[Pkg-utopia-maintainers] Bug#642136: Bug#642136: Bug#642136: Bug#642136: network-manager: Connecting to a wifi network requires org.freedesktop.NM.settings.modify.system privileges

Michael Biebl biebl at debian.org
Tue Sep 20 09:36:06 UTC 2011


Am 20.09.2011 11:18, schrieb Vincent Bernat:
> On Tue, 20 Sep 2011 10:21:06 +0200, Michael Biebl wrote:
> 
>>> This is a wireless network I never connected to. I choose it from 
>>> the
>>> available wireless network detected by Network Manager. Through 
>>> polkit
>>> helper, Network Manager is asking me for administrative rights just 
>>> to
>>> connect to this new wireless network.
>>
>> Ok, I guess it is clearer now what your issue is.
>> With NM 0.9, the user settings service is gone, i.e. connections are
>> no longer
>> stored in the user session but always system wide (using the keyfile 
>> in
>> /etc/NetworkManager/system-connections).
>> Wireless connections are shared by default (ie. the setting 
>> "Available to all
>> users" is selected).
>> Writing a system setting and making it available to everyone requires
>> administrative privileges. That's why you get the PolicyKit prompt.
>>
>> If you create a Wireless connection manually via 
>> nm-connection-editor:
>> Run nm-connection-editor
>> select tab "Wireless"
>> Click "Add"
>> Fill in SSID and Security settings.
>> *Uncheck* "Available to all users".
>> Then you shouldn't get a PK prompt, right?
> 
> Yes.
> 
> I think by default, a user should not be prompted for administrative 
> rights to connect to a wireless network. This could be done with a 
> policy stating that 
> org.freedesktop.NetworkManager.settings.modify.system is granted to 
> active users (but I think this is far too wide). Or this could be done 
> by not sharing wireless connections by default (in this case, I suppose 
> that org.freedesktop.NetworkManager.settings.modify.own will be used and 
> by default, active users are granted this permission).
> 
> Maybe I could retitle this bug to "Add a settings to allow 
> unprivilegied user to connect to unknown wireless network without 
> administrative rights" and set severity to wishlist. Would it be 
> clearer?

It's the "unknown" part which is important, because it's about *creating* a new
connection configuration. I initially was about activating an existing connection.

Granting org.freedesktop.NetworkManager.settings.modify.system to every active
user means that they will be able to read the Wireless PSK without admin
privileges, so I'm not convinced yet that this is actually a good idea.
An alternative could be, to make wireless connections not available to everyone
by default and doing so requires explicit configuration.

Michael



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20110920/16bcf9b9/attachment.pgp>


More information about the Pkg-utopia-maintainers mailing list