Bug#642136: [Pkg-utopia-maintainers] Bug#642136: Bug#642136: network-manager: Connecting to a wifi network requires org.freedesktop.NM.settings.modify.system privileges
On Tue, 20 Sep 2011 09:38:00 +0200, Michael Biebl wrote: Am 20.09.2011 07:42, schrieb Vincent Bernat: Since NetworkManager 0.9, a simple user is not allowed to connect to some wireless network unless it is granted (through policy kit or appropriate permissions) org.freedesktop.NetworkManager.settings.modify.system. This permission allows to alter existing connections as well. An active user should be authorized to use any wireless network if he wants to by default (like in previous versions). Or it should be possible to configure network manager to allow users to connect to wireless networks without enabling them to modify other system settings. This is of course possible. Was the connection you tried to enable created by another user? What's the name of the user trying to activate the connection? Which GUI frontend (and which version) do you use? Was the connection imported from earlier versions i.e. created by nm-applet 0.9? The connectiondid not exist(it does notappear in nm-connection-editor). I am using nm-applet 0.9.0-2. I have restarted both nm-applet and Network Manager to ensure they are in sync. As connections are now all stored in /etc/NetworkManager/system-connections/ , could you attach the corresponding keyfile (make sure it doesn't contain any confidential data) As the connection does not exist, there is no keyfile for it. Now you have me confused. How can you activate a connection which does not exist? This is a wireless network I never connected to. I choose it from the available wireless network detected by Network Manager. Through polkit helper, Network Manager is asking me for administrative rights just to connect to this new wireless network. I can connect to an unknown wire network without password but I need to grant administrative rights to connect an unknown wireless network. I would like to not be prompted for something like this but the right requested is overly general. If I grant it to the active users, he will be able to tamper with existing connections. In previous version, connecting to an unknown wireless network was granted without passwords to the active user. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642136: [Pkg-utopia-maintainers] Bug#642136: Bug#642136: network-manager: Connecting to a wifi network requires org.freedesktop.NM.settings.modify.system privileges
Am 20.09.2011 07:42, schrieb Vincent Bernat: OoO En cette soirée bien amorcée du lundi 19 septembre 2011, vers 22:48, Michael Biebl bi...@debian.org disait : Since NetworkManager 0.9, a simple user is not allowed to connect to some wireless network unless it is granted (through policy kit or appropriate permissions) org.freedesktop.NetworkManager.settings.modify.system. This permission allows to alter existing connections as well. An active user should be authorized to use any wireless network if he wants to by default (like in previous versions). Or it should be possible to configure network manager to allow users to connect to wireless networks without enabling them to modify other system settings. This is of course possible. Was the connection you tried to enable created by another user? What's the name of the user trying to activate the connection? Which GUI frontend (and which version) do you use? Was the connection imported from earlier versions i.e. created by nm-applet 0.9? The connectiondid not exist(it does notappear in nm-connection-editor). I am using nm-applet 0.9.0-2. I have restarted both nm-applet and Network Manager to ensure they are in sync. As connections are now all stored in /etc/NetworkManager/system-connections/ , could you attach the corresponding keyfile (make sure it doesn't contain any confidential data) As the connection does not exist, there is no keyfile for it. Now you have me confused. How can you activate a connection which does not exist? Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#642136: [Pkg-utopia-maintainers] Bug#642136: Bug#642136: network-manager: Connecting to a wifi network requires org.freedesktop.NM.settings.modify.system privileges
Am 20.09.2011 09:56, schrieb Vincent Bernat: On Tue, 20 Sep 2011 09:38:00 +0200, Michael Biebl wrote: Am 20.09.2011 07:42, schrieb Vincent Bernat: Now you have me confused. How can you activate a connection which does not exist? This is a wireless network I never connected to. I choose it from the available wireless network detected by Network Manager. Through polkit helper, Network Manager is asking me for administrative rights just to connect to this new wireless network. What desktop environment do you use? If GNOME, is /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 running? If not, does it help if you start it manually? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#642136: [Pkg-utopia-maintainers] Bug#642136: Bug#642136: network-manager: Connecting to a wifi network requires org.freedesktop.NM.settings.modify.system privileges
Am 20.09.2011 09:56, schrieb Vincent Bernat: On Tue, 20 Sep 2011 09:38:00 +0200, Michael Biebl wrote: Am 20.09.2011 07:42, schrieb Vincent Bernat: As connections are now all stored in /etc/NetworkManager/system-connections/ , could you attach the corresponding keyfile (make sure it doesn't contain any confidential data) As the connection does not exist, there is no keyfile for it. Now you have me confused. How can you activate a connection which does not exist? This is a wireless network I never connected to. I choose it from the available wireless network detected by Network Manager. Through polkit helper, Network Manager is asking me for administrative rights just to connect to this new wireless network. Ok, I guess it is clearer now what your issue is. With NM 0.9, the user settings service is gone, i.e. connections are no longer stored in the user session but always system wide (using the keyfile in /etc/NetworkManager/system-connections). Wireless connections are shared by default (ie. the setting Available to all users is selected). Writing a system setting and making it available to everyone requires administrative privileges. That's why you get the PolicyKit prompt. If you create a Wireless connection manually via nm-connection-editor: Run nm-connection-editor select tab Wireless Click Add Fill in SSID and Security settings. *Uncheck* Available to all users. Then you shouldn't get a PK prompt, right? Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#642136: [Pkg-utopia-maintainers] Bug#642136: Bug#642136: network-manager: Connecting to a wifi network requires org.freedesktop.NM.settings.modify.system privileges
On Tue, 20 Sep 2011 10:21:06 +0200, Michael Biebl wrote: This is a wireless network I never connected to. I choose it from the available wireless network detected by Network Manager. Through polkit helper, Network Manager is asking me for administrative rights just to connect to this new wireless network. Ok, I guess it is clearer now what your issue is. With NM 0.9, the user settings service is gone, i.e. connections are no longer stored in the user session but always system wide (using the keyfile in /etc/NetworkManager/system-connections). Wireless connections are shared by default (ie. the setting Available to all users is selected). Writing a system setting and making it available to everyone requires administrative privileges. That's why you get the PolicyKit prompt. If you create a Wireless connection manually via nm-connection-editor: Run nm-connection-editor select tab Wireless Click Add Fill in SSID and Security settings. *Uncheck* Available to all users. Then you shouldn't get a PK prompt, right? Yes. I think by default, a user should not be prompted for administrative rights to connect to a wireless network. This could be done with a policy stating that org.freedesktop.NetworkManager.settings.modify.system is granted to active users (but I think this is far too wide). Or this could be done by not sharing wireless connections by default (in this case, I suppose that org.freedesktop.NetworkManager.settings.modify.own will be used and by default, active users are granted this permission). Maybe I could retitle this bug to Add a settings to allow unprivilegied user to connect to unknown wireless network without administrative rights and set severity to wishlist. Would it be clearer? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org