Bug#891599: gdm3: Greeter doesn't allow control of network-manager connections even when member of netdev group

Simon McVittie smcv at debian.org
Fri Mar 23 10:06:06 UTC 2018


On Thu, 22 Mar 2018 at 21:12:16 -0400, Matthew Gabeler-Lee wrote:
> This actually looks like it might be a bug in gnome-shell, and still present
> in 3.28.  This silly-looking(?) bit of logic is present there in
> js/ui/status/network.js:
> 
>     _sessionUpdated() {
>         let sensitive = !Main.sessionMode.isLocked && !Main.sessionMode.isGreeter;
>         this.menu.setSensitive(sensitive);
>     },
> 
> I.e. it looks like it's hard coding things to not allow interaction from the
> greeter, no matter what permissions you might or might not have set.

I'm fairly sure this is deliberate, and I don't think it's an unreasonable
design choice (perhaps not the one you would have chosen, but reasonable).
The greeter is intended to be a restricted interface that does not have
the same capabilities as a logged-in user: to get full control, users
should authenticate themselves (log in). The same is true for the lock
screen within a session, which is why the code you quoted also tests
isLocked: it would be unexpected for someone finding a machine with a
locked GNOME session, logged in as a user with netdev privileges, to be
able to reconfigure the network without first unlocking the session!

The greeter and the lock screen run as different users, but their design
and functionality is very similar: they both manage the transition from
an unauthenticated user to a user of an active session. The only reason
the greeter needs to run as a different user is that until you have
chosen a user at the greeter, GNOME cannot know which user it is going
to be authenticating.

Other display managers don't let you perform unauthenticated privileged
actions from their greeter-equivalent either, and that isn't generally
considered to be a bug.

If you need to be connected to a VPN to be able to authenticate logins,
configuring it to be saved as a system-wide connection that can be
connected non-interactively might help. (I would not recommend this
configuration, because inability to log in without first connecting to
a VPN seems extremely fragile, but it's your system.)

    smcv



More information about the pkg-gnome-maintainers mailing list