[opensuse-support] NetworkManager requires root permissions
new install of Tw using NetworkManager. starting/stopping/changing network requires root permissions. I cannot even remotely restart the subj computer w/o physical access to provide root password. none of my other Tw installs with NM require this. how to change? found discussion on google but nothing that appears relevant. polkit configs are the same on all Tw boxes. wtf! tks, -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
Op zondag 9 juni 2019 17:18:16 CEST schreef Patrick Shanahan:
new install of Tw using NetworkManager.
starting/stopping/changing network requires root permissions. I cannot even remotely restart the subj computer w/o physical access to provide root password. none of my other Tw installs with NM require this.
how to change?
found discussion on google but nothing that appears relevant. polkit configs are the same on all Tw boxes. wtf!
tks, Patrick, is this for a wired connection? I recently ( provider + modem router changed ) found that the wired connection is automatically set to be used by all users, and afterwards attempts to edit the connection indeed required the root password. This on my laptop with KDE - TW and NM
-- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
* Knurpht-openSUSE
Op zondag 9 juni 2019 17:18:16 CEST schreef Patrick Shanahan:
new install of Tw using NetworkManager.
starting/stopping/changing network requires root permissions. I cannot even remotely restart the subj computer w/o physical access to provide root password. none of my other Tw installs with NM require this.
how to change?
found discussion on google but nothing that appears relevant. polkit configs are the same on all Tw boxes. wtf!
tks, Patrick, is this for a wired connection? I recently ( provider + modem router changed ) found that the wired connection is automatically set to be used by all users, and afterwards attempts to edit the connection indeed required the root password. This on my laptop with KDE - TW and NM
no. but I have several other Tw/NM boxes which do not require root pw to attach/change/add/subtract/... requiring root pw is a killer. should be able to adjust that *somewhere* and polkit may be the place but it is not consistant as my other Tw's have same polkit defaults. tks, -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
On 10/06/2019 01:12, Patrick Shanahan wrote:
* Knurpht-openSUSE
[06-09-19 11:38]: Op zondag 9 juni 2019 17:18:16 CEST schreef Patrick Shanahan:
new install of Tw using NetworkManager.
starting/stopping/changing network requires root permissions. I cannot even remotely restart the subj computer w/o physical access to provide root password. none of my other Tw installs with NM require this.
how to change?
found discussion on google but nothing that appears relevant. polkit configs are the same on all Tw boxes. wtf!
tks, Patrick, is this for a wired connection? I recently ( provider + modem router changed ) found that the wired connection is automatically set to be used by all users, and afterwards attempts to edit the connection indeed required the root password. This on my laptop with KDE - TW and NM
no. but I have several other Tw/NM boxes which do not require root pw to attach/change/add/subtract/... requiring root pw is a killer. should be able to adjust that *somewhere* and polkit may be the place but it is not consistant as my other Tw's have same polkit defaults.
As far as I know the default requires root permissions and always have (atleast for the last 3+ years) not sure what's special on your other systems so that its not the case. Polkit is the right place to change this, the config I use allows any user in the "network" group to change the global network connection. If you'd like to do something similar you can grab it from here. http://paste.opensuse.org/view//61017704 -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
* Simon Lees
On 10/06/2019 01:12, Patrick Shanahan wrote:
* Knurpht-openSUSE
[06-09-19 11:38]: Op zondag 9 juni 2019 17:18:16 CEST schreef Patrick Shanahan:
new install of Tw using NetworkManager.
starting/stopping/changing network requires root permissions. I cannot even remotely restart the subj computer w/o physical access to provide root password. none of my other Tw installs with NM require this.
how to change?
found discussion on google but nothing that appears relevant. polkit configs are the same on all Tw boxes. wtf!
tks, Patrick, is this for a wired connection? I recently ( provider + modem router changed ) found that the wired connection is automatically set to be used by all users, and afterwards attempts to edit the connection indeed required the root password. This on my laptop with KDE - TW and NM
no. but I have several other Tw/NM boxes which do not require root pw to attach/change/add/subtract/... requiring root pw is a killer. should be able to adjust that *somewhere* and polkit may be the place but it is not consistant as my other Tw's have same polkit defaults.
As far as I know the default requires root permissions and always have (atleast for the last 3+ years) not sure what's special on your other systems so that its not the case.
Polkit is the right place to change this, the config I use allows any user in the "network" group to change the global network connection. If you'd like to do something similar you can grab it from here.
tks, added rule, checked perms, systemctl restart polkit <user> is member groups nm-openconnect,nm-openvpn,systemd-network there is no group: network changing network connection still requires root passwd rebooted system still requires root passwd systemctl status polkit Operator of unix-session:2 successfully authenticated as unix-user:root to gain TEMPORARY authorization for action org.freedesktop.NetworkManager.settings.modify.system for unix-process:1928:2344 [kded5 [kdeinit5]] (owned by unix-user:paka) ??? tks, -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
* Patrick Shanahan
* Simon Lees
[06-09-19 19:47]: On 10/06/2019 01:12, Patrick Shanahan wrote:
* Knurpht-openSUSE
[06-09-19 11:38]: Op zondag 9 juni 2019 17:18:16 CEST schreef Patrick Shanahan:
new install of Tw using NetworkManager.
starting/stopping/changing network requires root permissions. I cannot even remotely restart the subj computer w/o physical access to provide root password. none of my other Tw installs with NM require this.
how to change?
found discussion on google but nothing that appears relevant. polkit configs are the same on all Tw boxes. wtf!
tks, Patrick, is this for a wired connection? I recently ( provider + modem router changed ) found that the wired connection is automatically set to be used by all users, and afterwards attempts to edit the connection indeed required the root password. This on my laptop with KDE - TW and NM
no. but I have several other Tw/NM boxes which do not require root pw to attach/change/add/subtract/... requiring root pw is a killer. should be able to adjust that *somewhere* and polkit may be the place but it is not consistant as my other Tw's have same polkit defaults.
As far as I know the default requires root permissions and always have (atleast for the last 3+ years) not sure what's special on your other systems so that its not the case.
Polkit is the right place to change this, the config I use allows any user in the "network" group to change the global network connection. If you'd like to do something similar you can grab it from here.
tks, added rule, checked perms, systemctl restart polkit <user> is member groups nm-openconnect,nm-openvpn,systemd-network there is no group: network changing network connection still requires root passwd
rebooted system still requires root passwd
systemctl status polkit Operator of unix-session:2 successfully authenticated as unix-user:root to gain TEMPORARY authorization for action org.freedesktop.NetworkManager.settings.modify.system for unix-process:1928:2344 [kded5 [kdeinit5]] (owned by unix-user:paka)
???
tks,
update: added new group "network" to <user> restarted polkit <user> can now start/change/... NM BUT, network is not up until <user> login at runlevel 5 network needs to start when system comes up to at least multi-user level for remote administration. THIS IS NOT HAPPENING. tks for a partial solution, but more is necessary. and I cannot understand why this new Tw install performs differently than previous installs ????? -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
On 10/06/2019 13:52, Patrick Shanahan wrote:
* Patrick Shanahan
[06-09-19 23:39]: * Simon Lees
[06-09-19 19:47]: On 10/06/2019 01:12, Patrick Shanahan wrote:
* Knurpht-openSUSE
[06-09-19 11:38]: Op zondag 9 juni 2019 17:18:16 CEST schreef Patrick Shanahan:
new install of Tw using NetworkManager.
starting/stopping/changing network requires root permissions. I cannot even remotely restart the subj computer w/o physical access to provide root password. none of my other Tw installs with NM require this.
how to change?
found discussion on google but nothing that appears relevant. polkit configs are the same on all Tw boxes. wtf!
tks, Patrick, is this for a wired connection? I recently ( provider + modem router changed ) found that the wired connection is automatically set to be used by all users, and afterwards attempts to edit the connection indeed required the root password. This on my laptop with KDE - TW and NM
no. but I have several other Tw/NM boxes which do not require root pw to attach/change/add/subtract/... requiring root pw is a killer. should be able to adjust that *somewhere* and polkit may be the place but it is not consistant as my other Tw's have same polkit defaults.
As far as I know the default requires root permissions and always have (atleast for the last 3+ years) not sure what's special on your other systems so that its not the case.
Polkit is the right place to change this, the config I use allows any user in the "network" group to change the global network connection. If you'd like to do something similar you can grab it from here.
tks, added rule, checked perms, systemctl restart polkit <user> is member groups nm-openconnect,nm-openvpn,systemd-network there is no group: network changing network connection still requires root passwd
rebooted system still requires root passwd
systemctl status polkit Operator of unix-session:2 successfully authenticated as unix-user:root to gain TEMPORARY authorization for action org.freedesktop.NetworkManager.settings.modify.system for unix-process:1928:2344 [kded5 [kdeinit5]] (owned by unix-user:paka)
???
tks,
update: added new group "network" to <user> restarted polkit <user> can now start/change/... NM
Sorry I should have mentioned I created the "network" group and added it to my user
BUT, network is not up until <user> login at runlevel 5
network needs to start when system comes up to at least multi-user level for remote administration. THIS IS NOT HAPPENING.
What is runlevel 5? runlevels haven't existed in practice for years. on my Odroid C1, I know that the network target is reached without any login because after configuring the network I mostly run it headless its probably still launching a display manager but I never login, so whether its coming up at multi user or graphical level I don't know but its certainly before user login. I think multi user makes much more sense but if its graphical I wouldn't be soemwhat supprised. Again on my laptop my VPN connection will persist if I logout and log back in which again suggests its not tied to my user session otherwise I wouldn't see that but at the same time I don't care about the network until i'm logged in there so I never payed attention. One thing to try might be deleting the old connections and creating them again it could be that your old connections were created just for the user and you now need to create global ones but I don't remember the details here.
tks for a partial solution, but more is necessary. and I cannot understand why this new Tw install performs differently than previous installs ?????
The only thing that I can think of is at some point we changed from using wicked as the default on "Desktop" systems to using Network Manager, Network Manager was always the default on laptops but its now also the default for "desktops", currently a "desktop" is defined as a machine that had either Gnome or KDE selected in the installer. So maybe in the past you were using wicked or maybe whatever you used to do to swap from wicked to Network Manager did things slightly differently, but on every openSUSE machine i've had in the last 3 years with Network Manager i've had to configure it so that my user can create and modify global network connections so that part atleast doesn't seem different to me. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
* Simon Lees
On 10/06/2019 13:52, Patrick Shanahan wrote:
* Patrick Shanahan
[06-09-19 23:39]: * Simon Lees
[06-09-19 19:47]: On 10/06/2019 01:12, Patrick Shanahan wrote:
* Knurpht-openSUSE
[06-09-19 11:38]: Op zondag 9 juni 2019 17:18:16 CEST schreef Patrick Shanahan: > new install of Tw using NetworkManager. > > starting/stopping/changing network requires root permissions. I cannot > even remotely restart the subj computer w/o physical access to provide > root password. none of my other Tw installs with NM require this. > > how to change? > > found discussion on google but nothing that appears relevant. polkit > configs are the same on all Tw boxes. wtf!
[...]
BUT, network is not up until <user> login at runlevel 5
network needs to start when system comes up to at least multi-user level for remote administration. THIS IS NOT HAPPENING.
What is runlevel 5? runlevels haven't existed in practice for years.
graphic.target, sorry, old habits and memory.
on my Odroid C1, I know that the network target is reached without any login because after configuring the network I mostly run it headless its probably still launching a display manager but I never login, so whether its coming up at multi user or graphical level I don't know but its certainly before user login.
computer is set to boot into graphical.target, that be runlevel 5, which is default install level/target. I think multi user makes much more sense but if its graphical I wouldn't
be soemwhat supprised. Again on my laptop my VPN connection will persist if I logout and log back in which again suggests its not tied to my user session otherwise I wouldn't see that but at the same time I don't care about the network until i'm logged in there so I never payed attention.
logging <user> out does not drop network, but changing from graphical to multi-user does drop network and using nmcli as root from tty1 requires requesting and providing network password.
One thing to try might be deleting the old connections and creating them again it could be that your old connections were created just for the user and you now need to create global ones but I don't remember the details here.
will do that next
tks for a partial solution, but more is necessary. and I cannot understand why this new Tw install performs differently than previous installs ?????
The only thing that I can think of is at some point we changed from using wicked as the default on "Desktop" systems to using Network Manager, Network Manager was always the default on laptops but its now also the default for "desktops", currently a "desktop" is defined as a machine that had either Gnome or KDE selected in the installer. So maybe in the past you were using wicked or maybe whatever you used to do to swap from wicked to Network Manager did things slightly differently, but on every openSUSE machine i've had in the last 3 years with Network Manager i've had to configure it so that my user can create and modify global network connections so that part atleast doesn't seem different to me.
at present, after reboot network is not up until reaching graphical.target and <user> opens a session, auto logon is disabled. booting directly to multi-user.target there is no network and using "nmcli c u NetName" in a tty requires asking for and providing the wi-fi passwd by <user> or <root>. NetworkManager connections are all configured for the password to be available to everyone. will remove all current NM connections, reboot and reconfigure NM connections now. tks -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
* Patrick Shanahan
* Simon Lees
[06-10-19 06:36]:
[...]
at present, after reboot network is not up until reaching graphical.target and <user> opens a session, auto logon is disabled. booting directly to multi-user.target there is no network and using "nmcli c u NetName" in a tty requires asking for and providing the wi-fi passwd by <user> or <root>.
NetworkManager connections are all configured for the password to be available to everyone.
will remove all current NM connections, reboot and reconfigure NM connections now.
systemctl stop network NetworkManager rm -rf /etc/NetworkManager/system-connections/* systemctl start network NetworkManager connected to available (local) wifi reconfigured connection systemctl restart network NetworkManager added two other local wifi connections remote reboot now provides network connection. tks, -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
participants (3)
-
Knurpht-openSUSE
-
Patrick Shanahan
-
Simon Lees