Remove sudo password when connecting to *new* WiFi network
Solution 1
I found success with the following solution in Ubuntu 13.04:
Open /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy
with root/sudo privileges and search for the following line:
<message>System policy prevents modification of network settings for all users</message>
A few lines below that should be this:
<allow_active>auth_admin_keep</allow_active>
Change it to:
<allow_active>yes</allow_active>
Save the file and restart your computer.
Solution 2
You can edit system configuration files, but that's brute force. First of all, as a rule of thumb, configuration resides under /etc
, not /usr
or /var
or anywhere else. HarlemSquirrel explained how to do a proper change to the default policy. Editing files under /usr
is guaranteed to blow up in your face sooner or later, as those files are provided by system packages, which will be updated/replaced eventually.
But the bigger problem is that these changes are completely unnecessary, as of 18.04 at least. This is a "you're holding it wrong" issue. Actually, it's a usability issue on the NM applet's part, but anyway. Take a look at /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy
:
<action id="org.freedesktop.NetworkManager.settings.modify.system">
<description>Modify network connections for all users</description>
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
Meaning users can't create connections, right? Wrong! Look further:
<action id="org.freedesktop.NetworkManager.settings.modify.own">
<description>Modify personal network connections</description>
<defaults>
<allow_any>auth_self_keep</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
As you can see, NetworkManager supports the concept of user and system connections. The problem is, the applet creates system connections by default. So when you open the applet on the tray and click Select Network, then select the one you want to connect to, it asks for a sudo user, because creating system connections are only allowed for admins.
BUT if you open the Settings app, go to Wi-Fi and click on the desired network, it'll easily let you connect without admin password. Walk in the park.
Why the applet wants to create system connections by default is beyond me though, especially since you can make a user connection a system one anytime later. It's the Make available to other users option under connection properties, and when you check that and click Apply, it'll immediately ask for sudo password, as it should. I'll try to find a way to make the applet create user connections by default, I'll update this answer if I figured it out.
Solution 3
How To Resolve the Error: System policy prevents modification of network settings for all users
There is a critical step missing from an answer above, so I am including it here. :)
This works in Ubuntu 14.04 LTS & 16.04 LTS
Open Terminal
su to root
su -
Type the following:
nano /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy
Towards the end of the file, find the section labeled:
<action id="org.freedesktop.NetworkManager.settings.modify.system">
At the the bottom of the org.freedesktop.NetworkManager.settings.modify.system Section, locate the following line of code:
<allow_active>auth_admin_keep</allow_active>
Change this line to read as follows:
<allow_active>yes</allow_active>
Save the file using:
^X
Answer "Save modified buffer (ANSWERING "No" WILL DESTROY CHANGES) ?" by Typing:
Y
Hit Enter when prompted with:
File Name to Write: /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy
Restart.
:)
Solution 4
You can also create a local policy for this
[Let user pupil modify system settings for network] Identity=unix-user:pupil Action=org.freedesktop.NetworkManager.settings.modify.system ResultAny=no ResultInactive=no ResultActive=yes
in a file called /etc/polkit-1/localauthority/50-local.d/10-network-manager.pkla
.
The advantage here is this can be a single command and usable in a script!
printf "[Let user pupil modify system settings for network]\nIdentity=unix-user:pupil\nAction=org.freedesktop.NetworkManager.settings.modify.system\nResultAny=no\nResultInactive=no\nResultActive=yes" | sudo tee /etc/polkit-1/localauthority/50-local.d/10-network-manager.pkla
Reference: Ubuntu Manpage:pklocalauthority
Solution 5
This isn't really the fix I was hoping for but one workaround I've found is just to disable NetworkManager
all-together and instead use Wicd
.
First stop NetworkManager
from running at startup:
sudo gedit /etc/NetworkManager/NetworkManager.conf
then # out the managed
line. Also # out #start on (local-filesystems and started dbus)
from /etc/init/network-manager.conf
. Then just to make double sure
sudo mv /etc/init/network-manager.conf /etc/init/network-manager.conf-disabled
sudo mv /etc/xdg/autostart/nm-applet.desktop /etc/xdg/autostart /nm-applet.desktop.disabled
Now can just use Wicd
and no password prompts needed it seems.
Related videos on Youtube
fpghost
Updated on September 18, 2022Comments
-
fpghost over 1 year
So currently when my non-admin user tries to connect to a new WiFi network (e.g. at a cafe say) NetworkManager prompts for the admin user's password. Is there a way to turn this off and to allow the non-admin user to connect to whatever Wifi network they like?
EDIT: just to clarify, I really mean a new WiFi network never connected to prior by the computer, so clicking 'Available to all users' on an existing established connection will not solve the matter- as currently no issue with the non-admin user reconnecting as many times as they like to the home network.
-
Rinzwind over 11 years
/etc/sudoers
is the file to edit so it does not ask for passwords: help.ubuntu.com/community/Sudoers -
fpghost over 11 yearsI've used
visudo
before to allow the non-admin user to do a few things (likesudo apt-get upate
for e.g.) but I am not sure what I would have to put in there to stop them being asked for a password on connecting to a new wifi network -
Rinzwind over 11 yearsha you got me there. I would have made it an answer if I knew that from memory (been searching for a bit but did not find it yet :D )
-
fpghost over 11 yearsyeah, must be something of the form
someUser ALL=(root)NOPASSWD:/path/to/somethingControllingWiFi
I presume, if this is indeed the way to go. -
Rinzwind over 11 yearsIt sure is :) ..
-
Bruno Pereira over 11 yearsAre you sure he is not asking to unlock the keyring? Normal non admin users are allowed to control wireless connections. If not try to open the Network Manager with your admin user and make sure that the Connection available to all users check box is enabled.
-
fpghost over 11 yearsYes
connection available to all
is already ticked. The non-admin user can connect to a pre-established connection without issue (e.g. home wifi say), the problem is when they try to connect to a genuinely new wifi network (say at a cafe or hotel), somewhere never previously connected to, then upon attempting to connect viaNetworkManager
the non-admin user is prompted for my (the admins) password. -
fpghost over 11 yearsAlso when trying to
Edit Connections
for the pre-established connection msg isSystem policy prevents modifications of network settings for all users: an application is attempting to perform an action that requires privileges. Authentication as the super user is required to perform this action. Password for adminuser: ......
then the Details expansions saysAction: org.freedesktop.NetworkManager.settings.modify.system, Vendor: NetworkManager
if that helps. -
fpghost over 11 years@BrunoPereira the
available to all
fix has to be applied for every single wifi network, so isn't practical for non-admin users connecting to new wifi on their own. -
artfulrobot over 10 years
-
-
vidstige over 7 yearsthis is the correct solution
-
vidstige over 7 yearssee the answer blow by @harlemsquirrel below, it will make it much easier to pack the permission up inside e.g. a deb package. Also the above approach is susceptible to be reset by updates, etc, because your editing a file managed by dpkg.
-
vise over 6 yearsSolid advice, but you should just restart the network via sudo service network-manager restart.
-
gpothier about 4 yearsOMG thanks for this info, this has been pestering me for so long. I just submitted a bug report: bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/…