Is there a way I can forcibly disable networking as a non-root user? I want to be able to make a script with the capability to turn off all networking on my computer, but I don't want to have to run it as root.
Is there a way I can forcibly disable networking as a non-root user? I want to be able to make a script with the capability to turn off all networking on my computer, but I don't want to have to run it as root.
bump
I don't think so, no. You'd need to take down the interfaces with commands like "ifconfig eth0 down" and those require root privileges.
The reason for this is obvious, once you recall that Linux is multi-user. Letting an individual user bring down the network would crash any other users' sessions that were using networking.
If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.
Blog · Linode System Administration Guides · Android Apps for Ubuntu Users
How about pulling out the ethernet cable and turning off the wireless with its hardware switch
Cheesemill
That must be the part in the script that controls the robotic hand!
If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.
Blog · Linode System Administration Guides · Android Apps for Ubuntu Users
I'm sure there's a way. I can disable wireless simply by clicking on the red (X) or uncheck the checkboxes here, and I'm pretty sure that GUI runs as a normal user yet is still able to "ask" the process running as root (NetworkManager) to disable networking. So why can't my script "ask" NetworkManager to bring down the network just as the GUI does? Theoretically I could even write a script that would move my mouse to the icon and disable networking as if I were doing it myself, and that wouldn't require root (not that it would be practical to do though).
Maybe using qdbus?
Yes you could try qdbus or even dbus-send, I can get wireless to disable/enable that way but the overall networking enable doesn't seem to allow it i.e.
(and it works) butCode:$ dbus-send --system --print-reply --dest=org.freedesktop.NetworkManager \ /org/freedesktop/NetworkManager \ org.freedesktop.DBus.Properties.Set string:"org.freedesktop.NetworkManager" string:"WirelessEnabled" variant:boolean:false method return sender=:1.3 -> dest=:1.251 reply_serial=2
You *may* need to look at modifying the polkit-1 rules to make it work the way you wantCode:$ dbus-send --system --print-reply --dest=org.freedesktop.NetworkManager \ /org/freedesktop/NetworkManager \ org.freedesktop.DBus.Properties.Set string:"org.freedesktop.NetworkManager" string:"NetworkingEnabled" variant:boolean:false Error org.freedesktop.DBus.Error.AccessDenied: Property "NetworkingEnabled" of interface "org.freedesktop.NetworkManager" is not settable
You know, I never really thought about that, though I have certainly turned wifi and wired networking off and on as an ordinary user with NetworkManager. I think the first or second time I used that ability I wondered about its security implications, but then I soon forgot about it.
If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.
Blog · Linode System Administration Guides · Android Apps for Ubuntu Users
I don't really understand all this. My knowledge of qdbus is limited to setting/reading klipper contents, controling plasma-desktop, and related.
How do I modify polkit-1 rules?
I doubt there are many security implications in relation to networking. Same goes with the ability to shutdown and reboot (actions which are normally only available to root), etc. The real issue is the ability to access the keyboard, display, etc without root making keylogging easy.
Last edited by Stonecold1995; April 19th, 2013 at 01:56 AM.
Well I certainly don't - I've played with dbus a little (using dbus-send / dbus-monitor and some python) but I'm still waiting for the 'Aha!' moment. Right now it's all looks like the API was dreamed up by the Department of Redundancy Department - to make matters worse most of the documentation that I've found so far appears to be incomplete and/or out of date.
Did you try just pasting in the 1st dbus-send command to see if it works for you?
It's all XML iirc - I *almost* played with the network-manager bits at one point (trying to work around the 'non privileged user can't connect to a new network' issue) but decided against messing with it. I *think* the right way to do it is to create a custom rules file in /etc/polkit-1/localauthority/ however I've seen threads where people edit the file(s) in /usr/share/polkit-1 directly. Don't quote me though.
EDIT: ... FINALLY figured out the dbus interface to disable / enable ALL networking not just wireless (equivalent to the nm-applet Enable Networking check item) - it's the org.freedesktop.NetworkManager interface instead of the org.freedesktop.DBus.Properties interface:
The --type=method_call seems to be optionalCode:dbus-send --system --type=method_call --print-reply --dest=org.freedesktop.NetworkManager /org/freedesktop/NetworkManager org.freedesktop.NetworkManager.Enable boolean:false
Last edited by steeldriver; April 19th, 2013 at 05:38 AM.
Bookmarks