asking for root password when plugging mobile modem?

Hi,

I have Gnome 2 and 11.4 in my laptop (and going to evergreen). I have sometimes to use mobile
internet (UMTS) via a thing from ZTE (well, a modem) plugged via USB, working successfully.

There is something that nags me, though.

When I plug in the device, or boot the machine, or recover from hibernation, the entry in network
manager is disabled. After a time that varies between 20" and 2’ (and some activity seen in syslog),
I’m prompted for the PIN number of the phone SIM card (SIM PIN Unlock Required dialog). I do so, and
then I’m prompted for my root password in a second dialog (System policy prevents unlocking or
controlling the mobile broad band device (an application is attempting to perform an action that
requires privileges. Authentication as the superuser is required to perform this action)). After I
do this the network manager entry is enabled. And if I delay a bit I get a second prompt for the SIM
PIN (which if I obey I get a second prompt for root’s password)

I think this part of the process is done by ‘modem-manager’, judging by the messages in the syslog.

What I wonder is that root password request, I would like that part to disappear, be automatic, or
ask for user password instead. I see no configuration file in /etc.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” (Minas Tirith))

The messages come from policy kit. Maybe some rule for it needed?

Not sure, but maybe this ModemManager policy…

pkaction --action-id org.freedesktop.ModemManager.Device.Control --verbose

On 2012-10-28 23:36, deano ferrari wrote:
>
> Not sure, but maybe this ModemManager policy…
>
>
> Code:
> --------------------
> pkaction --action-id org.freedesktop.ModemManager.Device.Control --verbose
> --------------------


cer@minas-tirith:~> pkaction --action-id org.freedesktop.ModemManager.Device.Control --verbose
org.freedesktop.ModemManager.Device.Control:
description:       Unlock and control a mobile broadband device
message:           System policy prevents unlocking or controlling the mobile broadband device.
vendor:            ModemManager
vendor_url:        http://www.freedesktop.org/wiki/ModemManager
icon:              modem-manager
implicit any:      no
implicit inactive: no
implicit active:   auth_self_keep

cer@minas-tirith:~>

It looks to be there. I have never played wit PK - where does one change that rule? :-?


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” (Minas Tirith))

You can set explicit privileges by adding the required entry in /etc/polkit-default-privs.local

For example:

 org.freedesktop.ModemManager.Device.Control no:no:yes

Then run

set_polkit_default_privs

This documentation really needs updating, but section 9.3.3 explains the necessary…
Chapter

On 2012-10-29 04:26, deano ferrari wrote:

Trying…


minas-tirith:~ # set_polkit_default_privs
PolicyKit: setting org.freedesktop.ModemManager.Device.Control to no:no:yes (wrong setting aa:aa:aa)
polkit1: setting org.freedesktop.ModemManager.Device.Control to no:no:yes (wrong setting aa:aa:aa)
minas-tirith:~ #


Unplug… replug… wait… asks for pin… does not ask for root’s password! YOHOO! :slight_smile:

>
> This documentation really needs updating, but section 9.3.3 explains
> the necessary…
> ‘Chapter’ (http://tinyurl.com/95wh4hl)

I’ll have a look. Ah, the security guide, not the reference book…
I see that the current version doesn’t have it, policy kit has been deprecated, IIRC. As soon as one
learns one of these new gadgets, they remove it.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” (Minas Tirith))

Unplug… replug… wait… asks for pin… does not ask for root’s password! YOHOO! :slight_smile:

Good to know! :slight_smile:

I see that the current version doesn’t have it, policy kit has been deprecated, IIRC. As soon as one
learns one of these new gadgets, they remove it.

Yes, it is tough to keep up with all the changes, especially with the policykit —>polkit transition. Thankfully, I haven’t had to delve too deep. Most things seem to have sane policy settings out out the box, (although a lot of users seem to have issues with the default (secure) authentication requirements of the network manager).

On 2012-10-29 18:16, deano ferrari wrote:
>
>> Unplug… replug… wait… asks for pin… does not ask for root’s
>> password! YOHOO! :slight_smile:
> Good to know! :slight_smile:
>> I see that the current version doesn’t have it, policy kit has been
>> deprecated, IIRC. As soon as one learns one of these new gadgets, they remove it.

> Yes, it is tough to keep up with all the changes, especially with the
> policykit —>polkit transition. Thankfully, I haven’t had to delve too
> deep. Most things seem to have sane policy settings out out the box,
> (although a lot of users seem to have issues with the default (secure)
> authentication requirements of the network manager).

Oh. I did not realize that polkit is the successor of policykit, I
thought it was just a name change.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” (Minas Tirith))