Am 27.05.2014 20:58 schrieb "Bruce Dubbs" <[email protected]>:
>
> I've been exploring NetworkManager and the nm-applet. It took me a while
to get it working the way I think it should, but I think we may want to
discuss permissions in the book a little more.
>
> Running the nmcli is really not an issue because you can always use sudo.
However, without some configuration for ConsoleKit, setting up a network
from a non-root graphical screen is a bit more difficult.
>
> Right now, we recommend ConsoleKit with NetworkManager but don't add any
configuration for it. What I found (from
https://wiki.archlinux.org/index.php/NetworkManager) is needed is (as root):
>
> cat > /etc/polkit-1/rules.d/51-org.freedesktop.NetworkManager.rules <<
"EOF"
> polkit.addRule( function(action, subject)
> {
> if ( action.id.indexOf("org.freedesktop.NetworkManager.") == 0 &&
> subject.isInGroup("wheel") )
> {
> return polkit.Result.YES;
> }
> });
> EOF
>
> The use of a 'wheel' group is not discussed anywhere in BLFS, but perhaps
we should create one (groupadd -g 500 wheel).
>
> Of course the group name is arbitrary here, but the wheel group is also
embedded in the unmodified
/etc/{sudoers,login.access,polkit-1/rules.d/50-default.rules,/security/access.conf}
files.
>
Well since I typically install Sudo for my package manager I usually have
the wheel group on my builds. I know we do not deal with the wheel group in
b(lfs) but I think it could be okay if we mentioned it in the intro to the
package that benefits from it (Sudo and co) probably adding the appropriate
group in the build instructions. We may use getent to check and add the
group.
Regards
Mnoma
> This discussion could go in several places: About System Users and
Groups, NetworkManager, and network-manager-applet are candidates.
>
> So there are two issues here: the nm polkit rule and the more general
wheel group discussion.
>
> Does anyone have thoughts about this?
>
> -- Bruce
> --
> http://lists.linuxfromscratch.org/listinfo/blfs-dev
> FAQ: http://www.linuxfromscratch.org/blfs/faq.html
> Unsubscribe: See the above information page
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
