The message by which I was hit was the following: "System policy prevents modification of network settings for all users."
Before you get started, the system wide configuration files that contain the default values reside inside the /usr/share/polkit-1/actions/ directory. In this directory resides the file org.freedesktop.NetworkManager.policy which contains all the default actions. It does also contain the message about the network settings for which the action id is "org.freedesktop.NetworkManager.settings.modify.system." At this point I was still clueless of what I was supposed to do.
After having search the web for information about PolicyKit I have found one interesting article that helped me getting done with my issue and learning more about this authorization framework. This action being very seldom to perform, I'm summing up everything here.
There are two useful commands to perform tests with PolicyKit, pkcheck and pkaction.
The first interesting command to use is pkcheck. It will trigger an authorization request and prompt you to type in a password, simply return true if no authorization is required otherwise false. For example:
pkcheck --action-id org.freedesktop.NetworkManager.settings.modify.system \
--process `pidof gnome-session` -u `id -u`You have to adapt the process and user parameters of course.
Next the command pkaction can be used to print the default system values, for example:
pkaction --action-id org.freedesktop.NetworkManager.settings.modify.system \
--verboseNow to have a custom setting for your user, what has to be done is to create a PolicyKit Local Authority file inside the directory /var/lib/polkit-1/localauthority/. Here is an example:[Let user mike modify system settings for network] Identity=unix-user:mike Action=org.freedesktop.NetworkManager.settings.modify.system ResultAny=no ResultInactive=no ResultActive=yesI have saved this file under /var/lib/polkit-1/localauthority/50-local.d/10-network-manager.pkla.
There are three main values you can pass to ResultActive that are no, auth_admin or yes. Respectively it will deny the authorization, ask for a password, and give access. For further information about the possible values check the polkit manpage, also don't miss the pklocalauthority manpage to read more about the localauthority tree structure.
Posts
You, sir, are awesome.
ReplyDeleteGreat article! Thanks for getting me out of a hole.
ReplyDeleteOne minor suggestion: I think you'd be better off putting the file in /etc/polkit-1/localauthority/50-local.d/ rather than in /var/lib/polkit-1/localauthority/50-local.d. I think the /etc location is intended for local mods; files in the /var/lib/ location are probably subject to change as the package is updated.
Thanks. Exactly what I needed.
ReplyDeleteBTW, which theme are you using?
The screenshot was taken on GNOME3, default theme.
DeleteIt took an end however... Post about that on Tumblr.
The background comes from Interface Lift.
fantastic
ReplyDeleteWhat's the difference between the /var/lib/polkit-1/* location and /etc/polkit-1/* location?
ReplyDeleteI wonder if that directory already existed at that time, maybe I just overlooked it. But no, there is no difference, you can put files inside /etc.
Deletecaptain awesome, solved same problem in my lubuntu, thanks mike
ReplyDeleteMua vé máy bay tại Aivivu, tham khảo
ReplyDeletesăn vé máy bay giá rẻ đi Mỹ
thời gian bay từ los angeles về việt nam
chuyến bay từ nga về việt nam
vé máy bay nhật việt vietjet
Vé máy bay từ Đài Loan về VN
PHP and Python website development training are the two promising for both working and new developers.
ReplyDeleteweb development course in bangalore
web development training
Wynn Casino, Las Vegas - JS Hub
ReplyDeleteSearch Results For "Wynn 광양 출장샵 Casino, Las Vegas" in 서귀포 출장마사지 our database of over 서귀포 출장안마 2,500 slot 목포 출장안마 machines, 포항 출장샵 video poker machines and video poker machines.