Remove sudo password when connecting to new WiFi network

12.04 wireless permissions password

25,035

Solution 1

I found success with the following solution in Ubuntu 13.04:

Open /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy with root/sudo privileges and search for the following line:

<message>System policy prevents modification of network settings for all users</message>

A few lines below that should be this:

<allow_active>auth_admin_keep</allow_active>

Change it to:

<allow_active>yes</allow_active>

Save the file and restart your computer.

Solution 2

You can edit system configuration files, but that's brute force. First of all, as a rule of thumb, configuration resides under /etc, not /usr or /var or anywhere else. HarlemSquirrel explained how to do a proper change to the default policy. Editing files under /usr is guaranteed to blow up in your face sooner or later, as those files are provided by system packages, which will be updated/replaced eventually.

But the bigger problem is that these changes are completely unnecessary, as of 18.04 at least. This is a "you're holding it wrong" issue. Actually, it's a usability issue on the NM applet's part, but anyway. Take a look at /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy:

  <action id="org.freedesktop.NetworkManager.settings.modify.system">
    <description>Modify network connections for all users</description>
    <defaults>
      <allow_any>auth_admin_keep</allow_any>
      <allow_inactive>auth_admin_keep</allow_inactive>
      <allow_active>auth_admin_keep</allow_active>
    </defaults>
  </action>

Meaning users can't create connections, right? Wrong! Look further:

  <action id="org.freedesktop.NetworkManager.settings.modify.own">
    <description>Modify personal network connections</description>
    <defaults>
      <allow_any>auth_self_keep</allow_any>
      <allow_inactive>yes</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
  </action>

As you can see, NetworkManager supports the concept of user and system connections. The problem is, the applet creates system connections by default. So when you open the applet on the tray and click Select Network, then select the one you want to connect to, it asks for a sudo user, because creating system connections are only allowed for admins.

BUT if you open the Settings app, go to Wi-Fi and click on the desired network, it'll easily let you connect without admin password. Walk in the park.

Why the applet wants to create system connections by default is beyond me though, especially since you can make a user connection a system one anytime later. It's the Make available to other users option under connection properties, and when you check that and click Apply, it'll immediately ask for sudo password, as it should. I'll try to find a way to make the applet create user connections by default, I'll update this answer if I figured it out.

Solution 3

How To Resolve the Error: System policy prevents modification of network settings for all users

There is a critical step missing from an answer above, so I am including it here. :)

This works in Ubuntu 14.04 LTS & 16.04 LTS

Open Terminal
su to root
```
su -
```

Type the following:

nano /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy

Towards the end of the file, find the section labeled:

<action id="org.freedesktop.NetworkManager.settings.modify.system">

At the the bottom of the org.freedesktop.NetworkManager.settings.modify.system Section, locate the following line of code:
```
<allow_active>auth_admin_keep</allow_active>
```
Change this line to read as follows:
```
<allow_active>yes</allow_active>
```
Save the file using:
```
^X
```
Answer "Save modified buffer (ANSWERING "No" WILL DESTROY CHANGES) ?" by Typing:
```
Y
```

Hit Enter when prompted with:

File Name to Write: /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy

Restart.

Solution 4

You can also create a local policy for this

[Let user pupil modify system settings for network]
Identity=unix-user:pupil
Action=org.freedesktop.NetworkManager.settings.modify.system
ResultAny=no
ResultInactive=no
ResultActive=yes

in a file called /etc/polkit-1/localauthority/50-local.d/10-network-manager.pkla.

The advantage here is this can be a single command and usable in a script!

printf "[Let user pupil modify system settings for network]\nIdentity=unix-user:pupil\nAction=org.freedesktop.NetworkManager.settings.modify.system\nResultAny=no\nResultInactive=no\nResultActive=yes" | sudo tee /etc/polkit-1/localauthority/50-local.d/10-network-manager.pkla

Reference: Ubuntu Manpage:pklocalauthority

Solution 5

This isn't really the fix I was hoping for but one workaround I've found is just to disable NetworkManager all-together and instead use Wicd.

First stop NetworkManager from running at startup:

sudo gedit /etc/NetworkManager/NetworkManager.conf

then # out the managed line. Also # out #start on (local-filesystems and started dbus) from /etc/init/network-manager.conf . Then just to make double sure

sudo mv /etc/init/network-manager.conf /etc/init/network-manager.conf-disabled
sudo mv /etc/xdg/autostart/nm-applet.desktop /etc/xdg/autostart /nm-applet.desktop.disabled

Now can just use Wicd and no password prompts needed it seems.

View more solutions

25,035

fpghost

Updated on September 18, 2022

Comments

fpghost over 1 year

So currently when my non-admin user tries to connect to a new WiFi network (e.g. at a cafe say) NetworkManager prompts for the admin user's password. Is there a way to turn this off and to allow the non-admin user to connect to whatever Wifi network they like?

EDIT: just to clarify, I really mean a new WiFi network never connected to prior by the computer, so clicking 'Available to all users' on an existing established connection will not solve the matter- as currently no issue with the non-admin user reconnecting as many times as they like to the home network.
- Rinzwind over 11 years
  
  /etc/sudoers is the file to edit so it does not ask for passwords: help.ubuntu.com/community/Sudoers
- fpghost over 11 years
  
  I've used visudo before to allow the non-admin user to do a few things (like sudo apt-get upate for e.g.) but I am not sure what I would have to put in there to stop them being asked for a password on connecting to a new wifi network
- Rinzwind over 11 years
  
  ha you got me there. I would have made it an answer if I knew that from memory (been searching for a bit but did not find it yet :D )
- fpghost over 11 years
  
  yeah, must be something of the form someUser ALL=(root)NOPASSWD:/path/to/somethingControllingWiFi I presume, if this is indeed the way to go.
- Rinzwind over 11 years
  
  It sure is :) ..
- Bruno Pereira over 11 years
  
  Are you sure he is not asking to unlock the keyring? Normal non admin users are allowed to control wireless connections. If not try to open the Network Manager with your admin user and make sure that the Connection available to all users check box is enabled.
- fpghost over 11 years
  
  Yes connection available to all is already ticked. The non-admin user can connect to a pre-established connection without issue (e.g. home wifi say), the problem is when they try to connect to a genuinely new wifi network (say at a cafe or hotel), somewhere never previously connected to, then upon attempting to connect via NetworkManager the non-admin user is prompted for my (the admins) password.
- fpghost over 11 years
  
  Also when trying to Edit Connections for the pre-established connection msg is System policy prevents modifications of network settings for all users: an application is attempting to perform an action that requires privileges. Authentication as the super user is required to perform this action. Password for adminuser: ...... then the Details expansions says Action: org.freedesktop.NetworkManager.settings.modify.system, Vendor: NetworkManager if that helps.
- fpghost over 11 years
  
  @BrunoPereira the available to all fix has to be applied for every single wifi network, so isn't practical for non-admin users connecting to new wifi on their own.
- artfulrobot over 10 years
  
  Dupe: askubuntu.com/questions/230825/…
vidstige over 7 years

this is the correct solution
vidstige over 7 years

see the answer blow by @harlemsquirrel below, it will make it much easier to pack the permission up inside e.g. a deb package. Also the above approach is susceptible to be reset by updates, etc, because your editing a file managed by dpkg.
vise over 6 years

Solid advice, but you should just restart the network via sudo service network-manager restart.
gpothier about 4 years

OMG thanks for this info, this has been pestering me for so long. I just submitted a bug report: bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bu‌g/…