From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id 0DScBBMDzmFPhAEAgWs5BA (envelope-from ) for ; Thu, 30 Dec 2021 20:05:55 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id UMQMORIDzmHZgQEAG6o9tA (envelope-from ) for ; Thu, 30 Dec 2021 20:05:54 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B4BDB208C5 for ; Thu, 30 Dec 2021 20:05:53 +0100 (CET) Received: from localhost ([::1]:58468 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1n30kK-00056l-7g for larch@yhetil.org; Thu, 30 Dec 2021 14:05:52 -0500 Received: from eggs.gnu.org ([209.51.188.92]:53934) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n30k1-00055a-GP; Thu, 30 Dec 2021 14:05:34 -0500 Received: from mx1.riseup.net ([198.252.153.129]:48168) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n30jy-0007zO-Nj; Thu, 30 Dec 2021 14:05:33 -0500 Received: from fews2.riseup.net (fews2-pn.riseup.net [10.0.1.84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.riseup.net", Issuer "R3" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4JPyQb48KnzF4jc; Thu, 30 Dec 2021 11:05:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1640891127; bh=Av4G8I8Q9CNSkmQDdrnYYBiE2yUUVfNM5N2f84z+GPU=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=JWcMDWDxvlfy/HH+5Cx1LGrbwdEHGaGpSY4NpbLPGpYXKpgNt4VmStCdMuft28QE5 nJ9GRhwiDhefT/FSwYta92c5F8IUWT16gsYkQUqQ2C6dw7JwVFrW+bYNJ9ovkaUzuY L/Vs/D7/ux2rCA9b9g0S62+NyzF47vnjgaVZCAUg= X-Riseup-User-ID: A1A6692171F8607A94E7F07214466A83644DE7BA318A86FF595B91F8367215A2 Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews2.riseup.net (Postfix) with ESMTPSA id 4JPyQZ4hC3z1xmv; Thu, 30 Dec 2021 11:05:26 -0800 (PST) Date: Thu, 30 Dec 2021 20:00:23 +0100 From: raingloom To: Paul Jewell Subject: nmtui - user authorisation Message-ID: <20211230200023.7aec38ae@riseup.net> In-Reply-To: References: <0f941db1-51a5-b579-7f2c-7333057cb402@teulu.org> <6404264d-e6c9-831c-9e5f-8327488201eb@teulu.org> <20211229015029.7f75bb7b@riseup.net> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=198.252.153.129; envelope-from=raingloom@riseup.net; helo=mx1.riseup.net X-Spam_score_int: -8 X-Spam_score: -0.9 X-Spam_bar: / X-Spam_report: (-0.9 / 5.0 requ) DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Guix Bugs , help-guix@gnu.org Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1640891154; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=+/9GUyX4vVJLsNAkdtCGq3qM+Eii6wZaaMqrg41N7FQ=; b=uFe7XMUxKZw8sOlvCaOEGk3n4Fn16B8CRBhnAju1bf3cOLcUPhvrfJzempN5dr8fLnafBH KWiohMyaMGTHPbd38LUoxYgDqtMfIj2W4n9kJYgewMwFpg/nYduTZ9jdorqxIQy9cC8gR/ 8D7tRx4QgdvtsJHJSgsnfbdZq2jhhp77XZyjxjhz8SUmC+q05vW+lcTiqRitCUkP0E0ZIe CkxObRRE7QyJPGuKTx4ZDU9g6+sX4nDIE1py9+ArpC2+aaxUJk+VcTqNEGJf2qAvaA4e6k /kGmaHDbk0/Y6jq6yxuRVsQH4U9Ls8q7IOZRB4rmWG9lS7HR18Evqw2R2etSyA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1640891154; a=rsa-sha256; cv=none; b=PAxJmeOXmSSQAA4ik3w1U5pVS3MnLvE0NKQqzBDUwxJOB+glt+C/JqNZ9e2+5rV/HtBpUJ neweJBXzUtRB8++S6tTncxojzi5hFg4825or2GhSkca+6fTJcTwEY1DgPVNcyeVpAo9zSx VUGdsLXI3RzWMUsDS8QUr3y0AWQB2bEPFqRGEPME603iqAAgeMSWjCyI7Qe3fQ3YxX5Z/V f6CvZZZ+qD8SMzpe5FopwlgfLY44zkLeCZnP7qkKHspuTcTfbsou+13zLST8+1jK6/ply7 oiUUXEJmXySG+ZmjE4g9CccR3WxIfNg+I0BQDMIpSJ/uoMcjg9JtuNCAGKfW0A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=riseup.net header.s=squak header.b=JWcMDWDx; dmarc=fail reason="SPF not aligned (relaxed)" header.from=riseup.net (policy=none); spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.07 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=riseup.net header.s=squak header.b=JWcMDWDx; dmarc=fail reason="SPF not aligned (relaxed)" header.from=riseup.net (policy=none); spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: B4BDB208C5 X-Spam-Score: -2.07 X-Migadu-Scanner: scn1.migadu.com X-TUID: yptQKfVgzxQF On Wed, 29 Dec 2021 11:04:39 +0000 Paul Jewell wrote: > On 29/12/2021 00:50, raingloom wrote: > > On Tue, 28 Dec 2021 18:39:52 +0000 > > Paul Jewell wrote: > > > >> On 27/12/2021 23:20, Leo Famulari wrote: > >>> On Mon, Dec 27, 2021 at 10:07:17PM +0000, Paul Jewell wrote: > >>>> Solved this - nmtui needs to be run as root; my script which > >>>> invoked the program didn't consider that. Changing it to run as > >>>> sudo gives me an opportunity to enter my password, and then > >>>> successfully setup the wifi interface details. > >>> Another option is to add nmtui to the list of programs that are > >>> setuid. That way, any user on your system could configure wifi, > >>> which may be more ergonomic. > >>> > >>> https://guix.gnu.org/manual/devel/en/html_node/Setuid-Programs.html > >>> > >> This option did work as expected. The only additional point for > >> anyone else coming across this post with the same issue: remember > >> to add the > >> > >> #:use-module (gnu system setuid) > >> > >> so the setuid record is known. > >> > >> Thanks Leo! > > Uhm, I'm pretty sure NetworkManager lets any user modify networking > > settings as long as they are in a certain group? > > https://wiki.archlinux.org/title/NetworkManager#Set_up_PolicyKit_permissions > > > > At least that's how it is on postmarketOS and I'm also fairly > > certain I never needed root access to set up WiFi under Guix > > either, but I don't have a system at hand to verify that on. > > I did also think this, but I couldn't identify which group would let > this happen. I thought it would be the netdev group, but my user > account is already a member of that group. The network group is > unknown to the system (as in I had an error when trying to add the > user to the supplementary group) so I added it, but it didn't have > any effect (after rebooting). If there is another group I should be > in, I am not sure how to find out. At the moment, the setuid approach > seems to work OK (although I would prefer a group solution!). > > I am interested in anyone else's experience! It might be that everyone else is including some default configuration for NetworkManager and we aren't. At the very least it should be documented how to set it up to use groups. CC-ing bugs-guix