Since 0.8.2, NetworkManager does not work as intended for plugdev group. Downgrading back to 0.8.1 solves the problem. Please let me know if I can provide more information to help you debug the problem Portage 2.2.0_alpha7 (default/linux/amd64/10.0/developer, gcc-4.5.1, glibc-2.12.1-r3, 2.6.36-pf2-night-elf x86_64) ================================================================= System uname: Linux-2.6.36-pf2-night-elf-x86_64-Intel-R-_Core-TM-2_Duo_CPU_T5450_@_1.66GHz-with-gentoo-2.0.1 Timestamp of tree: Unknown app-shells/bash: 4.1_p9 dev-java/java-config: 2.1.11-r2 dev-lang/python: 2.6.6-r1, 2.7.1, 3.1.3 dev-util/cmake: 2.8.1-r2 sys-apps/baselayout: 2.0.1-r1 sys-apps/openrc: 0.6.8 sys-apps/sandbox: 2.4 sys-devel/autoconf: 2.13, 2.68 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.5.1-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82 virtual/os-headers: 2.6.36.1 (sys-kernel/linux-headers) Repositories: gentoo sunrise ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -march=core2 -pipe -ggdb" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -march=core2 -pipe -ggdb" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs collision-protect distlocks fixlafiles fixpackages metadata-transfer multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms sign splitdebug strict test-fail-continue unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="ftp://mirror.bytemark.co.uk/gentoo" LDFLAGS="-Wl,-O1 -Wl,--hash-style=gnu,--enable-new-dtags -Wl,--as-needed" LINGUAS="en el" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages/eternity/" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/home/hwoarang/development/gentoo-cvs/gentoo-x86" PORTDIR_OVERLAY="/home/hwoarang/development/overlays/sunrise/sunrise" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X a52 aac acl acpi alsa amd64 apm bash-completion bluetooth bus bzip2 bzlib cairo cdr chm cli consolekit cracklib crypt ctype cups cxx dbus dga divx divx4linux dri dts dvd dvdr dvdread emboss encode exif fat ffmpeg firefox flac foomaticdb gd gif gimp gimpprint glib glitz gnutls gphoto2 gpm hal iconv id3tag imagemagick imlib ipv6 ipw4965 jpeg laptop lcms libnotify libwww lm_sensors mad mikmod mime mjpeg mmx mmxext mng modules mozilla mp3 mp4 mpeg mplayer mudflap multilib multiuser ncurses networkmanager nls nptl ntfs ogg opengl openmp pam pango pcre pdf perl php png policykit posix ppds pppd private-headers python qt3support qt4 quicktime rar raster readline reiserfs session simplexml smp sockets spell sqlite sqlite3 srt sse sse2 sse3 ssl ssse3 startup-notification subtitles svg symlink sysfs syslog tcpd threads truetype unicode usb userlocales v4l v4l2 vorbis x264 xcb xcomposite xine xml xmlreader xorg xscreensaver xv xvid zip zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse synaptics evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en el" PHP_TARGETS="php5-2" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Steps to reproduce: 1. Update networkmanager & nm-applet to 0.8.2 2. Reload dbus 3. Restart NetworkManager service 4. Launch nm-applet
For people who are not using polkit - I'll re-introduce dbus policy patch. R
I've now re-added plugdev group patch
Well, nm-applet still doesn't work
And to be more precise, Enable Networking and Enable wireless are grey (disabled) on nm-applet. Furthermore when I try to launch any of my vpn connections I get the following result ** (nm-applet:3914): WARNING **: <WARN> activate_vpn_cb(): VPN Connection activation failed: (org.freedesktop.NetworkManager.PermissionDenied) No user settings service available I'm not sure what is wrong. Is there a decent way to configure networkmanager+nm-applet will polkit?
(In reply to comment #5) > And to be more precise, Enable Networking and Enable wireless are grey > (disabled) on nm-applet. Furthermore when I try to launch any of my vpn > connections I get the following result > > > ** (nm-applet:3914): WARNING **: <WARN> activate_vpn_cb(): VPN Connection > activation failed: (org.freedesktop.NetworkManager.PermissionDenied) No user > settings service available > > > I'm not sure what is wrong. Is there a decent way to configure > networkmanager+nm-applet will polkit? > Ok, ignore me. dbus works fine. Polkit is the one that has troubles. Sorry for the noise
reopen as the solution is incorrect and I would even claim this is a gaping security hole. plugdev group is useless. hwoarang, please see this thread: http://forums.gentoo.org/viewtopic-t-858965-highlight-tips+tricks.html tampakrap is working on converting it into a guidexml official documentation.
Will remove the plugdev group support in couple of days as it's redudant.
Created attachment 275813 [details] 01-org.freedesktop.NetworkManager.pkla See bug 369667. Then see what files get installed into /usr/share/polkit-1 by networkmanager to find out the current defaults for active vs. inactive users. Then you can create even more specific .pkla file. This file in $FILESDIR and installed with from ebuild's src_install(): insinto /etc/polkit-1/localauthority/10-vendor.d doins "${FILESDIR}"/01-org.freedesktop.NetworkManager.pkla The "enewgroup plugdev" should then be restored into networkmanager's ebuild.
And: man 8 pklocalauthority
This is finally fixed by this commit today: +*networkmanager-0.9.1.90-r3 (29 Oct 2011) + + 29 Oct 2011; Alexandre Rostovtsev <tetromino@gentoo.org> + +files/01-org.freedesktop.NetworkManager.settings.modify.system.pkla, + +networkmanager-0.9.1.90-r3.ebuild, + +files/networkmanager-0.9.1.90-force-libnl1.1.patch, + +files/networkmanager-0.9.1.90-if.h.patch, + +files/networkmanager-0.9.1.90-rfkill.patch: + Bump to 0.9.1.90 from the gnome overlay. Allow users in plugdev group to + modify system connections (so dropped wireless connections no longer bring up + a modal root password prompt), thanks to Samuli Suominen for the solution. + Numerous code changes.