Looks like the 2-3 paragraphs describing how the .pkla files are loaded and used has me confused (I'm guessing I'm not the only one in that boat?).
But in any event, I managed to find a way for it to work for the time being :-( ... and the polkit doc is for another mailing list... STÉPHANE BOUCHER Consultant software D-BOX Technologies Inc. | A. 2172 de la Province, Longueuil, QC J4G 1R7 CANADA | T. 450-442-3003 | D. | W. d-box.com -----Message d'origine----- De : networkmanager-list [mailto:[email protected]] De la part de Stéphane Boucher Envoyé : March 28, 2017 11:11 AM À : Dan Williams <[email protected]>; [email protected] Objet : RE: NetworkManager general permission issue root@pi:~# fgrep -re modify.system /etc /usr/share /usr/share/polkit-1/rules.d/60-network-manager.rules: if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" && /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy: <action id="org.freedesktop.NetworkManager.settings.modify.system"> The .rules file above only ever returns polkit.Result.YES. So, that can't be my problem. So, I'm stumped :-( STÉPHANE BOUCHER Consultant software D-BOX Technologies Inc. | A. 2172 de la Province, Longueuil, QC J4G 1R7 CANADA | T. 450-442-3003 | D. | W. d-box.com -----Message d'origine----- De : Dan Williams [mailto:[email protected]] Envoyé : March 27, 2017 12:07 PM À : Stéphane Boucher <[email protected]>; [email protected] Objet : Re: NetworkManager general permission issue On Mon, 2017-03-27 at 13:54 +0000, Stéphane Boucher wrote: > I can’t grant modify.system privilege. > > However, I don’t see any pkla file other than mine doing something > with NetworkManager. > > Is there some place other than the pkla files I should look at for > NetworkManager Maybe look in /etc/polkit-1/rules.d and /usr/share/polkit-1/rules.d too? Not all polkit files are .pkla, some are .rules. You could also just grep /etc and /usr/share for "modify\.system" too and see if you get any hits. Dan > I’m on Ubuntu Mate 16.04. > > Thanks. > > $ nmcli g p > PERMISSION VALUE > org.freedesktop.NetworkManager.enable-disable-network yes > org.freedesktop.NetworkManager.enable-disable-wifi yes > org.freedesktop.NetworkManager.enable-disable-wwan yes > org.freedesktop.NetworkManager.enable-disable-wimax yes > org.freedesktop.NetworkManager.sleep-wake yes > org.freedesktop.NetworkManager.network-control yes > org.freedesktop.NetworkManager.wifi.share.protected yes > org.freedesktop.NetworkManager.wifi.share.open yes > org.freedesktop.NetworkManager.settings.modify.system no <<<<<= > ========= > org.freedesktop.NetworkManager.settings.modify.own yes > org.freedesktop.NetworkManager.settings.modify.hostname yes > > > # fgrep -re org.freedesktop.NetworkManager /etc/polkit-1/ > /usr/lib/policykit-1/ > /etc/polkit-1/localauthority/20-org.d/90- > dbox.pkla:Action=org.freedesktop.NetworkManager.* > > # cat /etc/polkit-1/localauthority/20-org.d/90-dbox.pkla > [grant network privileges] > Identity=unix-group:dbox > Action=org.freedesktop.NetworkManager.* > ResultAny=yes > ResultInactive=yes > ResultActive=yes > > STÉPHANE BOUCHER > Consultant software > > D-BOX Technologies Inc. | A. 2172 de la Province, Longueuil, QC J4G > 1R7 CANADA | T. 450-442-3003 | W. d-box.com<http://www.d-box.com> > > > AVIS : Ce courriel contient des renseignements confidentiels. Si vous > n'êtes pas le véritable destinataire, la diffusion ou l'usage de ce > courriel, des renseignements qu'il contient ou des documents qui lui > sont joints pourrait être illégal. Il est donc strictement interdit > de les diffuser ou de les utiliser. Si vous avez reçu ce courriel par > erreur, nous vous saurions gré d’en aviser l'expéditeur immédiatement > et de le supprimer sans le lire, l'imprimer, le sauvegarder ou le > diffuser. Nous vous remercions de votre aimable collaboration. > > NOTICE: This e-mail contains confidential information. If you are not > the intended recipient, any disclosure or other use of this e-mail or > the information contained herein or attached hereto may be unlawful > and is strictly prohibited. If you have received this e-mail in > error, please notify the sender immediately and delete this e-mail > without reading, printing, copying or forwarding it to anyone. Thank > you for your kind cooperation. > _______________________________________________ > networkmanager-list mailing list > [email protected] > https://mail.gnome.org/mailman/listinfo/networkmanager-list _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
