Re: I need current network interface documentation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jul 1, 2020 at 7:40 AM Ed Greshko <ed.greshko@xxxxxxxxxxx>
wrote:
> On 2020-07-01 13:32, Tom H wrote:
>>
>> On my laptop, the value's "--", which is the default and which means
>> that root and the polkit admin group (wheel) can control the
>> connection.
>
> Are you sure about that?
>
> connection.autoconnect: yes
> connection.permissions:  --
>
> [maria@f32k ~]$ nmcli connection down enp1s0
> Connection 'enp1s0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
>
> [maria@f32k ~]$ nmcli connection up enp1s0
> Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6).
>
> [egreshko@f32k ~]$ grep maria /etc/group
> maria:x:1027:

You may be right, but I have no idea given the output of "pkaction" :(

Admin group:

$ cat /etc/polkit-1/rules.d/50-default.rules
/* -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*- */

// DO NOT EDIT THIS FILE, it will be overwritten on update
//
// Default rules for polkit
//
// See the polkit(8) man page for more information
// about configuring polkit.

polkit.addAdminRule(function(action, subject) {
    return ["unix-group:wheel"];
});

NM rule:

$ pkaction --verbose --action-id
org.freedesktop.NetworkManager.settings.modify.system
org.freedesktop.NetworkManager.settings.modify.system:
  description:       Modify network connections for all users
  message:           System policy prevents modification of network
settings for all users
  vendor:            NetworkManager
  vendor_url:        http://www.gnome.org/projects/NetworkManager
  icon:              nm-icon
  implicit any:      auth_admin_keep
  implicit inactive: yes
  implicit active:   yes

I have no idea whether the two "yes" take precedence or the
"auth_admin_keep" does. I was expecting "auth_admin_keep"
everywhere...

The message being "System policy prevents modification of network
settings for all users", I wonder whether the fact that you have a
non-admin user who can control a connection is what's intended, and,
therefore, whether this message corresponds to previous, more
restrictive rules. Or not.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux