New wireless requires root permission in OpenSUSE 12.3

The system demands the root password after typing the appropriate info into networkmangager to set up a new wireless connection. If I enter the root password, indeed the wireless works fine. However, this root password requirement is not appropriate for my current installation, so I have been trying to remove it.

Using Actions Policy-Systems Settings as root, I have adjusted the settings in org.freedesktop/NetworkManager/settings/NetworkManager/Modify personal network connections: no effect

In fact, I have tried every combination and permutation of all of the settings in org.freedesktop relating to the network, all with no effect.

I tried adding my identity into Local authorizations and even creating a new group called network and adding into Local authorizations: no effect.

I tried toggling all the settgins in yast2: /etc/sysconfig Editor relating to network: no effect.

I have tried KDE and FVWM so far: same problem.

The obvious question is: What file is now setting such permissions in 12.3?

Sounds like you have set up your wireless connection as “system connection”.
There’s a checkbox named “System connection” in the settings dialog (below “Connect automatically”), make sure this is not checked.

I tried both settings: no effect.

I’ve also tried several installs: no luck

I wonder if any one else has this problem.

polkit (which handles this authorization) has changed since 12.2.

I have not investigated this fully. It looks as if the policy rules are defined in two places:

/usr/share/polkit-1/
/etc/polkit-1/

My guess is that the second of those overrides the first.

The actions policy settings applet for KDE makes changes under “/usr/share/polkit-1/”

You would probably need a text editor to make changes under “/etc/polkit-1/”.

You could try to run:

sudo /sbin/set_polkit_default_privs

This sets all polkit permissions to the defaults which should allow you to use your wireless (user) connection without root password.

But, is your session registered with logind? (on earlier versions ConsoleKit was used for this)
Please post the output of:

loginctl

/etc/polkit-1 is empty.

Yes, Actions Policy changed the entries in /usr/share/polkit-1 but there was no effect.

loginct:

SESSION UID USER SEAT
1 0 root seat0
3 1000 schmadel seat0

2 sessions listed.

Seems OK.

I’ll have to wait a few hours till I’m home to run the “sudo /sbin/set_polkit_default_priv”

I’ll report the results then.

I did “sudo /sbin/set_polkit_default_privs” but networkmanager still requires root password, even after relogin.

Is any one able to setup wireless connection in Opensuse 12.3 without root pswd?

On 04/30/2013 06:06 PM, schmadel wrote:
>
>
> I did “sudo /sbin/set_polkit_default_privs” but networkmanager still
> requires root password, even after relogin.
>
> Is any one able to setup wireless connection in Opensuse 12.3 without
> root pswd?

Absolutely.

Are you sure it wants the root password, and not a request for your user
password to unlock the key ring? For the first user, the password will be the same.

I would recommend deleting all connections and remake them without the system
connection.

Am 01.05.2013 01:06, schrieb schmadel:
> Is any one able to setup wireless connection in Opensuse 12.3 without
> root pswd?

Yes that works without me doing anything to the systems to enable that,
it works out of the box on several machines with wireless here in 12.3.


PC: oS 12.3 x86_64 | i7-2600@3.40GHz | 16GB | KDE 4.10.2 | GTX 650 Ti
ThinkPad E320: oS 12.3 x86_64 | i3@2.30GHz | 8GB | KDE 4.10.2 | HD 3000
HannsBook: oS 12.3 x86_64 | SU4100@1.3GHz | 2GB | KDE 4.10.2 | GMA4500

Yes, it is definitely asking for root pswd.

When I login as root and start up KDE, everything works very nicely. For some reason the new permissions in freedesktop are being ignored.

I’m using systemd. I think I’ll try System V on a new install and see if thee problem persists.

Is it really empty?
On my system the default polkit rules are stored there.
Please check if you have installed the package “polkit-default-privs”.
If not, install it please and run “sudo /sbin/set_polkit_default_privs” again.

Don’t do that! This is not supported on 12.3 anymore. You would have to uninstall half of your system to install sysvinit…

On 05/01/2013 03:16 AM, schmadel wrote:
> When I login as root and start up KDE,

you should never do that!

doing that (or logging into any *nix-like DE as root) has long been
known to be troublesome…including all kinds of permissions
problems including actions which should not require root
permissions do require them.

more: http://tinyurl.com/DD-on-Root


dd

Oops! Indeed I have /etc/polkit-1/rules.d. I just could not see it from my user screen because of the directory read permission.

From our discussions, I have two theories as to the source of the problem:

  1. I had logged into the system and run KDE as root early on.

  2. I set the system up to boot into run level 2 without network. Perhaps when then running kdm, not all the proper services started.

Rather than waste any of more anyone else’s time trying to fix the myriad of problems that may have resulted, I will reinstall on a separate system using systemD.

Before doing so I have 2 questions:

  1. Can I run Konqueror as root in a user desktop, or will this bring on problems as well?

  2. Actions Policy modifies the files in /usr/share/polkit-1/actions. What edits the files in /etc/polkit-1/rules.d?

Yes, there was even an entry in the menu for KDE3’s konqueror. Nowadays only an entry for dolphin as root is in the standard startmenu.
You can run konqueror as root with

kdesu konqueror

But please beware that web browsing is not the best thing to do in root mode! :wink:

  1. Actions Policy modifies the files in /usr/share/polkit-1/actions. What edits the files in /etc/polkit-1/rules.d?

They are supplied by openSUSE and contained in the package “polkit-default-privs”. You’re not supposed to edit them as your changes would be overwritten on updates.
If you want to change the default rules, you could do that in /etc/polkit-default-privs.local .

Since I had a look at those files just now, another thing:
Maybe your POLKIT_DEFAULT_PRIVS is set to “restrictive” or PERMISSION_SECURITY is set to “secure” or “paranoid” in /etc/sysconfig/security?
Could you please post that file?

Because /etc/polkit-default-privs.restrictive would set org.freedesktop.NetworkManager.enable-disable-wifi to “auth_admin” (which means ask for root password)

Oh and I tend to disagree that logging into KDE as root would cause problems for your system.
root does have its own home directory (/root) where KDE would store its settings.
It’s more dangerous to call KDE programs with ‘su’ or ‘sudo’ in your user’s session, since then file permissions in your home directory could be set to wrong permissions (i.e. owned by root)…

But of course you can more easily damage your system if you are root. :wink:

Maybe your POLKIT_DEFAULT_PRIVS is set to “restrictive” or PERMISSION_SECURITY is set to “secure” or “paranoid” in /etc/sysconfig/security?
Could you please post that file?

Because /etc/polkit-default-privs.restrictive would set org.freedesktop.NetworkManager.enable-disable-wifi to “auth_admin” (which means ask for root password)[/QUOTE]

/etc/sysconfig/security looks OK:

Path: System/Security/Permissions

Description: Configuration of permissions on the system

Type: string

Default: “easy local”

Permission settings to use. By default ‘easy’, ‘secure’ and

‘paranoid’ exist. You may define your own though.

PERMISSION_SECURITY=“easy local”

Description: Use filesystem capabilities for more finegrained permission handling

Type: yesno

Default: “yes”

Flag whether to use filesystem capabilities for finegrained

access control (compared to setuid) or not.

PERMISSION_FSCAPS=""

Path: System/Security/PolicyKit

Description: Configuration of default PolicyKit privileges

Type: list(set,warn,no)

Default: set

Config: set_polkit_default_privs

SuSEconfig can check PolicyKit default privileges.

Setting this variable to “set” will change privileges that don’t match the

default. Setting to “warn” only prints a warning and “no” will

disable this feature.

Defaults to “set” if not specified

CHECK_POLKIT_PRIVS=“set”

Type: string

Default: “standard”

Config: set_polkit_default_privs

SUSE ships with two sets of default privilege settings. These are

“standard” and “restrictive”.

Examples: “standard”, “restrictive foo bar”

If not set the value depends on the setting of

PERMISSION_SECURITY. If PERMISSION_SECURITY contains ‘secure’ or

‘paranoid’ the value will be ‘restrictive’, otherwise ‘standard’.

The ‘local’ file is always evaluated and takes precedence over all

other files.

POLKIT_DEFAULT_PRIVS=“standard”

Type: list(yes,yast,no)

Default: yes

When working with packages and installation sources, check keys

and signatures: yes = in YaST and ZENWorks, yast = in YaST, no =

no checking.

CHECK_SIGNATURES=“yes”

[QUOTE=wolfi323;2552917]Yes, there was even an entry in the menu for KDE3’s konqueror. Nowadays only an entry for dolphin as root is in the standard startmenu.
You can run konqueror as root with

kdesu konqueror

But please beware that web browsing is not the best thing to do in root mode! :wink:

Actually I prefer Konqueror only as a filemanager with its potential for multiple file windows.

Regarding the modifications of permissions, it woull seem that Actions Policy cannot be used for altering permisions since its changes are preempted by /etc/polkit-1.

Should one actually effect all permission changes by manually writing a /etc/polkit-default-privs.local file entry?

Yes. Strange.

Some other thoughts:
What files do you actually have in /etc/polkit-1/rules.d/ ?

sudo ls -la /etc/polkit-1/rules.d/

Maybe your /etc/polkit-default-privs.standard isn’t quite standard? What’s the output of

sudo rpm -V polkit-default-privs

Perhaps there is some leftover file from an earlier verson? (IIRC, this setting originally was wrong on 12.2, so you had to enter the root password for wireless back then…)

Yeah, I was imagining that you wanted to use it as filemanager…:wink:
You could of course add an entry to the startmenu yourself using kmenueditor.

Regarding the modifications of permissions, it woull seem that Actions Policy cannot be used for altering permisions since its changes are preempted by /etc/polkit-1.
Should one actually effect all permission changes by manually writing a /etc/polkit-default-privs.local file entry?

There seems to be an issue somewhere regarding this, yes.
But /etc/polkit-default-privs.local is supposed to override the defaults for the local installation.
So you could try to add the following line to this file and run set_polkit_default_privs again.

org.freedesktop.NetworkManager.enable-disable-wifi              auth_admin:auth_admin:yes

What files do you actually have in /etc/polkit-1/rules.d/ ?

sudo ls -la /etc/polkit-1/rules.d/

drwx------ 2 polkitd root 4096 May 1 11:58 .
drwxr-xr-x 3 root root 4096 Mar 6 06:41 …
-rw-r–r-- 1 root root 321 Feb 19 07:50 50-default.rules
-rw-r–r-- 1 root root 28210 May 1 11:37 90-default-privs.rules

Maybe your /etc/polkit-default-privs.standard isn’t quite standard? What’s the output of

sudo rpm -V polkit-default-privs

All my attempts are clean installs so there aren’t any ghosts from previous versions.
Interesting that there is no output from

sudo rpm -V polkit-default-privs

But yast software manager lists:

polkit-default-privs 12.3-6.15.1 with an indication that its an updated version.

There seems to be an issue somewhere regarding this, yes.
But /etc/polkit-default-privs.local is supposed to override the defaults for the local installation.
So you could try to add the following line to this file and run set_polkit_default_privs again.

org.freedesktop.NetworkManager.enable-disable-wifi              auth_admin:auth_admin:yes

[/QUOTE]

I tried various combinations for /etc/polkit-default-privs.local including

org.freedesktop.network-manager-settings.system.modify auth_admin:auth_admin:yes
org.freedesktop.NetworkManager.enable-disable-network auth_admin:auth_admin:yes
org.freedesktop.NetworkManager.enable-disable-wifi auth_admin:auth_admin:yes
org.freedesktop.NetworkManager.network-control auth_admin:auth_admin:yes
org.freedesktop.NetworkManager.settings.modify.own auth_admin:auth_admin:yes
org.freedesktop.NetworkManager.settings.modify.system auth_admin:auth_admin:yes

I ran /sbin/set_polkit_default_privs and even logged out and in. Still when attempting to create or edit wireless network connections a window pops upindicating “System policy prevents modification of personal network settings” and requests “Password for root”

Tonight I’'ll try an install into run level 3 or 5 and report back.

Thanks everyone for all of the information and advice so far. It’s truly appreciated.