Hi, I spent half of yesterday banging my head on a desk trying to get the D-Bus permissions correct for Ubuntu 8.04. Can somebody explain exactly how the D-Bus permissions for NM on Debian-based systems are supposed to work? It's all group-based, right? For example, my current understanding is that the applet's permissions file should have group="netdev". But AFAIK, allowing 'root' to own a service should be universal.
Some of it might have to do with D-Bus not correctly handling permission file changes underneath it while it's running, sometimes requiring a SIGHUP to completely re-read the policy after doing a 'make install'. That happens everywhere. But the more frustrating thing was nm-dhcp-client.conf, which allows 'root' to own the service but apparently that's not correct out-of-the-box on Ubuntu 8.04. Does debian's dhclient drop privileges after binding to the port? What user should nm-dhcp-client.action use? So far we have: NetworkManager.conf - should be owned by 'root' and nobody else, but should allow console/privileged users to talk to it. I assume that means that debian wants group="netdev" in addition to at_console. nm-applet.conf - should allow console users to own the service, should allow anyone to query the service, but should ONLY allow root (ie, NM) to ask for secrets nm-dhcp-client.conf - should allow the user that dhclient runs as to own the service nm-dispatcher.conf - should allow 'root' to own the service nm-openvpn-service.conf - should allow 'root' to own the service nm-system-settings.conf - should allow root to own the service, should allow anyone to query the service, but should ONLY allow root (ie, NM) to ask for secrets nm-vpnc-service.conf - should allow 'root' to own the service I'd like to get the required changes to the D-Bus permissions files upstream. I know I could have pulled stuff from somebody's PPA (and I did pull dbus-glib, thanks!) but the point is, of course, to make NM easier to both install from source, and easier for packagers to package on Debian-based distros. Dan _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
