[Pkg-utopia-maintainers] Bug#642136: network-manager: Connecting to a wifi network requires system privileges
biebl at debian.org
Tue Dec 18 17:08:26 UTC 2012
tags 642136 + patch
clone 642136 -1
reassign -1 gnome-shell
severity -1 important
clone 642136 -2
reassign -2 network-manager-gnome
severity -2 important
tags -2 + patch
clone 642136 -3
reassign -3 gnome-control-center
severity -3 important
On 09.12.2012 03:16, Florian Schlichting wrote:
> Unfortunately, things are a little more complicated, as Michael was so
> kind to explain to me on IRC. I'm trying to sum up our conversation:
> GENERAL PROBLEMS
> - when changing the default for new connections in one client
> (nm-applet), other clients should be changed accordingly. This means
> at least gnome-shell (KDE may use different defaults anyway)
> - in addition to wifi connections, also VPN and mobile broadband
> connections should be user-administrateable
> - a system-wide connection has advantages, and upstream changed the
> default for a reason / in response to user feedback. E.g. it is not
> unreasonable to expect to be able to ssh into a running laptop, even
> when there's nobody logged in.
> OPTIONS FOR A SOLUTION OF #642136
> - do not change the default for new connections (system-wide), but add a
> polkit rule allowing members of the netdev and sudo groups to modify
> those connections. Group sudo can do everything anyway, and netdev is
> specifically meant for that. In addition, the user created during
> installation is automatically added to the netdev group, so that this
> would solve the "annoying password prompt" issue for the
> single-user-laptop case. The polkit rule would look like this:
> [Adding or changing system-wide NetworkManager connections]
Yeah, for simpler use-cases, especially the single-user-laptop case,
this .pkla file is sufficient and should solve the problem for most users.
This bug, #642136, will deal with that problem.
> - this leaves open multi-user machines, where ordinary users should be
> able to e.g. add their home wifi, without being given the additional
> privileges that come with group membership (e.g., seeing the other
> guy's home wifi password). Think managed laptop repeatedly borrowed to
> students. Here, the system administrator could install a
> gsettings-override (provided in examples) that would make user-private
> connections the default. The gsetting would have to be added, as well
> as code to check it and switch to user-private when configured.
> - personally, I'd prefer if things would "just work", that is: a
> user-private connection is created automatically if the user is not
> entitled to create a system-wide one, without the need to find out
> about a gsetting and install the override. Unfortunately, it is
> unclear if there is a way to query polkit whether the user would need
> to be asked for a password in order to execute an action with the
> NetworkManager.settings.modify.system privilege, without actually
> doing so.
Joss found a way to do just that, i.e. query polkit and automatically
fall back to user settings if
org.freedesktop.NetworkManager.settings.modify.system would require an
admin password prompt. I think this is the ideal solution, so I'd like
to go with that, especially since Joss already has prepared a patch for
nm-applet . Thanks a lot Joss!
Other NM clients which need to be updated accordingly are gnome-shell
and gnome-control-center, which both allow to setup NM connections. So
I'm cloning and re-assigning this bug accordingly.
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 900 bytes
Desc: OpenPGP digital signature
More information about the pkg-gnome-maintainers