I've been exploring NetworkManager and the nm-applet. It took me a
while to get it working the way I think it should, but I think we may
want to discuss permissions in the book a little more.
Running the nmcli is really not an issue because you can always use
sudo. However, without some configuration for ConsoleKit, setting up a
network from a non-root graphical screen is a bit more difficult.
Right now, we recommend ConsoleKit with NetworkManager but don't add any
configuration for it. What I found (from
https://wiki.archlinux.org/index.php/NetworkManager) is needed is (as root):
cat > /etc/polkit-1/rules.d/51-org.freedesktop.NetworkManager.rules << "EOF"
polkit.addRule( function(action, subject)
{
if ( action.id.indexOf("org.freedesktop.NetworkManager.") == 0 &&
subject.isInGroup("wheel") )
{
return polkit.Result.YES;
}
});
EOF
The use of a 'wheel' group is not discussed anywhere in BLFS, but
perhaps we should create one (groupadd -g 500 wheel).
Of course the group name is arbitrary here, but the wheel group is also
embedded in the unmodified
/etc/{sudoers,login.access,polkit-1/rules.d/50-default.rules,/security/access.conf}
files.
This discussion could go in several places: About System Users and
Groups, NetworkManager, and network-manager-applet are candidates.
So there are two issues here: the nm polkit rule and the more general
wheel group discussion.
Does anyone have thoughts about this?
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
