How do I set the policy for users to modify the network state and connections?
You can create a local policy for one or more users.
Create the document where the settings will live...
touch /var/lib/polkit-1/localauthority/50-local.d/10-network-manager.pkla
Add one or more policies...
[Let foo modify system settings for network] Identity=unix-user:foo Action=org.freedesktop.NetworkManager.settings.modify.system ResultAny=no ResultInactive=no ResultActive=yes [Do not allow foo to enable/disable networking] Identity=unix-user:foo Action=org.freedesktop.NetworkManager.settings.enable-disable-network ResultAny=no ResultInactive=no ResultActive=no
The key is the ResultActive element which can be set to yes, no, auth_admin, or auth_admin_keep where the latter two will require the password of another user with sudo privileges.
The Action element defines what action will be allowed/disallowed or require authentication with a password. There are options like org.freedesktop.NetworkManager.enable-disable-network for toggling network as enabled/disabled. You can see more options in the /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy file, just look for something like <action id="org.freedesktop.NetworkManager.enable-disable-network"> and read it's description.
You can also set all values with the * wildcard...
[Prevent foo from modifying all network states and settings except with admin password] Identity=unix-user:foo Action=org.freedesktop.NetworkManager.* ResultAny=no ResultInactive=no ResultActive=auth_admin_keep
This will require a password to make ANY change to network settings or state.
You can do this in a single command that could be included in a script...
sudo su -c 'printf "[Prevent foo from modifying all network states and settings]\nIdentity=unix-user:foo\nAction=org.freedesktop.NetworkManager.*\nResultAny=no\nResultInactive=no\nResultActive=auth_admin" > /var/lib/polkit-1/localauthority/50-local.d/10-network-manager.pkla'
References:
- http://manpages.ubuntu.com/manpages/trusty/en/man8/polkit.8.html
- http://manpages.ubuntu.com/manpages/trusty/en/man8/pklocalauthority.8.html
Related videos on Youtube
08 : 47
09 : 53
25 : 18
20 : 58
02 : 26
HarlemSquirrel
Updated on September 18, 2022Comments
-
HarlemSquirrel almost 2 years
How can I set the permissions for users to make changes to the network connections and state? For instance, how can I allow/disallow users to connect to new wireless networks? How can I allow/disallow users to turn off networking?
-
Admin over 3 yearsI believe the question is asking something different. Case in point, when company notebooks are handed out, employees will need the ability to connect to different networks on their own, but some networks -- such as the public WiFi at McDonald's or Starbucks -- could be "forbidden". This is where a policy works really well to allow people a little flexibility without giving up the farm. -
Arun about 3 yearsYour account may be have administrator privilege, If a standard user is trying to add to a new WiFi network then it will ask for admin user password in my experience.