Package: network-manager-kde
Version: 1:0.1-2
Severity: important
Tags: patch
In a large installation, it does not scale to add all users to the
groups granting access to local devices on each machine. In such
configurations it is better to assign that access dynamically at
login, using the pam_group and pam_foreground pam modules.
In Debian Edu, we use pam_group and pam_foreground to grant access to
single desktop machines (what we call the standalone profile), to make
sure all users are treated the same way even if they are added later
on using adduser or added to the LDAP database. I would recommend
Debian changed its default to also use pam_group and pam_foreground to
grant access to local devices.
In such setting, the knetworkmanager do not work properly, as it do
not grant access to console users but only to members of the netdev
group.
Here is a patch to fix it, by granting access to both members of the
netdev group, and the users logged into the console. It modifies the
patch 04-dbus_access to add a block for the netdev group instead of
modifying the setting for the at_console group.
diff -u knetworkmanager-0.1/debian/patches/04-dbus_access.patch
knetworkmanager-0.1/debian/patches/04-dbus_access.patch
--- knetworkmanager-0.1/debian/patches/04-dbus_access.patch
+++ knetworkmanager-0.1/debian/patches/04-dbus_access.patch
@@ -1,13 +1,15 @@
-Index: knetworkmanager/knetworkmanager.conf
-===================================================================
---- knetworkmanager/knetworkmanager.conf (Revision 565631)
-+++ knetworkmanager/knetworkmanager.conf (Arbeitskopie)
-@@ -8,7 +8,7 @@
+--- knetworkmanager/knetworkmanager.conf.orig 2007-05-29 00:15:26.000000000
+0200
++++ knetworkmanager/knetworkmanager.conf 2007-05-29 00:15:57.000000000
+0200
+@@ -14,6 +14,12 @@
<allow send_destination="org.freedesktop.NetworkManagerInfo"/>
<allow send_interface="org.freedesktop.NetworkManagerInfo"/>
</policy>
-- <policy at_console="true">
+ <policy group="netdev">
- <allow own="org.freedesktop.NetworkManagerInfo"/>
++ <allow own="org.freedesktop.NetworkManagerInfo"/>
++
++ <allow send_destination="org.freedesktop.NetworkManagerInfo"/>
++ <allow send_interface="org.freedesktop.NetworkManagerInfo"/>
++ </policy>
+ <policy context="default">
+ <deny own="org.freedesktop.NetworkManagerInfo"/>
- <allow send_destination="org.freedesktop.NetworkManagerInfo"/>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
