K network manager does not work with user rights
Lamarque Vieira Souza
lamarque at gmail.com
Mon Jun 28 13:55:17 CEST 2010
Hi,
Your /etc/dbus-1/system.d/NetworkManager.conf is not configured to let
plugdev group members to access NetworkManager. You should add those lines
before the line "<policy context="default">" and restart dbus (maybe you will
need to reboot since restarting dbus break some programs):
<policy group="plugdev">
<allow send_destination="org.freedesktop.NetworkManager"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.DBus.Introspectable"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.DBus.Properties"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.AccessPoint"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Connection.Active"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Device.Cdma"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Device.Wired"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Device.Gsm"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Device.Serial"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Device.Wireless"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Device"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.DHCP4Config"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.IP4Config"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.VPN.Connection"/>
<deny send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager"
send_member="SetLogging"/>
</policy>
Em Segunda-feira 28 Junho 2010, GS24 escreveu:
> Hi,
>
> my user is in the plugdev grup. I think kubuntu uses policykit. Here my
> config and log files:
>
> NetworkManager.conf
> <!DOCTYPE busconfig PUBLIC
> "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
> "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
> <busconfig>
> <policy user="root">
> <allow own="org.freedesktop.NetworkManager"/>
> <allow own="org.freedesktop.NetworkManagerSystemSettings"/>
>
> <allow send_destination="org.freedesktop.NetworkManager"/>
> <allow send_destination="org.freedesktop.NetworkManagerSystemSettings"/>
>
> <allow send_destination="org.freedesktop.NetworkManager"
>
> send_interface="org.freedesktop.NetworkManager.PPP"/>
> </policy>
> <policy user="haldaemon">
> <allow send_destination="org.freedesktop.NetworkManager"/>
> <allow send_interface="org.freedesktop.NetworkManager"/>
> </policy>
> <policy at_console="true">
> <allow send_destination="org.freedesktop.NetworkManager"/>
>
> <allow send_destination="org.freedesktop.NetworkManager"
>
> send_interface="org.freedesktop.DBus.Introspectable"/>
>
> <allow send_destination="org.freedesktop.NetworkManager"
> send_interface="org.freedesktop.DBus.Properties"/>
>
> <allow send_destination="org.freedesktop.NetworkManager"
> send_interface="org.freedesktop.NetworkManager"/>
>
> <allow send_destination="org.freedesktop.NetworkManager"
>
> send_interface="org.freedesktop.NetworkManager.AccessPoint"/>
>
> <allow send_destination="org.freedesktop.NetworkManager"
>
> send_interface="org.freedesktop.NetworkManager.Connection.Active"/>
>
> <allow send_destination="org.freedesktop.NetworkManager"
>
> send_interface="org.freedesktop.NetworkManager.Device.Cdma"/>
>
> <allow send_destination="org.freedesktop.NetworkManager"
>
> send_interface="org.freedesktop.NetworkManager.Device.Wired"/>
>
> <allow send_destination="org.freedesktop.NetworkManager"
>
> send_interface="org.freedesktop.NetworkManager.Device.Gsm"/>
>
> <allow send_destination="org.freedesktop.NetworkManager"
>
> send_interface="org.freedesktop.NetworkManager.Device.Serial"/>
>
> <allow send_destination="org.freedesktop.NetworkManager"
>
> send_interface="org.freedesktop.NetworkManager.Device.Wireless"/>
>
> <allow send_destination="org.freedesktop.NetworkManager"
>
> send_interface="org.freedesktop.NetworkManager.Device"/>
>
> <allow send_destination="org.freedesktop.NetworkManager"
>
> send_interface="org.freedesktop.NetworkManager.DHCP4Config"/>
>
> <allow send_destination="org.freedesktop.NetworkManager"
>
> send_interface="org.freedesktop.NetworkManager.IP4Config"/>
>
> <allow send_destination="org.freedesktop.NetworkManager"
>
> send_interface="org.freedesktop.NetworkManager.VPN.Connection"/>
> </policy>
> <policy context="default">
> <deny own="org.freedesktop.NetworkManager"/>
> <deny own="org.freedesktop.NetworkManagerSystemSettings"/>
>
> <deny send_destination="org.freedesktop.NetworkManager"/>
> <allow send_destination="org.freedesktop.NetworkManagerSystemSettings"/>
>
> <!-- The org.freedesktop.NetworkManagerSettings.Connection.Secrets
> interface is secured via PolicyKit.
> -->
> </policy>
>
> <limit name="max_replies_per_connection">512</limit>
> </busconfig>
>
> NetworkManager-kde4.conf
> <!DOCTYPE busconfig PUBLIC
> "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
> "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
> <busconfig>
> <!--
> WARNING: if running any D-Bus version prior to 1.2.6, you may be
> vulnerable to information leakage via the NM D-Bus interface.
> Previous D-Bus versions did not deny-by-default, and this
> permissions
> config file assumes that D-Bus will deny rules by default unless
> explicitly over-ridden with an <allow /> tag.
> -->
>
> <policy user="root">
> <allow own="org.freedesktop.NetworkManagerUserSettings"/>
>
> <allow send_destination="org.freedesktop.NetworkManagerUserSettings"
>
> send_interface="org.freedesktop.NetworkManagerSettings"/>
>
> <allow send_destination="org.freedesktop.NetworkManagerUserSettings"
>
> send_interface="org.freedesktop.NetworkManagerSettings.Connection"/>
>
> <!-- Only root can get secrets -->
> <allow send_destination="org.freedesktop.NetworkManagerUserSettings"
>
> send_interface="org.freedesktop.NetworkManagerSettings.Connection.Secrets"/
> > </policy>
> <policy at_console="true">
> <allow own="org.freedesktop.NetworkManagerUserSettings"/>
>
> <allow send_destination="org.freedesktop.NetworkManagerUserSettings"
>
> send_interface="org.freedesktop.NetworkManagerSettings"/>
>
> <allow send_destination="org.freedesktop.NetworkManagerUserSettings"
>
> send_interface="org.freedesktop.NetworkManagerSettings.Connection"/>
> </policy>
> <policy context="default">
> <allow send_destination="org.freedesktop.NetworkManagerUserSettings"
>
> send_interface="org.freedesktop.DBus.Introspectable"/>
> </policy>
>
> <limit name="max_replies_per_connection">512</limit>
> </busconfig>
>
> auth.log
> Jun 28 08:50:48 amilo polkitd(authority=local): Registered
> Authentication Agent for session /org/freedesktop/ConsoleKit/Session1
> (system bus name :1.24
> [/usr/lib/kde4/libexec/polkit-kde-authentication-agent-1 -session
> 10d06d696c000127401571300000181320014_1277707631_888652], object path
> /org/kde/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
>
> syslog
> Jun 28 08:49:52 amilo avahi-daemon[906]: Network interface enumeration
> completed.
> Jun 28 08:49:54 amilo NetworkManager: <info> starting...
> Jun 28 08:49:54 amilo NetworkManager: <info> Trying to start the
> modem-manager...
> Jun 28 08:49:54 amilo NetworkManager: SCPlugin-Ifupdown: init!
> Jun 28 08:49:54 amilo NetworkManager: SCPlugin-Ifupdown:
> update_system_hostname
> Jun 28 08:49:54 amilo NetworkManager: SCPluginIfupdown: management
> mode: unmanaged
> Jun 28 08:49:54 amilo NetworkManager: SCPlugin-Ifupdown: devices
> added (path:
> /sys/devices/pci0000:00/0000:00:03.0/0000:03:00.0/net/wlan0, iface: wlan0)
> Jun 28 08:49:54 amilo NetworkManager: SCPlugin-Ifupdown: device added
> (path: /sys/devices/pci0000:00/0000:00:03.0/0000:03:00.0/net/wlan0,
> iface: wlan0): no ifupdown configuration found.
> Jun 28 08:49:54 amilo NetworkManager: SCPlugin-Ifupdown: devices
> added (path: /sys/devices/pci0000:00/0000:00:14.0/net/eth0, iface: eth0)
> Jun 28 08:49:54 amilo NetworkManager: SCPlugin-Ifupdown: device added
> (path: /sys/devices/pci0000:00/0000:00:14.0/net/eth0, iface: eth0): no
> ifupdown configuration found.
> Jun 28 08:49:54 amilo NetworkManager: SCPlugin-Ifupdown: devices
> added (path: /sys/devices/virtual/net/lo, iface: lo)
> Jun 28 08:49:54 amilo NetworkManager: SCPlugin-Ifupdown: device added
> (path: /sys/devices/virtual/net/lo, iface: lo): no ifupdown
> configuration found.
> Jun 28 08:49:54 amilo NetworkManager: SCPlugin-Ifupdown: end _init.
> Jun 28 08:49:54 amilo NetworkManager: Loaded plugin ifupdown: (C) 2008
> Canonical Ltd. To report bugs please use the NetworkManager mailing list.
> Jun 28 08:49:54 amilo NetworkManager: Loaded plugin keyfile: (c) 2007 -
> 2008 Red Hat, Inc. To report bugs please use the NetworkManager mailing
> list.
> Jun 28 08:49:54 amilo NetworkManager: <info> Found wlan radio
> killswitch rfkill1 (at
> /sys/devices/pci0000:00/0000:00:03.0/0000:03:00.0/ieee80211/phy0/rfkill1)
> (driver <unknown>)
> Jun 28 08:49:54 amilo NetworkManager: <info> WiFi enabled by radio
> killswitch; enabled by state file
> Jun 28 08:49:54 amilo NetworkManager: <info> WWAN enabled by radio
> killswitch; enabled by state file
> Jun 28 08:49:54 amilo NetworkManager: SCPlugin-Ifupdown: (34920736)
> ... get_connections.
> Jun 28 08:49:54 amilo NetworkManager: SCPlugin-Ifupdown: (34920736)
> ... get_connections (managed=false): return empty list.
> Jun 28 08:49:55 amilo NetworkManager: Ifupdown: get unmanaged devices
> count: 0
> Jun 28 08:49:55 amilo NetworkManager: <info> (wlan0): driver supports
> SSID scans (scan_capa 0x01).
> Jun 28 08:49:55 amilo NetworkManager: <info> (wlan0): new 802.11 WiFi
> device (driver: 'ath5k')
> Jun 28 08:49:55 amilo NetworkManager: <info> (wlan0): exported as
> /org/freedesktop/NetworkManager/Devices/0
> Jun 28 08:49:55 amilo NetworkManager: <info> (wlan0): now managed
> Jun 28 08:49:55 amilo NetworkManager: <info> (wlan0): device state
> change: 1 -> 2 (reason 2)
> Jun 28 08:49:55 amilo NetworkManager: <info> (wlan0): bringing up device.
> Jun 28 08:49:55 amilo NetworkManager: <info> (wlan0): preparing device.
> Jun 28 08:49:55 amilo NetworkManager: <info> (wlan0): deactivating
> device (reason: 2).
> Jun 28 08:49:55 amilo NetworkManager: supplicant_interface_acquire:
> assertion `mgr_state == NM_SUPPLICANT_MANAGER_STATE_IDLE' failed
> Jun 28 08:49:55 amilo NetworkManager: <info> (eth0): carrier is OFF
> Jun 28 08:49:55 amilo NetworkManager: <info> (eth0): new Ethernet
> device (driver: 'forcedeth')
> Jun 28 08:49:55 amilo NetworkManager: <info> (eth0): exported as
> /org/freedesktop/NetworkManager/Devices/1
> Jun 28 08:49:55 amilo NetworkManager: <info> (eth0): now managed
> Jun 28 08:49:55 amilo NetworkManager: <info> (eth0): device state
> change: 1 -> 2 (reason 2)
> Jun 28 08:49:55 amilo NetworkManager: <info> (eth0): bringing up device.
> Jun 28 08:49:55 amilo NetworkManager: <info> (eth0): preparing device.
> Jun 28 08:49:55 amilo NetworkManager: <info> (eth0): deactivating
> device (reason: 2).
> Jun 28 08:49:55 amilo NetworkManager: <info> modem-manager is now
> available Jun 28 08:49:55 amilo NetworkManager: <WARN>
> default_adapter_cb(): bluez error getting default adapter: The name
> org.bluez was not provided by any .service files
> Jun 28 08:49:55 amilo NetworkManager: <info> Trying to start the
> supplicant...
> Jun 28 08:49:55 amilo NetworkManager: <info> (wlan0): supplicant
> manager state: down -> idle
> Jun 28 08:49:55 amilo NetworkManager: <info> (wlan0): device state
> change: 2 -> 3 (reason 0)
> Jun 28 08:49:56 amilo NetworkManager: <info> (wlan0): supplicant
> interface state: starting -> ready
> Jun 28 08:50:02 amilo NetworkManager: SCPlugin-Ifupdown: devices
> added (path: /sys/devices/virtual/net/pan0, iface: pan0)
> Jun 28 08:50:02 amilo NetworkManager: SCPlugin-Ifupdown: device added
> (path: /sys/devices/virtual/net/pan0, iface: pan0): no ifupdown
> configuration found.
> Jun 28 08:50:02 amilo NetworkManager: <WARN> device_creator():
> /sys/devices/virtual/net/pan0: couldn't determine device driver;
> ignoring... Jun 28 08:50:45 amilo polkitd[1658]: started daemon version
> 0.96 using authority implementation `local' version `0.96'
>
> Must I add something to a config file?
>
> Am 27.06.2010 22:20, schrieb Lamarque Vieira Souza:
> > Hi,
> >
> > I think the problem where normal user cannot configure connections is
> >
> > because there is something wrong with policykit permissions (does kubuntu
> > uses policykit?) or in networkmanager dbus permission file
> > (/etc/dbus-1/system.d/NetworkManager.conf). Programs that uses dbus (like
> > Plasma Network Management or the old Knm) do not need to run as root. In
> > my case adding my user to plugdev group let's me configure connections.
> > You can change the allowed group in
> > /etc/dbus-1/system.d/NetworkManager.conf.
> >
> > Em Domingo 27 Junho 2010, Gerrit Scholz escreveu:
> >> Hi,
> >>
> >> On system start of kubuntu (10.04) the K network manager (versions - Qt:
> >> 4.6.2 KDE: 4.4.2 KNetworkManager: v0.9) starts with user rights and
> >> appears as tray icon. I can open the configuration dialogue to add a new
> >> connection, but if I press the OK button – no connection is set up. With
> >>
> >> root rights all works fine:
> >> * kill K network manager user process
> >> * gksudo knetworkmanager – Now I can configure connections.
> >>
> >> After system reboot the K network manager runs with user rights again,
> >> and the connections configured with root right are not shown.
> >>
> >>
> >> Is there a possibility to start the K network manager with root rights
> >> on system start? Or the better way - how can I get the K network
> >> manager work with user rigths?
> >>
> >> Thanks in advance!
>
> _______________________________________________
> kde-networkmanager mailing list
> kde-networkmanager at kde.org
> https://mail.kde.org/mailman/listinfo/kde-networkmanager
--
Lamarque V. Souza
http://www.geographicguide.com/brazil.htm
Linux User #57137 - http://counter.li.org/
http://www.kde-mg.org
More information about the kde-networkmanager
mailing list