Disable nm-applet by group?

[pyperdown]

I was messing with polkit to disable nm-applet so kids don't kill networking for the next student to use the device or themselves...  We're using a shared device model so this is kind of important.  Any ideas what I might be missing to achieve this?  The info I found had me do the following...

File: /etc/polkit-1/localauthority/50-local.d/org.freedesktop.NetworkManager.pkla

[nm-applet]
Identity=unix-group:adm
Action=org.freedesktop.NetworkManager.*
ResultAny=yes
ResultInactive=no
ResultActive=yes

but users not in the adm group still get the applet, and are still able to disable networking...

Ideas?  Am I barking up the wrong tree?

[urkomasse]

For shared devices, the auto-reset function works well for us:
http://wiki.ubermix.org/page/Auto-Reset

Essentially, the laptop is reset to "factory defaults" every time you reboot it.

[jnetman1]

You're close. This will make it ask for a password before enabling/disabling networking:

Code: [Select]

sudo gedit /var/lib/polkit-1/localauthority/50-local.d/networkmanager.pkla
Paste in the following:

Code: [Select]

[NetworkManager1]
Identity=unix-group:user
Action=org.freedesktop.NetworkManager.network-control
ResultAny=no
ResultInactive=no
ResultActive=auth_admin_keep

[NetworkManager2]
Identity=unix-group:user
Action=org.freedesktop.NetworkManager.enable-disable-network
ResultAny=no
ResultInactive=no
ResultActive=auth_admin_keep

Save and reboot.

If you want to disable altogether, set ResultActive=no as well. Of course, everyone would have to be a member of the user group, so make adjustments to the group name/memberships as you see fit. Auto-reset, of course, is far easier :-)