for showing where your "criticism" comes from. Sven -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Sven Burmeister wrote:
How frustrated does one have to be to be that narrow-minded? And ignorant about the reports mentioned in this thread as well. But thanks for showing where your "criticism" comes from.
I guess you missed the ";-)" in my message and the ":-)" in the one you're replying to. We were being sarcastic. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am Sonntag, 20. November 2011, 07:27:37 schrieb James Knott:
Sven Burmeister wrote:
How frustrated does one have to be to be that narrow-minded? And ignorant about the reports mentioned in this thread as well. But thanks for showing where your "criticism" comes from.
I guess you missed the ";-)" in my message and the ":-)" in the one you're replying to. We were being sarcastic.
In Stefan's case there is a history of this kind of frustrated, unhelpful and in this case even ignorant comments regarding KDE. See his other posts in this thread as an example. There must have been something that created some hard feelings towards it, so even though not using it, he feels the need to bash it from time to time and is quick at blaming it. In this case even insisting on the latter although even Gnome developers and users confirm that it's not a KDE but NM issue. I hope he gets back some sovereignty. Anyway, I was not referring to your post, just his. Sven -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 20.11.2011 02:51, Roger Luedecke wrote:
On Sunday, November 20, 2011 02:40:57 AM Stefan Seyfried wrote:
On 20.11.2011 01:59, Sven Burmeister wrote:
Wrong, please read the bug reports linked in this thread. Creating a connection does always need root privileges.
Definitely not here. Nice to see that you know my setup better than I do. Did you do something different to your setup? Mine is default since policykit is greek to me.
Not knowingly, but the machine is updated since ~11.2 with Factory constantly, so something I had to set as a bug workaround years ago might now save my day. Hint: the same will probably be true for the developers and so this unfortunate bug crept in. So what. Had everyone done his duty during beta-test this could have been caught. Now people are stealing the developers precious time with useless discussions here about something that's simply a bug. Were I Will, I would call for the Censor^WModerator of this list to avoid this waste of time ;-)
Is it possible that for some reason the configurations may be different on different installations?
It is of course not impossible, but I doubt it. -- Stefan Seyfried "Dispatch war rocket Ajax to bring back his body!" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Saturday 19 Nov 2011 12:24:17 Kim D. Leyendecker wrote:
Howdy all,
*Before* reading my mail, please note: openSUSE 11.4 ran perfect on my machine, after the upgrade to 12.1, networkmanager doesn't run at all.I can't connect to my router anymore (which worked yesterday, even with 12.1). The result is a completely angry user, who just wants his sane and working 11.4-like system back. Please excuse my offending mail, but I'm boiling totally.
My problem:
After the upgrade, NetworkManager doesn't ran anymore. I did some searching and fixed the problem. Now, today, I started my machine but NM can't connect anymore. It just says something like:
Wait for authorization
On 11.4 it used to be KWallet which asked my a password for NM. With 12.1 it's a KDE-su like one.
Does anyone else has the problem? I'm writing from my notebook because my workstation isn't connected anymore.
Please, can you help me?
Gah, I wish I'd joined this thread earlier before the flames started. This issue is due to SUSE-specific excessively (IMO) strict default PolicyKit-1 configuration for NetworkManager, not KDE or GNOME: https://bugzilla.novell.com/show_bug.cgi?id=716291 Comment #9 gives a workaround that restores the 11.4 behaviour, that I think should be the default. Then everyone else on the thread, please consider how much funner* your Sunday email would have been had you checked bugzilla a bit harder before launching the 'Report bugs upstream'/'Ask for a refund!'/"In the real world, you'd be fired for this"/'KDE sucks!'/'You suck!' Mutally Assured Community Destruction missiles. Will * for my nonviolent definition of fun. -- Will Stephenson, openSUSE Team SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sunday 20 Nov 2011 15:50:48 Stefan Seyfried wrote:
On 20.11.2011 02:51, Roger Luedecke wrote:
On Sunday, November 20, 2011 02:40:57 AM Stefan Seyfried wrote:
On 20.11.2011 01:59, Sven Burmeister wrote:
Wrong, please read the bug reports linked in this thread. Creating a connection does always need root privileges.
Definitely not here. Nice to see that you know my setup better than I do.
Did you do something different to your setup? Mine is default since policykit is greek to me.
Not knowingly, but the machine is updated since ~11.2 with Factory constantly, so something I had to set as a bug workaround years ago might now save my day.
Hint: the same will probably be true for the developers and so this unfortunate bug crept in. So what. Had everyone done his duty during beta-test this could have been caught.
Now people are stealing the developers precious time with useless discussions here about something that's simply a bug.
Were I Will, I would call for the Censor^WModerator of this list to avoid this waste of time ;-)
As Will, I think I've just removed the point of this little spat with my other mail on this thread, but thanks for calling me names. Now would you care to check why your system does not throw a polkit dialog on creating a new unshared connection (org.freedesktop.NetworkManager.settings.modify.own)? See the value of POLKIT_DEFAULT_PRIVS in /etc/sysconfig/security and check the appropriate SUSE specific overrides (/etc/polkit-default- privs.* and .local) If those are missing, I wonder whether the SUSE patch would fall back to the more permissive upstream NM default, ie /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy Will
Is it possible that for some reason the configurations may be different on different installations?
It is of course not impossible, but I doubt it.
-- Will Stephenson, openSUSE Team SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Will Stephenson wrote:
Gah, I wish I'd joined this thread earlier before the flames started. This issue is due to SUSE-specific excessively (IMO) strict default PolicyKit-1 configuration for NetworkManager, not KDE or GNOME:
https://bugzilla.novell.com/show_bug.cgi?id=716291
Comment #9 gives a workaround that restores the 11.4 behaviour, that I think should be the default.
Please don't ruin a perfectly good argument with facts!
Then everyone else on the thread, please consider how much funner* your Sunday email would have been had you checked bugzilla a bit harder before launching the 'Report bugs upstream'/'Ask for a refund!'/"In the real world, you'd be fired for this"/'KDE sucks!'/'You suck!' Mutally Assured Community Destruction missiles.
I still want a refund. ;-) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 20.11.2011 16:55, Will Stephenson wrote:
Now would you care to check why your system does not throw a polkit dialog on creating a new unshared connection (org.freedesktop.NetworkManager.settings.modify.own)?
See the value of POLKIT_DEFAULT_PRIVS in /etc/sysconfig/security and check the appropriate SUSE specific overrides (/etc/polkit-default- privs.* and .local)
susi:~ # grep POLKIT_DEFAULT_PRIVS /etc/sysconfig/security POLKIT_DEFAULT_PRIVS="" susi:/etc # grep NetworkManager -r polkit* polkit-default-privs.restrictive:org.freedesktop.NetworkManager.enable-disable-network auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.enable-disable-wifi auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.enable-disable-wwan auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.use-user-connections auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.network-control auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.sleep-wake auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.enable-disable-wimax auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.wifi.share.protected auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.wifi.share.open auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.settings.modify.own auth_admin_keep polkit-default-privs.restrictive:org.freedesktop.NetworkManager.settings.modify.system auth_admin_keep polkit-default-privs.restrictive:org.freedesktop.NetworkManager.settings.modify.hostname auth_admin polkit-default-privs.standard:org.freedesktop.NetworkManager.enable-disable-network auth_admin:auth_admin:yes polkit-default-privs.standard:org.freedesktop.NetworkManager.enable-disable-wifi auth_admin:auth_admin:yes polkit-default-privs.standard:org.freedesktop.NetworkManager.enable-disable-wwan auth_admin:auth_admin:yes polkit-default-privs.standard:org.freedesktop.NetworkManager.use-user-connections auth_admin:auth_admin:yes polkit-default-privs.standard:org.freedesktop.NetworkManager.network-control auth_admin:auth_admin:yes polkit-default-privs.standard:org.freedesktop.NetworkManager.sleep-wake auth_admin:auth_admin:yes polkit-default-privs.standard:org.freedesktop.NetworkManager.enable-disable-wimax auth_admin:auth_admin:yes polkit-default-privs.standard:org.freedesktop.NetworkManager.wifi.share.protected auth_admin polkit-default-privs.standard:org.freedesktop.NetworkManager.wifi.share.open auth_admin polkit-default-privs.standard:org.freedesktop.NetworkManager.settings.modify.own auth_admin_keep polkit-default-privs.standard:org.freedesktop.NetworkManager.settings.modify.system auth_admin_keep polkit-default-privs.standard:org.freedesktop.NetworkManager.settings.modify.hostname auth_admin susi:/etc # rpm -V polkit-default-privs susi:/etc # So it looks to my untrained eye as it should not work :-) I was messing around a long time ago with the kde4 policykit settings module in systemsettings. Maybe this made me "always admin"? Does anybody know how to "reset to factory setting" the policykit stuff without a clean reinstall?
If those are missing, I wonder whether the SUSE patch would fall back to the more permissive upstream NM default, ie /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy
Well I don't think they are missing here me, but the closer I'm looking at it, the stranger it is that it actually works ;-) -- Stefan Seyfried "Dispatch war rocket Ajax to bring back his body!" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sunday 20 November 2011 17:18:33 Stefan Seyfried wrote:
polkit-default-privs.standard:org.freedesktop.NetworkManager.settings.modif y.own auth_admin_keep polkit-default-privs.standard:org.freedesktop.NetworkManager.settings.modif y.system auth_admin_keep [...] Well I don't think they are missing here me, but the closer I'm looking at it, the stranger it is that it actually works ;-)
What do you have in /etc/polkit-1/localauthority.conf.d ? Anders -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sunday 20 November 2011 16:55:27 Will Stephenson wrote:
If those are missing, I wonder whether the SUSE patch would fall back to the more permissive upstream NM default, ie /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy
We seriously truly need a good GUI admin interface for PolicyKit, that will take all the configuration files, and present the current settings in a comprehensive manner, and allow an admin to make changes. Having to scour the file system for configuration files, hoping to have found all configured locations for them, and all possible places a particular setting is, is - and I don't think this is hyperbole - madness. PolicyKit I'm sure was introduced to make things easier, but the truth is that it's a fricking mess of magnificent proportions (no prizes for guessing which company is responsible for it) and it desperately needs to be cleaned up I really hope someone who really understands PolicyKit could write something like that I also really wish we would stop allowing Red Hat to destroy our OS Anders -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sunday 20 Nov 2011 17:18:33 Stefan Seyfried wrote:
So it looks to my untrained eye as it should not work
I suppose we need Ludwig to tell us how else it can be configured.
I was messing around a long time ago with the kde4 policykit settings module in systemsettings. Maybe this made me "always admin"?
Could be, but unlikely, as these permissions were only added in 12.1. Unless they inherit and you added a "org.freedesktop.* yes" type permisson. You'd have to look and see. I don't know how to check any local overrides added using the polkit API using gnome or the command line though. Will -- Will Stephenson, openSUSE Team SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Anders Johansson wrote:
On Sunday 20 November 2011 16:55:27 Will Stephenson wrote:
If those are missing, I wonder whether the SUSE patch would fall back to the more permissive upstream NM default, ie /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy
We seriously truly need a good GUI admin interface for PolicyKit, that will take all the configuration files, and present the current settings in a comprehensive manner, and allow an admin to make changes.
Having to scour the file system for configuration files, hoping to have found all configured locations for them, and all possible places a particular setting is, is - and I don't think this is hyperbole - madness. PolicyKit I'm sure was introduced to make things easier, but the truth is that it's a fricking mess of magnificent proportions (no prizes for guessing which company is responsible for it) and it desperately needs to be cleaned up
I really hope someone who really understands PolicyKit could write something like that
I also really wish we would stop allowing Red Hat to destroy our OS
Anders
There appears to be another bug (#727857) that's caused by that policykit. At the moment, I can't connect via WiFi, because nm is waiting for authorization. The access point is working properly and I can connect to it, if I reboot into Windows 7. Further, when managing connections and root password is needed, the password box is usually hidden. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 11/20/2011 10:56 AM, James Knott pecked at the keyboard and wrote:
Will Stephenson wrote:
Gah, I wish I'd joined this thread earlier before the flames started. This issue is due to SUSE-specific excessively (IMO) strict default PolicyKit-1 configuration for NetworkManager, not KDE or GNOME:
https://bugzilla.novell.com/show_bug.cgi?id=716291
Comment #9 gives a workaround that restores the 11.4 behaviour, that I think should be the default.
Please don't ruin a perfectly good argument with facts!
There you go, facts getting in the way of a good argument again. :-)
Then everyone else on the thread, please consider how much funner* your Sunday email would have been had you checked bugzilla a bit harder before launching the 'Report bugs upstream'/'Ask for a refund!'/"In the real world, you'd be fired for this"/'KDE sucks!'/'You suck!' Mutally Assured Community Destruction missiles.
I still want a refund. ;-)
Here you go, $$$$$$$$$$$$$$. I hope I gave you enough. :-) -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sunday 20 November 2011, Anders Johansson wrote:
I really hope someone who really understands PolicyKit could write something like that
I also really wish we would stop allowing Red Hat to destroy our OS
Hehe, I'd like to maintain a non-poettering openSUSE branch! I wonder if this could be done having a few people working on it? cu, Rudi -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sunday 20 November 2011 18:27:57 Will Stephenson wrote:
On Sunday 20 Nov 2011 17:18:33 Stefan Seyfried wrote:
So it looks to my untrained eye as it should not work
I suppose we need Ludwig to tell us how else it can be configured.
I was messing around a long time ago with the kde4 policykit settings module in systemsettings. Maybe this made me "always admin"?
Could be, but unlikely, as these permissions were only added in 12.1. Unless they inherit and you added a "org.freedesktop.* yes" type permisson. You'd have to look and see. I don't know how to check any local overrides added using the polkit API using gnome or the command line though.
Through config files in /etc/polkit-1/localauthority.conf.d you can effectively make any user admin as far as PolicyKit is concerned. If you then are logged in as that user, you won't be asked to authenticate further Anders -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 20.11.2011 17:49, Anders Johansson wrote:
What do you have in /etc/polkit-1/localauthority.conf.d ?
bingo: susi:/etc/polkit-1/localauthority.conf.d # grep -v ^# * 50-localauthority.conf: 50-localauthority.conf:[Configuration] 50-localauthority.conf:AdminIdentities=unix-user:0 75-polkitkde.conf:[Configuration] 75-polkitkde.conf:AdminIdentities=unix-user:seife susi:/etc/polkit-1/localauthority.conf.d # l * -rw-r--r-- 1 root root 267 Nov 11 09:36 50-localauthority.conf -rw-rw-r-- 1 root root 48 Nov 4 2010 75-polkitkde.conf So no wonder I'm allowed to do everything :-) -- Stefan Seyfried "Dispatch war rocket Ajax to bring back his body!" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sunday, November 20, 2011 06:38:21 PM Anders Johansson wrote:
On Sunday 20 Nov 2011 17:18:33 Stefan Seyfried wrote:
So it looks to my untrained eye as it should not work
I suppose we need Ludwig to tell us how else it can be configured.
I was messing around a long time ago with the kde4 policykit settings module in systemsettings. Maybe this made me "always admin"?
Could be, but unlikely, as these permissions were only added in 12.1. Unless they inherit and you added a "org.freedesktop.* yes" type permisson. You'd have to look and see. I don't know how to check any local overrides added using the polkit API using gnome or the command line though. Through config files in /etc/polkit-1/localauthority.conf.d you can effectively make any user admin as far as PolicyKit is concerned. If you
On Sunday 20 November 2011 18:27:57 Will Stephenson wrote: then are logged in as that user, you won't be asked to authenticate further
Anders That sounds appealing to my use-case. How do I go about doing that? Frankly, I would like if it asked me for authentication a whole lot less since I am the only one that uses my machines... and I always set up an account if I have a guest. -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sunday, November 20, 2011 05:59:38 PM Anders Johansson wrote:
On Sunday 20 November 2011 16:55:27 Will Stephenson wrote:
If those are missing, I wonder whether the SUSE patch would fall back to the more permissive upstream NM default, ie /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy
We seriously truly need a good GUI admin interface for PolicyKit, that will take all the configuration files, and present the current settings in a comprehensive manner, and allow an admin to make changes.
Having to scour the file system for configuration files, hoping to have found all configured locations for them, and all possible places a particular setting is, is - and I don't think this is hyperbole - madness. PolicyKit I'm sure was introduced to make things easier, but the truth is that it's a fricking mess of magnificent proportions (no prizes for guessing which company is responsible for it) and it desperately needs to be cleaned up
I really hope someone who really understands PolicyKit could write something like that
I also really wish we would stop allowing Red Hat to destroy our OS
Anders I was looking at the policy kit thingamabob in Sytem Settings and it looks robust, and not too complicated. Having the help files actually having some documentation would be the biggest help I could imagine. -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sunday 20 November 2011 11:20:44 Roger Luedecke wrote:
That sounds appealing to my use-case. How do I go about doing that? Frankly, I would like if it asked me for authentication a whole lot less since I am the only one that uses my machines... and I always set up an account if I have a guest.
See the file that's in there now. Copy that to a new file, and replace '0' with either your username or your uid. See the email from Stefan for an example from his system Anders -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Gah, I wish I'd joined this thread earlier before the flames started. This issue is due to SUSE-specific excessively (IMO) strict default PolicyKit-1 configuration for NetworkManager, not KDE or GNOME:
https://bugzilla.novell.com/show_bug.cgi?id=716291
Comment #9 gives a workaround that restores the 11.4 behaviour, that I think should be the default. I was looking at the policykit sytem setting module last night since the
On Sunday, November 20, 2011 04:45:48 PM Will Stephenson wrote: dialog for authentication referenced policy kit. From what I could tell (I can't find proper documentation, so it may be purely guesswork) the settings regarding NetworkManager seem to be such that the behavior should be akin to 11.4. However, if our sytem policies are not implemented correctly... that is that the module is not displaying accurate information, then we have done something horribly wrong. Also, it seems rather strange that I can fiddle with policykit settings in there with no authentication. Seems like a bigger security risk than a looser wifi thingamajig. -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
James Knott wrote:
There appears to be another bug (#727857) that's caused by that policykit. At the moment, I can't connect via WiFi, because nm is waiting for authorization. The access point is working properly and I can connect to it, if I reboot into Windows 7. Further, when managing connections and root password is needed, the password box is usually hidden.
Not only does it frequently fail to connect. It also drops existing connections. WiFi in 12.1 appears to be very flakey. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 11/20/2011 03:35 PM, James Knott wrote:
James Knott wrote:
There appears to be another bug (#727857) that's caused by that policykit. At the moment, I can't connect via WiFi, because nm is waiting for authorization. The access point is working properly and I can connect to it, if I reboot into Windows 7. Further, when managing connections and root password is needed, the password box is usually hidden.
Not only does it frequently fail to connect. It also drops existing connections. WiFi in 12.1 appears to be very flakey.
That does not conform with my experience. Connections are quick and stable for most drivers. What device do you have? Larry -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sun, Nov 20, 2011 at 18:28, James Knott
There appears to be another bug (#727857) that's caused by that policykit. At the moment, I can't connect via WiFi, because nm is waiting for authorization. The access point is working properly and I can connect to it, if I reboot into Windows 7. Further, when managing connections and root password is needed, the password box is usually hidden.
I came across this during the Beta cycles... it's annoying. It seems to happen mainly when initially setting up the connection.. I had to set up the connection at least 3 times in a row before it would "take" so to speak.. after it worked fine. I just did a clean install on my laptop and it's still there on the final 12.1 release.. it's a pretty significant bug too :-( I pity the poor new user who runs into this one. Basically, WiFi won't work for them. The work around, is to force the network manager to disconenct, then edit the connection - you will see that it has forgotten the WiFi password. Enter it and save then try reconnecting... it might timeout again... if it does disconnect/break the connect attempt, and Edit the connection again.. chances are it's forgotten the WiFi password again... I've had to repeat thsi up to 3 times before the WiFi password was actually stored... Next thing is... I could have sworn I found the bug report on exactly this, but tonight... I can't find it anywhere. C. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sunday 20 November 2011 23:08:39 C wrote:
The work around, is to force the network manager to disconenct, then edit the connection - you will see that it has forgotten the WiFi password. Enter it and save then try reconnecting... it might timeout again... [...]
That's what I experienced here with 12.1 on an Acer Travelmate 5735Z-452G32Mnss. After a while I found a workaround: when I HW-disable wifi (via acer-wmi key) and re-enable it, the access point is always found and automatically used, just like it was with 11.4 (up to the last tumbleweed kernel). m. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
C wrote:
On Sun, Nov 20, 2011 at 18:28, James Knott
wrote: There appears to be another bug (#727857) that's caused by that policykit. At the moment, I can't connect via WiFi, because nm is waiting for authorization. The access point is working properly and I can connect to it, if I reboot into Windows 7. Further, when managing connections and root password is needed, the password box is usually hidden.
I came across this during the Beta cycles... it's annoying. It seems to happen mainly when initially setting up the connection.. I had to set up the connection at least 3 times in a row before it would "take" so to speak.. after it worked fine. I just did a clean install on my laptop and it's still there on the final 12.1 release.. it's a pretty significant bug too :-( I pity the poor new user who runs into this one. Basically, WiFi won't work for them.
The work around, is to force the network manager to disconenct, then edit the connection - you will see that it has forgotten the WiFi password. Enter it and save then try reconnecting... it might timeout again... if it does disconnect/break the connect attempt, and Edit the connection again.. chances are it's forgotten the WiFi password again... I've had to repeat thsi up to 3 times before the WiFi password was actually stored...
Next thing is... I could have sworn I found the bug report on exactly this, but tonight... I can't find it anywhere.
C.
Check the bug mentioned at the top. It's still there. Also, I don't recall it losing the password, but when I just went to check, I got an error: "Error checking authorization: GDBus.Error:freedesktop.DBus.Error.NoReply Message did not receive a reply (timeout by message bus)" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Larry Finger wrote:
On 11/20/2011 03:35 PM, James Knott wrote:
James Knott wrote:
There appears to be another bug (#727857) that's caused by that policykit. At the moment, I can't connect via WiFi, because nm is waiting for authorization. The access point is working properly and I can connect to it, if I reboot into Windows 7. Further, when managing connections and root password is needed, the password box is usually hidden.
Not only does it frequently fail to connect. It also drops existing connections. WiFi in 12.1 appears to be very flakey.
That does not conform with my experience. Connections are quick and stable for most drivers. What device do you have?
Larry
I have a Realtek WiFi in a ThinkPad E520. The fail to connect problem has that bug report that was put in by someone else, so I'm not the only one experiencing it. I just turned on the computer and the WLAN interface is now "Waiting for authorization". -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Melchior FRANZ wrote:
On Sunday 20 November 2011 23:08:39 C wrote:
The work around, is to force the network manager to disconenct, then edit the connection - you will see that it has forgotten the WiFi password. Enter it and save then try reconnecting... it might timeout again... [...]
That's what I experienced here with 12.1 on an Acer Travelmate 5735Z-452G32Mnss. After a while I found a workaround: when I HW-disable wifi (via acer-wmi key) and re-enable it, the access point is always found and automatically used, just like it was with 11.4 (up to the last tumbleweed kernel).
m.
That work around also seems to work on my ThinkPad. tnx -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 11/20/2011 04:40 PM, James Knott wrote:
I have a Realtek WiFi in a ThinkPad E520. The fail to connect problem has that bug report that was put in by someone else, so I'm not the only one experiencing it. I just turned on the computer and the WLAN interface is now "Waiting for authorization".
There are 6 different Realtek wireless devices with kernel drivers. Could you be a bit more specific? Larry -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Larry Finger wrote:
On 11/20/2011 04:40 PM, James Knott wrote:
I have a Realtek WiFi in a ThinkPad E520. The fail to connect problem has that bug report that was put in by someone else, so I'm not the only one experiencing it. I just turned on the computer and the WLAN interface is now "Waiting for authorization".
There are 6 different Realtek wireless devices with kernel drivers. Could you be a bit more specific?
Larry Realtek rtl8192ce -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2011-11-19 at 22:41 -0500, James Knott wrote: ...
I got my distro from openSUSE and not KDE, so it's openSUSE I deal with.
+1 - -- Cheers, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAk7JlbMACgkQtTMYHG2NR9VjBQCdEDD6MyqQy6lnYq29V8Hm4T27 m8cAn28MhZhj4FC9E/c2KgOvynYQEOFi =KoHC -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Saturday, 2011-11-19 at 22:41 -0500, James Knott wrote:
...
I got my distro from openSUSE and not KDE, so it's openSUSE I deal with.
+1 My personal philosophy is "I probably screwed this up." Thus I believe in doing the best job I can before escalating the issue to the next higher authority. This translates to my approach here of, "exhaust all local
On Monday, November 21, 2011 01:05:06 AM Carlos E. R. wrote: possibilities, then take it upstream." It seems unfair to potentially blame the KDE etc. people upstream when a screw up could very well be a simple goof in the way we implemented something. And, if we get into a habit of passing blame... openSUSE will degrade and we'll just assume the rest of the world turned lazy/stupid. None of these are desirable. -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Le dimanche 20 novembre 2011, à 01:33 +0100, Sven Burmeister a écrit :
Am Samstag, 19. November 2011, 16:31:57 schrieb James Knott:
Sven Burmeister wrote:
Read the bug reports I posted, the issue is known. Root is only needed for creating the connection because it is saved outside user-space. Connecting however works without root password.
As owner of my computers, it's not a problem to enter the root password. However, it is a serious problem in corporate environments, where a user, who likely won't have the root password, will not be able to use WiFi at home or elsewhere. It's an extremely *STOOPID* design.
I think it does make sense to be able to restrict users to not be able to add more network configs. Whether it should be default is debatable. But allowing everybody to add connections and thus working around the connections set-up by the admin can also be a security risk for corporate IT.
I'm not sure but there should be a policy-kit setting somewhere to allow everybody to create connections.
I think it's something like putting org.freedesktop.NetworkManager.settings.modify.own auth_admin:auth_admin:yes org.freedesktop.NetworkManager.settings.modify.system auth_admin:auth_admin:yes in /etc/polkit-default-privs.local and then run /sbin/set_polkit_default_privs. Vincent -- Les gens heureux ne sont pas pressés. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 21/11/11 18:28, Vincent Untz wrote:
Le dimanche 20 novembre 2011, à 01:33 +0100, Sven Burmeister a écrit :
Read the bug reports I posted, the issue is known. Root is only needed for creating the connection because it is saved outside user-space. Connecting however works without root password. As owner of my computers, it's not a problem to enter the root
Sven Burmeister wrote: password. However, it is a serious problem in corporate environments, where a user, who likely won't have the root password, will not be able to use WiFi at home or elsewhere. It's an extremely *STOOPID* design. I think it does make sense to be able to restrict users to not be able to add more network configs. Whether it should be default is debatable. But allowing everybody to add connections and thus working around the connections set-up by
Am Samstag, 19. November 2011, 16:31:57 schrieb James Knott: the admin can also be a security risk for corporate IT.
I'm not sure but there should be a policy-kit setting somewhere to allow everybody to create connections. I think it's something like putting
org.freedesktop.NetworkManager.settings.modify.own auth_admin:auth_admin:yes org.freedesktop.NetworkManager.settings.modify.system auth_admin:auth_admin:yes
in /etc/polkit-default-privs.local and then run /sbin/set_polkit_default_privs.
Vincent
Gentlemen,
While you are debating as to what to do where and to whom to stop this
Authorisation Required message thingie, I am being bombarded every few
minutes with this message.
Suddenly, today, I started to get this message
On 21/11/11 20:16, Basil Chupin wrote:
On 21/11/11 18:28, Vincent Untz wrote:
Le dimanche 20 novembre 2011, à 01:33 +0100, Sven Burmeister a écrit :
Read the bug reports I posted, the issue is known. Root is only needed for creating the connection because it is saved outside user-space. Connecting however works without root password. As owner of my computers, it's not a problem to enter the root
Sven Burmeister wrote: password. However, it is a serious problem in corporate environments, where a user, who likely won't have the root password, will not be able to use WiFi at home or elsewhere. It's an extremely *STOOPID* design. I think it does make sense to be able to restrict users to not be able to add more network configs. Whether it should be default is debatable. But allowing everybody to add connections and thus working around the connections set-up by
Am Samstag, 19. November 2011, 16:31:57 schrieb James Knott: the admin can also be a security risk for corporate IT.
I'm not sure but there should be a policy-kit setting somewhere to allow everybody to create connections. I think it's something like putting
org.freedesktop.NetworkManager.settings.modify.own auth_admin:auth_admin:yes org.freedesktop.NetworkManager.settings.modify.system auth_admin:auth_admin:yes
in /etc/polkit-default-privs.local and then run /sbin/set_polkit_default_privs.
Vincent
Gentlemen,
While you are debating as to what to do where and to whom to stop this Authorisation Required message thingie, I am being bombarded every few minutes with this message.
Suddenly, today, I started to get this message
for no reason at all. What needs to be done to get rid of this pest, please?
I am running the now-officially-released 32-bit oS 12.1 - with KDE4.7.3 and kernel 3.1.1 - which means that I should be posting this message in Help and not Factory; but I accidentally stumbled on your exchanges which is why I am writing this here.
So, will what Vintent states (above) rid me of this pesky pop-up message from (?)NetworkManager?
Thanks.
BC
Oh, sorry, I forgot to mention that I am running the Desktop kernel and not the Default which comes with 12.1. BC -- Diapers and politicians should be changed often; both for the same reason. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Monday 21 November 2011 20:18:53 Basil Chupin wrote:
On 21/11/11 20:16, Basil Chupin wrote:
On 21/11/11 18:28, Vincent Untz wrote:
Le dimanche 20 novembre 2011, à 01:33 +0100, Sven Burmeister a écrit :
Am Samstag, 19. November 2011, 16:31:57 schrieb James Knott:
Sven Burmeister wrote:
Read the bug reports I posted, the issue is known. Root is only needed for creating the connection because it is saved outside user-space. Connecting however works without root password.
As owner of my computers, it's not a problem to enter the root password. However, it is a serious problem in corporate environments, where a user, who likely won't have the root password, will not be able to use WiFi at home or elsewhere. It's an extremely *STOOPID* design.
I think it does make sense to be able to restrict users to not be able to add more network configs. Whether it should be default is debatable. But allowing everybody to add connections and thus working around the connections set-up by the admin can also be a security risk for corporate IT.
I'm not sure but there should be a policy-kit setting somewhere to allow everybody to create connections.
I think it's something like putting
org.freedesktop.NetworkManager.settings.modify.own auth_admin:auth_admin:yes org.freedesktop.NetworkManager.settings.modify.system auth_admin:auth_admin:yes
in /etc/polkit-default-privs.local and then run /sbin/set_polkit_default_privs.
Vincent
Gentlemen,
While you are debating as to what to do where and to whom to stop this Authorisation Required message thingie, I am being bombarded every few minutes with this message.
Suddenly, today, I started to get this message
for no reason at all. What needs to be done to get rid of this pest, please?
I am running the now-officially-released 32-bit oS 12.1 - with KDE4.7.3 and kernel 3.1.1 - which means that I should be posting this message in Help and not Factory; but I accidentally stumbled on your exchanges which is why I am writing this here.
So, will what Vintent states (above) rid me of this pesky pop-up message from (?)NetworkManager?
Thanks.
BC
Oh, sorry, I forgot to mention that I am running the Desktop kernel and not the Default which comes with 12.1.
I posted the link to the workarounds elsewhere in this thread already WIll -- Will Stephenson, KDE Developer, openSUSE Boosters Team SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 21/11/11 22:14, Will Stephenson wrote:
On Monday 21 November 2011 20:18:53 Basil Chupin wrote:
On 21/11/11 20:16, Basil Chupin wrote:
On 21/11/11 18:28, Vincent Untz wrote:
Le dimanche 20 novembre 2011, à 01:33 +0100, Sven Burmeister a écrit :
Sven Burmeister wrote: > Read the bug reports I posted, the issue is known. Root is only > needed > for creating the connection because it is saved outside > user-space. > Connecting however works without root password. As owner of my computers, it's not a problem to enter the root password. However, it is a serious problem in corporate environments, where a user, who likely won't have the root password, will not be able to use WiFi at home or elsewhere. It's an extremely *STOOPID* design. I think it does make sense to be able to restrict users to not be able to add more network configs. Whether it should be default is debatable. But allowing everybody to add connections and thus working around the connections set-up by
Am Samstag, 19. November 2011, 16:31:57 schrieb James Knott: the admin can also be a security risk for corporate IT.
I'm not sure but there should be a policy-kit setting somewhere to allow everybody to create connections. I think it's something like putting
org.freedesktop.NetworkManager.settings.modify.own auth_admin:auth_admin:yes org.freedesktop.NetworkManager.settings.modify.system auth_admin:auth_admin:yes
in /etc/polkit-default-privs.local and then run /sbin/set_polkit_default_privs.
Vincent Gentlemen,
While you are debating as to what to do where and to whom to stop this Authorisation Required message thingie, I am being bombarded every few minutes with this message.
Suddenly, today, I started to get this message
for no reason at all. What needs to be done to get rid of this pest, please?
I am running the now-officially-released 32-bit oS 12.1 - with KDE4.7.3 and kernel 3.1.1 - which means that I should be posting this message in Help and not Factory; but I accidentally stumbled on your exchanges which is why I am writing this here.
So, will what Vintent states (above) rid me of this pesky pop-up message from (?)NetworkManager?
Thanks.
BC Oh, sorry, I forgot to mention that I am running the Desktop kernel and not the Default which comes with 12.1. I posted the link to the workarounds elsewhere in this thread already
WIll
Thanks Will. I take it that comment #6, rather than #9 which you seem to suggest would be more applicable to laptops, in https://bugzilla.novell.com/show_bug.cgi?id=716291, is the one to apply? BC -- Diapers and politicians should be changed often; both for the same reason. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Monday 21 November 2011 23:06:46 Basil Chupin wrote:
I take it that comment #6, rather than #9 which you seem to suggest would be more applicable to laptops, in https://bugzilla.novell.com/show_bug.cgi?id=716291, is the one to apply?
Either version is fine for what you want to do. Will -- Will Stephenson, KDE Developer, openSUSE Boosters Team SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 21/11/11 23:27, Will Stephenson wrote:
On Monday 21 November 2011 23:06:46 Basil Chupin wrote:
I take it that comment #6, rather than #9 which you seem to suggest would be more applicable to laptops, in https://bugzilla.novell.com/show_bug.cgi?id=716291, is the one to apply? Either version is fine for what you want to do.
Will
Thank you, Will. BC -- Diapers and politicians should be changed often; both for the same reason. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 20.11.2011 01:52, schrieb Stefan Seyfried:
No, it doesn't. Only if you want to create a "system connection", that's the "make this connection available to all users" checkbox.
What? I haven´t such a checkbox. Only "connect automatically" (automatisch verbinden) and "systemconnection" (Systemverbindung). Do you mean something like this?
Unfortunately, this checkbox now seems to be the default. If you uncheck it, no root permissions are needed.
I´ve unchecked the "systemconnection" one, but still need root privileges to edit something. -- -o) Kim Leyendecker, openSUSE Community Member /\\ GPG Key: 664265369547B825 | leyendecker@opensuse.org _\_v http://www.opensuse.org - Linux for open minds -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 20.11.2011 16:45, schrieb Will Stephenson:
On Saturday 19 Nov 2011 12:24:17 Kim D. Leyendecker wrote:
Howdy all,
*Before* reading my mail, please note: openSUSE 11.4 ran perfect on my machine, after the upgrade to 12.1, networkmanager doesn't run at all.I can't connect to my router anymore (which worked yesterday, even with 12.1). The result is a completely angry user, who just wants his sane and working 11.4-like system back. Please excuse my offending mail, but I'm boiling totally.
My problem:
After the upgrade, NetworkManager doesn't ran anymore. I did some searching and fixed the problem. Now, today, I started my machine but NM can't connect anymore. It just says something like:
Wait for authorization
On 11.4 it used to be KWallet which asked my a password for NM. With 12.1 it's a KDE-su like one.
Does anyone else has the problem? I'm writing from my notebook because my workstation isn't connected anymore.
Please, can you help me? Gah, I wish I'd joined this thread earlier before the flames started. This issue is due to SUSE-specific excessively (IMO) strict default PolicyKit-1 configuration for NetworkManager, not KDE or GNOME:
https://bugzilla.novell.com/show_bug.cgi?id=716291
Comment #9 gives a workaround that restores the 11.4 behaviour, that I think should be the default.
In https://bugzilla.novell.com/show_bug.cgi?id=716291#c9 you wrote the following: I suggest (for laptops at least) org.freedesktop.NetworkManager.network-control auth_admin:auth_admin:yes org.freedesktop.NetworkManager.settings.modify.own auth_admin:auth_admin:yes org.freedesktop.NetworkManager.wifi.share.protected auth_admin:auth_admin:yes org.freedesktop.NetworkManager.wifi.share.open auth_admin:auth_admin:yes org.freedesktop.ModemManager.Device.Control auth_admin:auth_admin:yes The last one allows the user to unlock the modem with a PIN I think Juergen's suggestion goes too far, since that allows all logged in users to modify all users' connections. Where exactly can I find the config-file to make the change?
Then everyone else on the thread, please consider how much funner* your Sunday email would have been had you checked bugzilla a bit harder before launching the 'Report bugs upstream'/'Ask for a refund!'/"In the real world, you'd be fired for this"/'KDE sucks!'/'You suck!' Mutally Assured Community Destruction missiles.
Will
* for my nonviolent definition of fun.
I guess since humans are argue-addicted you´ll never will stop that behavior. Just have a look at me: I´m sometimes (only sometimes?) acting like a complete jackass. Even without knowing about /that/ I´m acting alike ;-) thanks for your help, --kdl -- -o) Kim Leyendecker, openSUSE Community Member /\\ GPG Key: 664265369547B825 | leyendecker@opensuse.org _\_v http://www.opensuse.org - Linux for open minds -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 21.11.2011 08:28, schrieb Vincent Untz:
Le dimanche 20 novembre 2011, � 01:33 +0100, Sven Burmeister a �crit :
Am Samstag, 19. November 2011, 16:31:57 schrieb James Knott:
Sven Burmeister wrote:
> Read the bug reports I posted, the issue is known. Root is only needed > for creating the connection because it is saved outside user-space. > Connecting however works without root password.
As owner of my computers, it's not a problem to enter the root password. However, it is a serious problem in corporate environments, where a user, who likely won't have the root password, will not be able to use WiFi at home or elsewhere. It's an extremely*STOOPID* design.
I think it does make sense to be able to restrict users to not be able to add more network configs. Whether it should be default is debatable. But allowing everybody to add connections and thus working around the connections set-up by the admin can also be a security risk for corporate IT.
I'm not sure but there should be a policy-kit setting somewhere to allow everybody to create connections. I think it's something like putting
org.freedesktop.NetworkManager.settings.modify.own auth_admin:auth_admin:yes org.freedesktop.NetworkManager.settings.modify.system auth_admin:auth_admin:yes
in /etc/polkit-default-privs.local and then run /sbin/set_polkit_default_privs.
that leads me to this: polkit1: setting org.freedesktop.NetworkManager.settings.modify.own to aa:aa (wrong setting aak:aak:aak) Use of uninitialized value in concatenation (.) or string at /sbin/chkstat-polkit line 104. polkit1: setting org.freedesktop.NetworkManager.settings.modify.system to aa (wrong setting aak:aak:aak) Use of uninitialized value in concatenation (.) or string at /sbin/chkstat-polkit line 104. -- -o) Kim Leyendecker, openSUSE Community Member /\\ GPG Key: 664265369547B825 | leyendecker@opensuse.org _\_v http://www.opensuse.org - Linux for open minds -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Monday 21 Nov 2011 18:22:09 Kim Leyendecker wrote:
Where exactly can I find the config-file to make the change?
https://bugzilla.novell.com/show_bug.cgi?id=716291#c6 -- Will Stephenson, openSUSE Team SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
in /etc/polkit-default-privs.local and then run /sbin/set_polkit_default_privs.
that leads me to this:
polkit1: setting org.freedesktop.NetworkManager.settings.modify.own to aa:aa (wrong setting aak:aak:aak) Use of uninitialized value in concatenation (.) or string at /sbin/chkstat-polkit line 104. polkit1: setting org.freedesktop.NetworkManager.settings.modify.system to aa (wrong setting aak:aak:aak) Use of uninitialized value in concatenation (.) or string at /sbin/chkstat-polkit line 104.
Read "man polkit-default-privs" and check the syntax of /etc/polkit-default-privs.local, this sounds like the result of a syntax error there. If that doesn't help, paste it here. Will -- Will Stephenson, openSUSE Team SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 21.11.2011 19:18, schrieb Will Stephenson:
On Monday 21 Nov 2011 18:22:09 Kim Leyendecker wrote:
Where exactly can I find the config-file to make the change? https://bugzilla.novell.com/show_bug.cgi?id=716291#c6
thanks, at least it doesn´t need root privileges anymore! Let´s see if it will connect to my router the next to times I start my machine. thanks for your help, -- -o) Kim Leyendecker, openSUSE Community Member /\\ GPG Key: 664265369547B825 | leyendecker@opensuse.org _\_v http://www.opensuse.org - Linux for open minds -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 21.11.2011 19:21, schrieb Will Stephenson:
in /etc/polkit-default-privs.local and then run > /sbin/set_polkit_default_privs.
that leads me to this:
polkit1: setting org.freedesktop.NetworkManager.settings.modify.own to aa:aa (wrong setting aak:aak:aak) Use of uninitialized value in concatenation (.) or string at /sbin/chkstat-polkit line 104. polkit1: setting org.freedesktop.NetworkManager.settings.modify.system to aa (wrong setting aak:aak:aak) Use of uninitialized value in concatenation (.) or string at /sbin/chkstat-polkit line 104. Read "man polkit-default-privs" and check the syntax of /etc/polkit-default-privs.local, this sounds like the result of a syntax error there. If that doesn't help, paste it here.
corrected my file. No it says the following: polkit1: setting org.freedesktop.NetworkManager.settings.modify.own to aa:aa:yes polkit1: setting org.freedesktop.NetworkManager.settings.modify.system to aa:aa:yes -- -o) Kim Leyendecker, openSUSE Community Member /\\ GPG Key: 664265369547B825 | leyendecker@opensuse.org _\_v http://www.opensuse.org - Linux for open minds -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 21/11/11 23:27, Will Stephenson wrote:
On Monday 21 November 2011 23:06:46 Basil Chupin wrote:
I take it that comment #6, rather than #9 which you seem to suggest would be more applicable to laptops, in https://bugzilla.novell.com/show_bug.cgi?id=716291, is the one to apply? Either version is fine for what you want to do.
Will
Hi Will, Further to the above, I have applied your suggested patch (the first one) and this policykit crap still keeps coming back every few minutes! It is driving me nuts! I just checked the progress of this bug and the last comment (#25): Ludwig Nussel 2011-12-06 08:16:26 UTC actually already released states, as you can see, that the fix had been released at the beginning of this month. But where is it? (There goes this policykit crap again! "Who will rid me of this pesky policykit thing?") Can yo throw some light on this thing, please? BC -- It is easy to convince people of something, but hard to keep them convinced. Niccolo Machiavelli -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 18.12.2011 06:41, schrieb Basil Chupin:
On 21/11/11 23:27, Will Stephenson wrote:
On Monday 21 November 2011 23:06:46 Basil Chupin wrote:
I take it that comment #6, rather than #9 which you seem to suggest would be more applicable to laptops, in https://bugzilla.novell.com/show_bug.cgi?id=716291, is the one to apply? Either version is fine for what you want to do.
Will
Hi Will,
Further to the above, I have applied your suggested patch (the first one) and this policykit crap still keeps coming back every few minutes! It is driving me nuts!
I just checked the progress of this bug and the last comment (#25):
Ludwig Nussel 2011-12-06 08:16:26 UTC
actually already released
states, as you can see, that the fix had been released at the beginning of this month. But where is it?
this is in the normal update repo: http://download.opensuse.org/update/12.1/noarch/polkit-default-privs-12.1-10... and I have got it installed by "zypper up" over two weeks ago When you run grep PERMISSION_SECURITY /etc/sysconfig/security does it say "easy local" ? if there would be "secure", it would explain such problems. Ciao Bernhard M. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7ttaEACgkQSTYLOx37oWQq5QCgt9246WyuSsk/X7DjMN0C+uxM OIcAoJ+FqAAEJ5u5opZidYFbPkwa4z1f =z1kW -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 18/12/11 20:42, Bernhard M. Wiedemann wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 21/11/11 23:27, Will Stephenson wrote:
On Monday 21 November 2011 23:06:46 Basil Chupin wrote:
I take it that comment #6, rather than #9 which you seem to suggest would be more applicable to laptops, in https://bugzilla.novell.com/show_bug.cgi?id=716291, is the one to apply? Either version is fine for what you want to do.
Will Hi Will,
Further to the above, I have applied your suggested patch (the first one) and this policykit crap still keeps coming back every few minutes! It is driving me nuts!
I just checked the progress of this bug and the last comment (#25):
Ludwig Nussel 2011-12-06 08:16:26 UTC
actually already released
states, as you can see, that the fix had been released at the beginning of this month. But where is it?
Am 18.12.2011 06:41, schrieb Basil Chupin: this is in the normal update repo: http://download.opensuse.org/update/12.1/noarch/polkit-default-privs-12.1-10...
and I have got it installed by "zypper up" over two weeks ago
When you run grep PERMISSION_SECURITY /etc/sysconfig/security does it say "easy local" ? if there would be "secure", it would explain such problems.
Ciao Bernhard M. Thanks, Bernhard, for your response. Sorry for taking some time to respond.
Well, I do the zypper-dance every morning without missing a beat and while I do have the above rpm installed it was installed on 29 November; but the authorisation nonsense is still coming up. The output from the grep command you mentioned above is: linux-xxxx:~ # grep PERMISSION_SECURITY /etc/sysconfig/security # PERMISSION_SECURITY. If PERMISSION_SECURITY contains 'secure' or PERMISSION_SECURITY="easy local" Is this what was to be expected? BC -- It is easy to convince people of something, but hard to keep them convinced. Niccolo Machiavelli -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (20)
-
Anders Johansson
-
Basil Chupin
-
Bernhard M. Wiedemann
-
C
-
Carlos E. R.
-
James Knott
-
Ken Schneider - openSUSE
-
Kim D. Leyendecker
-
Kim Leyendecker
-
Larry Finger
-
Lew Wolfgang
-
Martin Schlander
-
Melchior FRANZ
-
Nelson Marques
-
Roger Luedecke
-
Rüdiger Meier
-
Stefan Seyfried
-
Sven Burmeister
-
Vincent Untz
-
Will Stephenson