General > General Discussion

Disable nm-applet by group?

(1/1)

pyperdown:
I was messing with polkit to disable nm-applet so kids don't kill networking for the next student to use the device or themselves...  We're using a shared device model so this is kind of important.  Any ideas what I might be missing to achieve this?  The info I found had me do the following...

File: /etc/polkit-1/localauthority/50-local.d/org.freedesktop.NetworkManager.pkla

[nm-applet]
Identity=unix-group:adm
Action=org.freedesktop.NetworkManager.*
ResultAny=yes
ResultInactive=no
ResultActive=yes

but users not in the adm group still get the applet, and are still able to disable networking...

Ideas?  Am I barking up the wrong tree?

urkomasse:
For shared devices, the auto-reset function works well for us:
http://wiki.ubermix.org/page/Auto-Reset

Essentially, the laptop is reset to "factory defaults" every time you reboot it.

jnetman1:
You're close. This will make it ask for a password before enabling/disabling networking:


--- Code: ---sudo gedit /var/lib/polkit-1/localauthority/50-local.d/networkmanager.pkla
--- End code ---

Paste in the following:


--- Code: ---[NetworkManager1]
Identity=unix-group:user
Action=org.freedesktop.NetworkManager.network-control
ResultAny=no
ResultInactive=no
ResultActive=auth_admin_keep

[NetworkManager2]
Identity=unix-group:user
Action=org.freedesktop.NetworkManager.enable-disable-network
ResultAny=no
ResultInactive=no
ResultActive=auth_admin_keep

--- End code ---

Save and reboot.

If you want to disable altogether, set ResultActive=no as well. Of course, everyone would have to be a member of the user group, so make adjustments to the group name/memberships as you see fit. Auto-reset, of course, is far easier :-)

Navigation

[0] Message Index