$ ls -lh /usr/libexec/dbus-daemon-launch-helper -rws--x--- 1 root root 99K Dec 7 02:01 /usr/libexec/dbus-daemon-launch-helper This caused two problems right off the bat: 1) NetworkManager silently refused to start wpa_supplicant. Executing 'wpa_supplicant -uB" in root by hand is a workaround. 2) nm-connection-editor's "Available to all users" checkbox is grayed out. Oh, and a really cryptic error message: "Could not retrieve dbus connections: Failed to execute program /usr/libexec/dbus-daemon-launch-helper: Success" So, I tried to execute /usr/libexec/dbus-daemon-launch-helper by hand and got a "Permission denied". Aha. A little googling reveals someone else had a similar problem. A quick chmod o+x on that bad boy, an /etc/init.d/NetworkManager restart, and everything is just dandy. The issue with this nice little "fix" is dbus-daemon-launch-helper is SUID root. It doesn't appear too many other people are having this issue, so I can't help but wonder if portage did some kind of auto-perm fixing on this binary. Since the binary is obviously meant to be executed by users, however, I think this is an acceptable fix, until upstream finds a way, if it can, to get rid of its SUID root binaries. Reproducible: Always Steps to Reproduce: Hmmm, this is a hardish one. Emerge networkmanager with a full desktop profile, and try using nm-connection-editor in GNOME. $ emerge --info Portage 2.1.6.13 (default/linux/amd64/10.0/desktop, gcc-4.3.4, glibc-2.9_p20081201-r2, 2.6.32-gentoo x86_64) ================================================================= System uname: Linux-2.6.32-gentoo-x86_64-Intel-R-_Core-TM-2_Duo_CPU_P8800_@_2.66GHz-with-gentoo-2.0.1 Timestamp of tree: Thu, 10 Dec 2009 01:00:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 4.0_p35 dev-java/java-config: 2.1.9-r1 dev-lang/python: 2.6.4 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.6.4-r3 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.5.3 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.7.9-r1, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=core2 -msse4.1" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -pipe -march=core2 -msse4.1" DISTDIR="/usr/portage/distfiles" FEATURES="ccache collision-protect distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="C" LDFLAGS="-Wl,-O1" LINGUAS="en" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/layman/sunrise /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X a52 aac acl acpi alsa amd64 avahi bash-completion berkdb bluetooth branding bzip2 cairo cdr cjk cli consolekit cracklib crypt cups cxx dbus divx dri dts dvd dvdr eds emboss encode evo fam firefox flac fortran gdbm gif gnome gpm gstreamer gtk hal iconv ipv6 jpeg laptop ldap libnotify lm_sensors mad mikmod mmx modules mp3 mp4 mpeg mudflap multilib nautilus ncurses networkmanager nls nptl nptlonly nsplugin ogg opengl openmp pam pcre pdf perl png ppds pppd pulseaudio python qt3support quicktime readline reflection samba sdl session spell spl sse sse2 ssl startup-notification svg sysfs syslog tcpd theora thunar tiff truetype unicode usb vorbis x264 xml xorg xulrunner xv xvid zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nvidia nv vesa fbdev" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
You are wrong. Look at bus/Makefile.am: this binary is 'chmod 4750'. Though it should be 'root:messagebus', not 'root:root'. Try to reemerge it.
nm-connection-edtior is executed under my username, though. Does this mean I need to be part of the "messagebus" group? Or is that extending my permissions farther than they ought to be?
The permissions come from the makefile rules and they work fine for everything I use. If something is failing, it might be because of dbus policy. Wrt. group ownership problem, this is bug #222551 *** This bug has been marked as a duplicate of bug 222551 ***
