Sounds good, ive now reported the bug here: https://bugzilla.redhat.com/show_bug.cgi?id=1176042
Thank you for your help Dan. On Thu, Dec 18, 2014 at 5:32 PM, Dan Williams <d...@redhat.com> wrote: > On Thu, 2014-12-18 at 11:44 +0100, Peter Magnusson wrote: >> Hi Dan, >> >> Thank you for the reply! This sounds like a good solution to me, >> unfortunately we are indeed using Gnome Shell UI so that would cause a >> problem. >> >> So what you are saying is that right now there is no way to achieve >> this while using gnome shell ? > > There might be something we can do in NM itself though, given the way > the shell and most other clients create new connections. But either > way, best thing to do would be to file a bug at > http://bugzilla.redhat.com against RHEL7 and assign to the > NetworkManager component so it doesn't get lost. Does that sound OK? > > Thanks! > Dan > >> >> On Wed, Dec 17, 2014 at 4:53 PM, Dan Williams <d...@redhat.com> wrote: >> > On Thu, 2014-11-27 at 11:59 +0100, Peter Magnusson wrote: >> >> Im having some problems with permissions on NetworkManager. We are in >> >> the process of migrating our clients from RHEL 6.6 to RHEL 7. >> >> The clients connect to our wireless network using eap-tls, we provide >> >> the configuration,certificate and keys for this from our central >> >> configurationserver so that the connection is transparent to the user. >> >> >> >> In RHEL6.6 the password for the privatekey(pkcs12 used for >> >> authentication) was not visible to the users only to administrators. >> >> This was achieved by setting the connection as "system wide" in which >> >> case the configfile was stored under /etc/sysconfig/network-scripts >> >> and only accessible by root. >> >> >> >> In RHEL7 and NM version 0.9.9.1-28.git20140326.4dba720.el7_0.2 (lbuild >> >> from git) we can still limit the permissions to NM config using polkit >> >> but when doing this we also limit the possiblity for the user to add >> >> new wifi-networks. >> >> >> >> So what i would like to achieve is to limit access to existing >> >> connections (or connections not added by user) but i still want the >> >> users to be able to add new wificonnections. Is this possible ? >> > >> > I looked into this yesterday, and I think the way forward here is to >> > restrict the user's permissions for "modify.system", but allow them >> > permissions for "modify.own" (own == self, not possession). This will >> > prevent the user from being able to change any connection that is >> > in /etc and does not have specific permissions. But it allows the user >> > to create new connections that are restricted to that user only. >> > >> > There's one catch though; if you're using the GNOME Shell UI on RHEL 7.0 >> > it doesn't set the necessary flags to create these user-specific >> > connections when the modify.system permission is denied. We can work on >> > fixing that though. >> > >> > Do you think this solution would work for you? >> > >> > Dan >> > > > _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
