Re: Blocking a user from activating Airplane mode

Mon, 16 Sep 2013 14:15:51 -0700 

On Mon, 2013-09-16 at 12:06 -0500, Dan Williams wrote:
> On Sun, 2013-09-15 at 19:36 +0100, Phil Reynolds wrote:
> > My partner sometimes uses my laptop, and on two occasions has somehow
> > activated Airplane mode - this of course drops the WLAN and WWAN
> > connections. I can't even get the WWAN to work again after this happens
> > without rebooting.
> > 
> > I am wondering if there is a way I can stop him activating Airplane
> > mode - it's not something he would ever need to activate anyway.
> 
> NetworkManager uses PolicyKit to protect various operations like this.
> What you want to do is to ensure that the user cannot obtain these
> permissions:

Note that this obviously doesn't stop them from turning airplane mode on
if there's a hardware switch or a soft-key.  That's usually controlled
by BIOS and there's no good way to lock that down, unless BIOS provides
one.

Also note that it only stops *NetworkManager* from touching the airplane
mode status; it won't stop other apps from doing so, if they also
provide the ability to turn airplane mode on/off by talking to the
kernel directly.

Dan

> org.freedesktop.NetworkManager.enable-disable-wifi
> org.freedesktop.NetworkManager.enable-disable-wwan
> 
> which you'd do by writing some PolicyKit rules to deny that user these
> two permissons.  Rules are just files that get dropped
> into /etc/polkit-1/rules.d and look like this:
> 
> polkit.addRule(function(action, subject) {
>     if (action.id == "org.freedesktop.NetworkManager.enable-disable-wifi" ||
>         action.id == "org.freedesktop.NetworkManager.enable-disable-wwan") {
>         if (subject.isInGroup("wheel")) {
>             return polkit.Result.YES;
>         } else {
>             return polkit.Result.NO;
>         }
>     }
> });
> 
> (or something along those lines) which will deny this permission
> completely to any user who is not in the Unix 'wheel' group.  There
> should be a good bit of info out there on writing policykit rules.
> 
> Hope this helps,
> Dan
> 
> _______________________________________________
> networkmanager-list mailing list
> networkmanager-list@gnome.org
> https://mail.gnome.org/mailman/listinfo/networkmanager-list


_______________________________________________
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Reply via email to