Re: Aw: Re: Re: Only root can utilize nm-applet and nmcli as part of NetworkManager - how can other users use it w/o root?
On Sat, 2015-01-10 at 14:12 +0100, Thomas Schneider wrote: Hi! I checked if this could be related to pklocalauthority that is documented here (http://www.freedesktop.org/software/polkit/docs/0.105/pklocalauthority.8.html) Checking the relevant config file for NetworkManager looks good to me. But it's not clear why manfred cannot utilize NetworkManager as he belongs to group netdev. user@pc1-asus:~$ sudo cat /var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.NetworkManager.pkla [Adding or changing system-wide NetworkManager connections] Identity=unix-group:netdev;unix-group:sudo Action=org.freedesktop.NetworkManager.settings.modify.system ResultAny=no ResultInactive=no ResultActive=yes user@pc1-asus:~$ id manfred uid=1005(manfred) gid=1005(manfred) Gruppen=1005(manfred),117(netdev),1013(verwandte),126(tbb),127(openvpn),128(fcron) Try this: pkaction -v -a org.freedesktop.NetworkManager.settings.modify.system What do you get when running this as the user 'manfred'? Also when you do this, please grab the results of 'loginctl show-session X' where X is the session for 'manfred'. I know you sent the mail to me private with this output, but I want to make sure that loginctl and pkaction output is from the same run. Thanks! Dan Should I now go with the new compilation of NetworkManager using --with-session-tracking=[ck|systemd]? Is there a way to identify which options have been used with the packaged shipped by the distribution? THX Gesendet: Freitag, 09. Januar 2015 um 23:13 Uhr Von: Dan Williams d...@redhat.com An: Thomas Schneider c.mo...@web.de Cc: poma pomidorabelis...@gmail.com, networkmanager-list@gnome.org Betreff: Re: Aw: Re: Only root can utilize nm-applet and nmcli as part of NetworkManager - how can other users use it w/o root? On Fri, 2015-01-09 at 20:49 +0100, Thomas Schneider wrote: Hi, here's an update on your questions Let's start with the version of nmcli: user@pc1-asus:~$ nmcli -v nmcli-Werkzeug, Version 0.9.10.0 Now permissions: user@pc1-asus:~$ nmcli general permissions BEFUGNIS WERT org.freedesktop.NetworkManager.enable-disable-network nein Ok, this indicates that PolicyKit is denying the permissions to these users. The most likely reason is that NM has been built with --with-session-tracking=[ck|systemd] and something is not properly setting up the login sessions with ConsoleKit or systemd. PolicyKit has a concept of active (eg, using the computer right now) and inactive (idle or non-human users) sessions. NetworkManager uses these for fast-user-switching and some permissions control. It's likely that all users on your machine are considered inactive according to PolicyKit and thus being denied. What do you get for the following commands? ck-list-sessions loginctl loginctl show-session X (repeat for all sessions from 'loginctl') if you're using ConsoleKit, your session manager needs to tell ConsoleKit that it's starting a new session. I'm not quite sure how that happens with systemd, but it does somehow. Alternatively, if you don't care about user permissions and want to allow any user to control networking you can build NM with --with-session-tracking=none and --with-polkit=no to disable this functionality. Dan org.freedesktop.NetworkManager.enable-disable-wifi nein org.freedesktop.NetworkManager.enable-disable-wwan nein org.freedesktop.NetworkManager.enable-disable-wimax nein org.freedesktop.NetworkManager.sleep-wake nein org.freedesktop.NetworkManager.network-control nein org.freedesktop.NetworkManager.wifi.share.protected nein org.freedesktop.NetworkManager.wifi.share.open nein org.freedesktop.NetworkManager.settings.modify.system nein org.freedesktop.NetworkManager.settings.modify.own Legitimierung org.freedesktop.NetworkManager.settings.modify.hostname Legitimierung Output when running nm-applet w/o root permission: user@pc1-asus:~$ nm-applet (nm-applet:1167): libnm-glib-CRITICAL **: nm_secret_agent_register: assertion 'priv-registered == FALSE' failed (nm-applet:1167): nm-applet-WARNING **: VPN Connection activation failed: (org.freedesktop.NetworkManager.PermissionDenied) Not authorized to control networking. Error message in /var/log/syslog: Jan 9 20:41:34 pc1-asus NetworkManager[5393]: warn Failed to activate 'Netzwerk-Thomas-VPN': Not authorized to control networking. The current config file for the required VPN connection is: user@pc1-asus:~$ sudo cat /etc/NetworkManager/system-connections/VPN [connection] id=VPN uuid=a6ae2fac-4776-4f74-962c-a63113xx type=vpn permissions=user:user:; autoconnect=false [vpn] service-type=org.freedesktop.NetworkManager.openvpn connection-type=tls auth=SHA256 remote=mydyndns cipher=AES-256-CBC comp-lzo=yes tunnel-mtu=1500 cert-pass-flags=1 cert=/etc/openvpn/config/server.crt ca=/etc/openvpn/config/server.pem
Aw: Re: Re: Only root can utilize nm-applet and nmcli as part of NetworkManager - how can other users use it w/o root?
Hi! I checked if this could be related to pklocalauthority that is documented here (http://www.freedesktop.org/software/polkit/docs/0.105/pklocalauthority.8.html) Checking the relevant config file for NetworkManager looks good to me. But its not clear why manfred cannot utilize NetworkManager as he belongs to group netdev. user@pc1-asus:~ sudo cat /var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.NetworkManager.pkla [Adding or changing system-wide NetworkManager connections] Identity=unix-group:netdev;unix-group:sudo Action=""> ResultAny=no ResultInactive=no ResultActive=yes user@pc1-asus:~ id manfred uid=1005(manfred) gid=1005(manfred) Gruppen=1005(manfred),117(netdev),1013(verwandte),126(tbb),127(openvpn),128(fcron) Should I now go with the new compilation of NetworkManager using --with-session-tracking=[cksystemd]? Is there a way to identify which options have been used with the packaged shipped by the distribution? THX Gesendet:Freitag, 09. Januar 2015 um 23:13 Uhr Von:Dan Williams d...@redhat.com An:Thomas Schneider c.mo...@web.de Cc:poma pomidorabelis...@gmail.com, networkmanager-list@gnome.org Betreff:Re: Aw: Re: Only root can utilize nm-applet and nmcli as part of NetworkManager - how can other users use it w/o root? On Fri, 2015-01-09 at 20:49 +0100, Thomas Schneider wrote: Hi, heres an update on your questions Lets start with the version of nmcli: user@pc1-asus:~ nmcli -v nmcli-Werkzeug, Version 0.9.10.0 Now permissions: user@pc1-asus:~ nmcli general permissions BEFUGNIS WERT org.freedesktop.NetworkManager.enable-disable-network nein Ok, this indicates that PolicyKit is denying the permissions to these users. The most likely reason is that NM has been built with --with-session-tracking=[cksystemd] and something is not properly setting up the login sessions with ConsoleKit or systemd. PolicyKit has a concept of active (eg, using the computer right now) and inactive (idle or non-human users) sessions. NetworkManager uses these for fast-user-switching and some permissions control. Its likely that all users on your machine are considered inactive according to PolicyKit and thus being denied. What do you get for the following commands? ck-list-sessions loginctl loginctl show-session X (repeat for all sessions from loginctl) if youre using ConsoleKit, your session manager needs to tell ConsoleKit that its starting a new session. Im not quite sure how that happens with systemd, but it does somehow. Alternatively, if you dont care about user permissions and want to allow any user to control networking you can build NM with --with-session-tracking=none and --with-polkit=no to disable this functionality. Dan org.freedesktop.NetworkManager.enable-disable-wifi nein org.freedesktop.NetworkManager.enable-disable-wwan nein org.freedesktop.NetworkManager.enable-disable-wimax nein org.freedesktop.NetworkManager.sleep-wake nein org.freedesktop.NetworkManager.network-control nein org.freedesktop.NetworkManager.wifi.share.protected nein org.freedesktop.NetworkManager.wifi.share.open nein org.freedesktop.NetworkManager.settings.modify.system nein org.freedesktop.NetworkManager.settings.modify.own Legitimierung org.freedesktop.NetworkManager.settings.modify.hostname Legitimierung Output when running nm-applet w/o root permission: user@pc1-asus:~ nm-applet (nm-applet:1167): libnm-glib-CRITICAL **: nm_secret_agent_register: assertion priv-registered == FALSE failed (nm-applet:1167): nm-applet-WARNING **: VPN Connection activation failed: (org.freedesktop.NetworkManager.PermissionDenied) Not authorized to control networking. Error message in /var/log/syslog: Jan 9 20:41:34 pc1-asus NetworkManager[5393]: warn Failed to activate Netzwerk-Thomas-VPN: Not authorized to control networking. The current config file for the required VPN connection is: user@pc1-asus:~ sudo cat /etc/NetworkManager/system-connections/VPN [connection] id=VPN uuid=a6ae2fac-4776-4f74-962c-a63113xx type=vpn permissions=user:user:; autoconnect=false [vpn] service-type=org.freedesktop.NetworkManager.openvpn connection-type=tls auth=SHA256 remote=mydyndns cipher=AES-256-CBC comp-lzo=yes tunnel-mtu=1500 cert-pass-flags=1 cert=/etc/openvpn/config/server.crt ca=/etc/openvpn/config/server.pem key=/etc/openvpn/config/server.key ta=/etc/openvpn/config/ta.key [ipv6] method=auto ip6-privacy=0 [ipv4] method=auto This config file works perfectly when calling sudo nmcli. I have identified that any user without root permission can utilize NetworkManager and ncmli respectively. In other words, the user needs to be member and run any command with sudo. This is also true for using any device connected via USB, e.g. scanner or USB memory stick. THX Gesendet: Donnerstag, 08. Januar 2015 um 17:39 Uhr Von: Dan Williams d...@redhat.com An: poma pomidorabelis...@gmail.com Cc: Thomas Schneider c.mo...@web.de, networkmanager-list@gnome.org
Aw: Re: Only root can utilize nm-applet and nmcli as part of NetworkManager - how can other users use it w/o root?
Hi, heres an update on your questions Lets start with the version of nmcli: user@pc1-asus:~ nmcli -v nmcli-Werkzeug, Version 0.9.10.0 Now permissions: user@pc1-asus:~ nmcli general permissions BEFUGNIS WERT org.freedesktop.NetworkManager.enable-disable-network nein org.freedesktop.NetworkManager.enable-disable-wifi nein org.freedesktop.NetworkManager.enable-disable-wwan nein org.freedesktop.NetworkManager.enable-disable-wimax nein org.freedesktop.NetworkManager.sleep-wake nein org.freedesktop.NetworkManager.network-control nein org.freedesktop.NetworkManager.wifi.share.protected nein org.freedesktop.NetworkManager.wifi.share.open nein org.freedesktop.NetworkManager.settings.modify.system nein org.freedesktop.NetworkManager.settings.modify.own Legitimierung org.freedesktop.NetworkManager.settings.modify.hostname Legitimierung Output when running nm-applet w/o root permission: user@pc1-asus:~ nm-applet (nm-applet:1167): libnm-glib-CRITICAL **: nm_secret_agent_register: assertion priv-registered == FALSE failed (nm-applet:1167): nm-applet-WARNING **: VPN Connection activation failed: (org.freedesktop.NetworkManager.PermissionDenied) Not authorized to control networking. Error message in /var/log/syslog: Jan 9 20:41:34 pc1-asus NetworkManager[5393]: warn Failed to activate Netzwerk-Thomas-VPN: Not authorized to control networking. The current config file for the required VPN connection is: user@pc1-asus:~ sudo cat /etc/NetworkManager/system-connections/VPN [connection] id=VPN uuid=a6ae2fac-4776-4f74-962c-a63113xx type=vpn permissions=user:user:; autoconnect=false [vpn] service-type=org.freedesktop.NetworkManager.openvpn connection-type=tls auth=SHA256 remote=mydyndns cipher=AES-256-CBC comp-lzo=yes tunnel-mtu=1500 cert-pass-flags=1 cert=/etc/openvpn/config/server.crt ca=/etc/openvpn/config/server.pem key=/etc/openvpn/config/server.key ta=/etc/openvpn/config/ta.key [ipv6] method=auto ip6-privacy=0 [ipv4] method=auto This config file works perfectly when calling sudo nmcli. I have identified that any user without root permission can utilize NetworkManager and ncmli respectively. In other words, the user needs to be member and run any command with sudo. This is also true for using any device connected via USB, e.g. scanner or USB memory stick. THX Gesendet:Donnerstag, 08. Januar 2015 um 17:39 Uhr Von:Dan Williams d...@redhat.com An:poma pomidorabelis...@gmail.com Cc:Thomas Schneider c.mo...@web.de, networkmanager-list@gnome.org Betreff:Re: Only root can utilize nm-applet and nmcli as part of NetworkManager - how can other users use it w/o root? On Wed, 2015-01-07 at 23:42 +0100, poma wrote: On 07.01.2015 18:29, Dan Williams wrote: On Mon, 2015-01-05 at 19:14 +0100, Thomas Schneider wrote: Hello! I have installed latest version of NetworkManager and nmcli respectively + OpenVPN plugin or NetworkManager. user@pc1-asus:~ apt-cache policy network-manager network-manager: Installiert: 0.9.10.0-5 Installationskandidat: 0.9.10.0-5 Versionstabelle: *** 0.9.10.0-5 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status user@pc1-asus:~ apt-cache policy network-manager-gnome network-manager-gnome: Installiert: 0.9.10.0-2 Installationskandidat: 0.9.10.0-2 Versionstabelle: *** 0.9.10.0-2 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status user@pc1-asus:~ apt-cache policy network-manager-openvpn network-manager-openvpn: Installiert: 0.9.10.0-1 Installationskandidat: 0.9.10.0-1 Versionstabelle: *** 0.9.10.0-1 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status user@pc1-asus:~ apt-cache policy network-manager-openvpn-gnome network-manager-openvpn-gnome: Installiert: 0.9.10.0-1 Installationskandidat: 0.9.10.0-1 Versionstabelle: *** 0.9.10.0-1 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status All maintained connections are working. This includes OpenVPN connection type, too. However, in order to use either nm-applet or command-line client nmcli, I need to be root. The issue Im facing is that with older release I could use either nm-applet or nmcli without root authorization. This becomes a critical issue in a multi-user desktop PC where most user neither have root authorization nor can utilize sudo. Question: How can I ensure that both, nm-applet and nmcli, can be used without root authorization? Its certainly intended that they can all be used without root. When you try to run nmcli as a normal user, what error do you get? What is the output of nmcli gen perm as a normal user? nmcli -v nmcli tool, version 0.9.10.0-14.git20140704.fc21 nmcli general permissions PERMISSION VALUE org.freedesktop.NetworkManager.enable-disable-network yes org.freedesktop.NetworkManager.enable-disable-wifi yes
Re: Aw: Re: Only root can utilize nm-applet and nmcli as part of NetworkManager - how can other users use it w/o root?
On Fri, 2015-01-09 at 20:49 +0100, Thomas Schneider wrote: Hi, here's an update on your questions Let's start with the version of nmcli: user@pc1-asus:~$ nmcli -v nmcli-Werkzeug, Version 0.9.10.0 Now permissions: user@pc1-asus:~$ nmcli general permissions BEFUGNIS WERT org.freedesktop.NetworkManager.enable-disable-networknein Ok, this indicates that PolicyKit is denying the permissions to these users. The most likely reason is that NM has been built with --with-session-tracking=[ck|systemd] and something is not properly setting up the login sessions with ConsoleKit or systemd. PolicyKit has a concept of active (eg, using the computer right now) and inactive (idle or non-human users) sessions. NetworkManager uses these for fast-user-switching and some permissions control. It's likely that all users on your machine are considered inactive according to PolicyKit and thus being denied. What do you get for the following commands? ck-list-sessions loginctl loginctl show-session X (repeat for all sessions from 'loginctl') if you're using ConsoleKit, your session manager needs to tell ConsoleKit that it's starting a new session. I'm not quite sure how that happens with systemd, but it does somehow. Alternatively, if you don't care about user permissions and want to allow any user to control networking you can build NM with --with-session-tracking=none and --with-polkit=no to disable this functionality. Dan org.freedesktop.NetworkManager.enable-disable-wifi nein org.freedesktop.NetworkManager.enable-disable-wwan nein org.freedesktop.NetworkManager.enable-disable-wimax nein org.freedesktop.NetworkManager.sleep-wakenein org.freedesktop.NetworkManager.network-control nein org.freedesktop.NetworkManager.wifi.share.protected nein org.freedesktop.NetworkManager.wifi.share.open nein org.freedesktop.NetworkManager.settings.modify.systemnein org.freedesktop.NetworkManager.settings.modify.own Legitimierung org.freedesktop.NetworkManager.settings.modify.hostname Legitimierung Output when running nm-applet w/o root permission: user@pc1-asus:~$ nm-applet (nm-applet:1167): libnm-glib-CRITICAL **: nm_secret_agent_register: assertion 'priv-registered == FALSE' failed (nm-applet:1167): nm-applet-WARNING **: VPN Connection activation failed: (org.freedesktop.NetworkManager.PermissionDenied) Not authorized to control networking. Error message in /var/log/syslog: Jan 9 20:41:34 pc1-asus NetworkManager[5393]: warn Failed to activate 'Netzwerk-Thomas-VPN': Not authorized to control networking. The current config file for the required VPN connection is: user@pc1-asus:~$ sudo cat /etc/NetworkManager/system-connections/VPN [connection] id=VPN uuid=a6ae2fac-4776-4f74-962c-a63113xx type=vpn permissions=user:user:; autoconnect=false [vpn] service-type=org.freedesktop.NetworkManager.openvpn connection-type=tls auth=SHA256 remote=mydyndns cipher=AES-256-CBC comp-lzo=yes tunnel-mtu=1500 cert-pass-flags=1 cert=/etc/openvpn/config/server.crt ca=/etc/openvpn/config/server.pem key=/etc/openvpn/config/server.key ta=/etc/openvpn/config/ta.key [ipv6] method=auto ip6-privacy=0 [ipv4] method=auto This config file works perfectly when calling sudo nmcli. I have identified that any user without root permission can utilize NetworkManager and ncmli respectively. In other words, the user needs to be member and run any command with sudo. This is also true for using any device connected via USB, e.g. scanner or USB memory stick. THX Gesendet: Donnerstag, 08. Januar 2015 um 17:39 Uhr Von: Dan Williams d...@redhat.com An: poma pomidorabelis...@gmail.com Cc: Thomas Schneider c.mo...@web.de, networkmanager-list@gnome.org Betreff: Re: Only root can utilize nm-applet and nmcli as part of NetworkManager - how can other users use it w/o root? On Wed, 2015-01-07 at 23:42 +0100, poma wrote: On 07.01.2015 18:29, Dan Williams wrote: On Mon, 2015-01-05 at 19:14 +0100, Thomas Schneider wrote: Hello! I have installed latest version of NetworkManager and nmcli respectively + OpenVPN plugin or NetworkManager. user@pc1-asus:~$ apt-cache policy network-manager network-manager: Installiert: 0.9.10.0-5 Installationskandidat: 0.9.10.0-5 Versionstabelle: *** 0.9.10.0-5 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status user@pc1-asus:~$ apt-cache policy network-manager-gnome network-manager-gnome: Installiert: 0.9.10.0-2 Installationskandidat: 0.9.10.0-2 Versionstabelle: *** 0.9.10.0-2 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status user@pc1-asus:~$ apt-cache policy network-manager-openvpn network-manager-openvpn: Installiert: 0.9.10.0-1 Installationskandidat:
Re: Only root can utilize nm-applet and nmcli as part of NetworkManager - how can other users use it w/o root?
On Wed, 2015-01-07 at 23:42 +0100, poma wrote: On 07.01.2015 18:29, Dan Williams wrote: On Mon, 2015-01-05 at 19:14 +0100, Thomas Schneider wrote: Hello! I have installed latest version of NetworkManager and nmcli respectively + OpenVPN plugin or NetworkManager. user@pc1-asus:~$ apt-cache policy network-manager network-manager: Installiert: 0.9.10.0-5 Installationskandidat: 0.9.10.0-5 Versionstabelle: *** 0.9.10.0-5 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status user@pc1-asus:~$ apt-cache policy network-manager-gnome network-manager-gnome: Installiert: 0.9.10.0-2 Installationskandidat: 0.9.10.0-2 Versionstabelle: *** 0.9.10.0-2 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status user@pc1-asus:~$ apt-cache policy network-manager-openvpn network-manager-openvpn: Installiert: 0.9.10.0-1 Installationskandidat: 0.9.10.0-1 Versionstabelle: *** 0.9.10.0-1 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status user@pc1-asus:~$ apt-cache policy network-manager-openvpn-gnome network-manager-openvpn-gnome: Installiert: 0.9.10.0-1 Installationskandidat: 0.9.10.0-1 Versionstabelle: *** 0.9.10.0-1 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status All maintained connections are working. This includes OpenVPN connection type, too. However, in order to use either nm-applet or command-line client nmcli, I need to be root. The issue I'm facing is that with older release I could use either nm-applet or nmcli without root authorization. This becomes a critical issue in a multi-user desktop PC where most user neither have root authorization nor can utilize sudo. Question: How can I ensure that both, nm-applet and nmcli, can be used without root authorization? It's certainly intended that they can all be used without root. When you try to run 'nmcli' as a normal user, what error do you get? What is the output of nmcli gen perm as a normal user? $ nmcli -v nmcli tool, version 0.9.10.0-14.git20140704.fc21 $ nmcli general permissions PERMISSION VALUE org.freedesktop.NetworkManager.enable-disable-networkyes org.freedesktop.NetworkManager.enable-disable-wifi yes org.freedesktop.NetworkManager.enable-disable-wwan yes org.freedesktop.NetworkManager.enable-disable-wimax yes org.freedesktop.NetworkManager.sleep-wakeno org.freedesktop.NetworkManager.network-control yes org.freedesktop.NetworkManager.wifi.share.protected yes org.freedesktop.NetworkManager.wifi.share.open yes org.freedesktop.NetworkManager.settings.modify.systemyes org.freedesktop.NetworkManager.settings.modify.own yes org.freedesktop.NetworkManager.settings.modify.hostname auth Is this expected output? Yes, that is expected output for permissive installs. What manages the sleep state? The sleep-wake permission is actually unused. It was previously used for the private Sleep() dbus method, the only user of which was pm-utils scripts. Unfortunately the pm-utils scripts didn't wait for a dbus reply, which meant NM couldn't determine the UID of the caller, which meant polkit permission couldn't be used. So instead, the Sleep() method is locked to root and the permission isn't used. When upower or systemd are active, NetworkManager listens internally for suspend/resume signals from those services instead of using permissions or a D-Bus method. Dan ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Only root can utilize nm-applet and nmcli as part of NetworkManager - how can other users use it w/o root?
On 07.01.2015 18:29, Dan Williams wrote: On Mon, 2015-01-05 at 19:14 +0100, Thomas Schneider wrote: Hello! I have installed latest version of NetworkManager and nmcli respectively + OpenVPN plugin or NetworkManager. user@pc1-asus:~$ apt-cache policy network-manager network-manager: Installiert: 0.9.10.0-5 Installationskandidat: 0.9.10.0-5 Versionstabelle: *** 0.9.10.0-5 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status user@pc1-asus:~$ apt-cache policy network-manager-gnome network-manager-gnome: Installiert: 0.9.10.0-2 Installationskandidat: 0.9.10.0-2 Versionstabelle: *** 0.9.10.0-2 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status user@pc1-asus:~$ apt-cache policy network-manager-openvpn network-manager-openvpn: Installiert: 0.9.10.0-1 Installationskandidat: 0.9.10.0-1 Versionstabelle: *** 0.9.10.0-1 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status user@pc1-asus:~$ apt-cache policy network-manager-openvpn-gnome network-manager-openvpn-gnome: Installiert: 0.9.10.0-1 Installationskandidat: 0.9.10.0-1 Versionstabelle: *** 0.9.10.0-1 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status All maintained connections are working. This includes OpenVPN connection type, too. However, in order to use either nm-applet or command-line client nmcli, I need to be root. The issue I'm facing is that with older release I could use either nm-applet or nmcli without root authorization. This becomes a critical issue in a multi-user desktop PC where most user neither have root authorization nor can utilize sudo. Question: How can I ensure that both, nm-applet and nmcli, can be used without root authorization? It's certainly intended that they can all be used without root. When you try to run 'nmcli' as a normal user, what error do you get? What is the output of nmcli gen perm as a normal user? $ nmcli -v nmcli tool, version 0.9.10.0-14.git20140704.fc21 $ nmcli general permissions PERMISSION VALUE org.freedesktop.NetworkManager.enable-disable-networkyes org.freedesktop.NetworkManager.enable-disable-wifi yes org.freedesktop.NetworkManager.enable-disable-wwan yes org.freedesktop.NetworkManager.enable-disable-wimax yes org.freedesktop.NetworkManager.sleep-wakeno org.freedesktop.NetworkManager.network-control yes org.freedesktop.NetworkManager.wifi.share.protected yes org.freedesktop.NetworkManager.wifi.share.open yes org.freedesktop.NetworkManager.settings.modify.systemyes org.freedesktop.NetworkManager.settings.modify.own yes org.freedesktop.NetworkManager.settings.modify.hostname auth Is this expected output? What manages the sleep state? ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Only root can utilize nm-applet and nmcli as part of NetworkManager - how can other users use it w/o root?
On Mon, 2015-01-05 at 19:14 +0100, Thomas Schneider wrote: Hello! I have installed latest version of NetworkManager and nmcli respectively + OpenVPN plugin or NetworkManager. user@pc1-asus:~$ apt-cache policy network-manager network-manager: Installiert: 0.9.10.0-5 Installationskandidat: 0.9.10.0-5 Versionstabelle: *** 0.9.10.0-5 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status user@pc1-asus:~$ apt-cache policy network-manager-gnome network-manager-gnome: Installiert: 0.9.10.0-2 Installationskandidat: 0.9.10.0-2 Versionstabelle: *** 0.9.10.0-2 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status user@pc1-asus:~$ apt-cache policy network-manager-openvpn network-manager-openvpn: Installiert: 0.9.10.0-1 Installationskandidat: 0.9.10.0-1 Versionstabelle: *** 0.9.10.0-1 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status user@pc1-asus:~$ apt-cache policy network-manager-openvpn-gnome network-manager-openvpn-gnome: Installiert: 0.9.10.0-1 Installationskandidat: 0.9.10.0-1 Versionstabelle: *** 0.9.10.0-1 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status All maintained connections are working. This includes OpenVPN connection type, too. However, in order to use either nm-applet or command-line client nmcli, I need to be root. The issue I'm facing is that with older release I could use either nm-applet or nmcli without root authorization. This becomes a critical issue in a multi-user desktop PC where most user neither have root authorization nor can utilize sudo. Question: How can I ensure that both, nm-applet and nmcli, can be used without root authorization? It's certainly intended that they can all be used without root. When you try to run 'nmcli' as a normal user, what error do you get? What is the output of nmcli gen perm as a normal user? Dan ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Only root can utilize nm-applet and nmcli as part of NetworkManager - how can other users use it w/o root?
Hello! I have installed latest version of NetworkManager and nmcli respectively + OpenVPN plugin or NetworkManager. user@pc1-asus:~ apt-cache policy network-manager network-manager: Installiert: 0.9.10.0-5 Installationskandidat: 0.9.10.0-5 Versionstabelle: *** 0.9.10.0-5 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status user@pc1-asus:~ apt-cache policy network-manager-gnome network-manager-gnome: Installiert: 0.9.10.0-2 Installationskandidat: 0.9.10.0-2 Versionstabelle: *** 0.9.10.0-2 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status user@pc1-asus:~ apt-cache policy network-manager-openvpn network-manager-openvpn: Installiert: 0.9.10.0-1 Installationskandidat: 0.9.10.0-1 Versionstabelle: *** 0.9.10.0-1 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status user@pc1-asus:~ apt-cache policy network-manager-openvpn-gnome network-manager-openvpn-gnome: Installiert: 0.9.10.0-1 Installationskandidat: 0.9.10.0-1 Versionstabelle: *** 0.9.10.0-1 0 500 http://ftp.debian.org/debian/ jessie/main i386 Packages 100 /var/lib/dpkg/status All maintained connections are working. This includes OpenVPN connection type, too. However, in order to use either nm-applet or command-line client nmcli, I need to be root. The issue Im facing is that with older release I could use either nm-applet or nmcli without root authorization. This becomes a critical issue in a multi-user desktop PC where most user neither have root authorization nor can utilize sudo. Question: How can I ensure that both, nm-applet and nmcli, can be used without root authorization? THX ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
