How can I set the permissions for users to make changes to the network connections and state? For instance, how can I allow/disallow users to connect to new wireless networks? How can I allow/disallow users to turn off networking?
Asked
Active
Viewed 2.4k times
3 Answers
13
You can create a local policy for one or more users.
Create the document where the settings will live...
touch /var/lib/polkit-1/localauthority/50-local.d/10-network-manager.pkla
Add one or more policies...
[Let foo modify system settings for network] Identity=unix-user:foo Action=org.freedesktop.NetworkManager.settings.modify.system ResultAny=no ResultInactive=no ResultActive=yes [Do not allow foo to enable/disable networking] Identity=unix-user:foo Action=org.freedesktop.NetworkManager.settings.enable-disable-network ResultAny=no ResultInactive=no ResultActive=no
The key is the ResultActive element which can be set to yes, no, auth_admin, or auth_admin_keep where the latter two will require the password of another user with sudo privileges.
The Action element defines what action will be allowed/disallowed or require authentication with a password. There are options like org.freedesktop.NetworkManager.enable-disable-network for toggling network as enabled/disabled. You can see more options in the /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy file, just look for something like <action id="org.freedesktop.NetworkManager.enable-disable-network"> and read it's description.
You can also set all values with the * wildcard...
[Prevent foo from modifying all network states and settings except with admin password] Identity=unix-user:foo Action=org.freedesktop.NetworkManager.* ResultAny=no ResultInactive=no ResultActive=auth_admin_keep
This will require a password to make ANY change to network settings or state.
You can do this in a single command that could be included in a script...
sudo su -c 'printf "[Prevent foo from modifying all network states and settings]\nIdentity=unix-user:foo\nAction=org.freedesktop.NetworkManager.*\nResultAny=no\nResultInactive=no\nResultActive=auth_admin" > /var/lib/polkit-1/localauthority/50-local.d/10-network-manager.pkla'
References:
HarlemSquirrel
- 3,869
0
You can add the user to the 'netdev' group.
But I'm not sure if that doesn't give them more rights then intended.
See: https://wiki.ubuntu.com/Security/Privileges#Connect_to_wireless_and_ethernet_networks
serve.chilled
- 505
-3
Linux os is secure, it’s most likely asking for authentication before entering a WiFi login key, I’ve had issues with it too, All you need to do is when the message appears enter the user password and then you’ll be prompted to enter network key.
There’s no need to go into etc/ or /use or modify any file isn’t the actual file system creating yet another problem.
It’s a security steps, if someone get a hold of your computer once they log out they’ll need your password to access the browser.
If you don’t have the password to get into network then you shouldn’t use that computer.
