Am 20.09.2011 11:18, schrieb Vincent Bernat: > On Tue, 20 Sep 2011 10:21:06 +0200, Michael Biebl wrote: > >>> This is a wireless network I never connected to. I choose it from >>> the >>> available wireless network detected by Network Manager. Through >>> polkit >>> helper, Network Manager is asking me for administrative rights just >>> to >>> connect to this new wireless network. >> >> Ok, I guess it is clearer now what your issue is. >> With NM 0.9, the user settings service is gone, i.e. connections are >> no longer >> stored in the user session but always system wide (using the keyfile >> in >> /etc/NetworkManager/system-connections). >> Wireless connections are shared by default (ie. the setting >> "Available to all >> users" is selected). >> Writing a system setting and making it available to everyone requires >> administrative privileges. That's why you get the PolicyKit prompt. >> >> If you create a Wireless connection manually via >> nm-connection-editor: >> Run nm-connection-editor >> select tab "Wireless" >> Click "Add" >> Fill in SSID and Security settings. >> *Uncheck* "Available to all users". >> Then you shouldn't get a PK prompt, right? > > Yes. > > I think by default, a user should not be prompted for administrative > rights to connect to a wireless network. This could be done with a > policy stating that > org.freedesktop.NetworkManager.settings.modify.system is granted to > active users (but I think this is far too wide). Or this could be done > by not sharing wireless connections by default (in this case, I suppose > that org.freedesktop.NetworkManager.settings.modify.own will be used and > by default, active users are granted this permission). > > Maybe I could retitle this bug to "Add a settings to allow > unprivilegied user to connect to unknown wireless network without > administrative rights" and set severity to wishlist. Would it be > clearer?
It's the "unknown" part which is important, because it's about *creating* a new connection configuration. I initially was about activating an existing connection. Granting org.freedesktop.NetworkManager.settings.modify.system to every active user means that they will be able to read the Wireless PSK without admin privileges, so I'm not convinced yet that this is actually a good idea. An alternative could be, to make wireless connections not available to everyone by default and doing so requires explicit configuration. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
