On 2020-07-01 18:34, Tom H wrote:
> On Wed, Jul 1, 2020 at 7:40 AM Ed Greshko <ed.greshko@xxxxxxxxxxx>
> wrote:
>> On 2020-07-01 13:32, Tom H wrote:
>>> On my laptop, the value's "--", which is the default and which means
>>> that root and the polkit admin group (wheel) can control the
>>> connection.
>> Are you sure about that?
>>
>> connection.autoconnect: yes
>> connection.permissions: --
>>
>> [maria@f32k ~]$ nmcli connection down enp1s0
>> Connection 'enp1s0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
>>
>> [maria@f32k ~]$ nmcli connection up enp1s0
>> Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6).
>>
>> [egreshko@f32k ~]$ grep maria /etc/group
>> maria:x:1027:
> You may be right, but I have no idea given the output of "pkaction" :(
Well, since I demonstrated it works I think it is more "right" than "may be". :-)
But, see below....
>
> Admin group:
>
> $ cat /etc/polkit-1/rules.d/50-default.rules
> /* -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*- */
>
> // DO NOT EDIT THIS FILE, it will be overwritten on update
> //
> // Default rules for polkit
> //
> // See the polkit(8) man page for more information
> // about configuring polkit.
>
> polkit.addAdminRule(function(action, subject) {
> return ["unix-group:wheel"];
> });
>
> NM rule:
>
> $ pkaction --verbose --action-id
> org.freedesktop.NetworkManager.settings.modify.system
> org.freedesktop.NetworkManager.settings.modify.system:
> description: Modify network connections for all users
> message: System policy prevents modification of network
> settings for all users
I think the key word is "modification"....
[maria@f32k ~]$ nmcli connection edit enp1s0
===| nmcli interactive connection editor |===
Editing existing '802-3-ethernet' connection: 'enp1s0'
Type 'help' or '?' for available commands.
Type 'print' to show all the connection properties.
Type 'describe [<setting>.<prop>]' for detailed property description.
You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, sriov, ethtool, match, ipv4, ipv6, tc, proxy
nmcli> set connection.zone public
nmcli> save
Error: Failed to save 'enp1s0' (1c1a4060-823b-34bd-b469-177914d93b15) connection: Insufficient privileges
But I can do....
[egreshko@f32k ~]$ sudo nmcli connection edit enp1s0
===| nmcli interactive connection editor |===
Editing existing '802-3-ethernet' connection: 'enp1s0'
Type 'help' or '?' for available commands.
Type 'print' to show all the connection properties.
Type 'describe [<setting>.<prop>]' for detailed property description.
You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, sriov, ethtool, match, ipv4, ipv6, tc, proxy
nmcli> set connection.zone public
nmcli> save
Connection 'enp1s0' (1c1a4060-823b-34bd-b469-177914d93b15) successfully updated.
--
The key to getting good answers is to ask good questions.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
