Otdfbt

What did Darwin mean by 'squib' here?

Why does this iterative way of solving of equation work?

How are presidential pardons supposed to be used?

How does modal jazz use chord progressions?

How to politely respond to generic emails requesting a PhD/job in my lab? Without wasting too much time

How to colour the US map with Yellow, Green, Red and Blue to minimize the number of states with the colour of Green

How should I respond to a player wanting to catch a sword between their hands?

What LEGO pieces have "real-world" functionality?

How to rotate it perfectly?

I'm having difficulty getting my players to do stuff in a sandbox campaign

Estimate capacitor parameters

Why is there no army of Iron-Mans in the MCU?

Writing Thesis: Copying from published papers

If I can make up priors, why can't I make up posteriors?

Classification of bundles, Postnikov towers, obstruction theory, local coefficients

3 doors, three guards, one stone

What do you call a plan that's an alternative plan in case your initial plan fails?

Single author papers against my advisor's will?

Can't figure this one out.. What is the missing box?

What is the largest species of polychaete?

Can I throw a sword that doesn't have the Thrown property at someone?

Windows 10: How to Lock (not sleep) laptop on lid close?

What do you call the holes in a flute?

Antler Helmet: Can it work?

NetworkManager - do not allow user to disable network or connection

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

2

By default, users that are logged in on the system are able to completely disable network or connection, is there a way to disable this?

Thanks

centos7 fedora rhel7 networkmanager

share|improve this question

asked Feb 8 '18 at 11:17

GioMacGioMac

4,04421634

add a comment | 

2

By default, users that are logged in on the system are able to completely disable network or connection, is there a way to disable this?

Thanks

centos7 fedora rhel7 networkmanager

share|improve this question

asked Feb 8 '18 at 11:17

GioMacGioMac

4,04421634

add a comment | 

By default, users that are logged in on the system are able to completely disable network or connection, is there a way to disable this?

Thanks

centos7 fedora rhel7 networkmanager

share|improve this question

asked Feb 8 '18 at 11:17

GioMacGioMac

4,04421634

share|improve this question

asked Feb 8 '18 at 11:17

GioMacGioMac

4,04421634

share|improve this question

asked Feb 8 '18 at 11:17

GioMacGioMac

4,04421634

asked Feb 8 '18 at 11:17

GioMacGioMac

4,04421634

asked Feb 8 '18 at 11:17

GioMacGioMac

4,04421634

2 Answers
2

active

oldest

votes

0

In my case, I had a particular Network Connection that I didn't want the user disabling, so I prevented NetworkManager from managing that particular network.

In NetworkManager.conf (/etc/NetworkManager/NetworkManager.conf on my system):

[main]
plugins=keyfile # At least keyfile, could have others comma-separated

[keyfile]
unmanaged-devices=mac:66:77:88:99:00:aa;interface-name:eth*

The unmanaged-devices key uses both mac or interface-name; you only need one to indicate that you don't want NetworkManager to manager that connection. Note that the mac key requires lower case letters and that the interface-name key can contain wildcards.

share|improve this answer

answered Apr 9 at 20:16

palswimpalswim

2291416

add a comment | 

-1

As far as I know you can set up permissions on connections/devices in NetworkManager. To restrict control over the example-connection to user1 and user2:

(sudo) nmcli con mod example-connection connection.permissions user:user1,user2

and verify with

(sudo) nmcli con show example-connection
 ...
 connection.permissions: user:user1,user:user2
 ... 

and maybe only use root there?

But for servers I always set up static networking so I don't know if that is the proper way of configuring things.

share|improve this answer

answered Feb 8 '18 at 12:39

HBruijnHBruijn

56.4k1190150

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Tested and it doesn't do that: "Restrict to certain users the access to this connection, and allow the connection to be active only when at least one of the specified users is logged into an active session.". So, connection is inactive, unless root logs in on the desktop session.
  
  – GioMac
  Feb 13 '18 at 21:46
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f896292%2fnetworkmanager-do-not-allow-user-to-disable-network-or-connection%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

In my case, I had a particular Network Connection that I didn't want the user disabling, so I prevented NetworkManager from managing that particular network.

In NetworkManager.conf (/etc/NetworkManager/NetworkManager.conf on my system):

[main]
plugins=keyfile # At least keyfile, could have others comma-separated

[keyfile]
unmanaged-devices=mac:66:77:88:99:00:aa;interface-name:eth*

The unmanaged-devices key uses both mac or interface-name; you only need one to indicate that you don't want NetworkManager to manager that connection. Note that the mac key requires lower case letters and that the interface-name key can contain wildcards.

share|improve this answer

answered Apr 9 at 20:16

palswimpalswim

2291416

add a comment | 

0

In my case, I had a particular Network Connection that I didn't want the user disabling, so I prevented NetworkManager from managing that particular network.

In NetworkManager.conf (/etc/NetworkManager/NetworkManager.conf on my system):

[main]
plugins=keyfile # At least keyfile, could have others comma-separated

[keyfile]
unmanaged-devices=mac:66:77:88:99:00:aa;interface-name:eth*

The unmanaged-devices key uses both mac or interface-name; you only need one to indicate that you don't want NetworkManager to manager that connection. Note that the mac key requires lower case letters and that the interface-name key can contain wildcards.

share|improve this answer

answered Apr 9 at 20:16

palswimpalswim

2291416

add a comment | 

In my case, I had a particular Network Connection that I didn't want the user disabling, so I prevented NetworkManager from managing that particular network.

In NetworkManager.conf (/etc/NetworkManager/NetworkManager.conf on my system):

[main]
plugins=keyfile # At least keyfile, could have others comma-separated

[keyfile]
unmanaged-devices=mac:66:77:88:99:00:aa;interface-name:eth*

The unmanaged-devices key uses both mac or interface-name; you only need one to indicate that you don't want NetworkManager to manager that connection. Note that the mac key requires lower case letters and that the interface-name key can contain wildcards.

share|improve this answer

answered Apr 9 at 20:16

palswimpalswim

2291416

[main]
plugins=keyfile # At least keyfile, could have others comma-separated

[keyfile]
unmanaged-devices=mac:66:77:88:99:00:aa;interface-name:eth*

share|improve this answer

answered Apr 9 at 20:16

palswimpalswim

2291416

answered Apr 9 at 20:16

palswimpalswim

2291416

answered Apr 9 at 20:16

palswimpalswim

2291416

-1

As far as I know you can set up permissions on connections/devices in NetworkManager. To restrict control over the example-connection to user1 and user2:

(sudo) nmcli con mod example-connection connection.permissions user:user1,user2

and verify with

(sudo) nmcli con show example-connection
 ...
 connection.permissions: user:user1,user:user2
 ... 

and maybe only use root there?

But for servers I always set up static networking so I don't know if that is the proper way of configuring things.

share|improve this answer

answered Feb 8 '18 at 12:39

HBruijnHBruijn

56.4k1190150

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Tested and it doesn't do that: "Restrict to certain users the access to this connection, and allow the connection to be active only when at least one of the specified users is logged into an active session.". So, connection is inactive, unless root logs in on the desktop session.
  
  – GioMac
  Feb 13 '18 at 21:46
  

  
  
  
  

add a comment | 

-1

As far as I know you can set up permissions on connections/devices in NetworkManager. To restrict control over the example-connection to user1 and user2:

(sudo) nmcli con mod example-connection connection.permissions user:user1,user2

and verify with

(sudo) nmcli con show example-connection
 ...
 connection.permissions: user:user1,user:user2
 ... 

and maybe only use root there?

But for servers I always set up static networking so I don't know if that is the proper way of configuring things.

share|improve this answer

answered Feb 8 '18 at 12:39

HBruijnHBruijn

56.4k1190150

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Tested and it doesn't do that: "Restrict to certain users the access to this connection, and allow the connection to be active only when at least one of the specified users is logged into an active session.". So, connection is inactive, unless root logs in on the desktop session.
  
  – GioMac
  Feb 13 '18 at 21:46
  

  
  
  
  

add a comment | 

As far as I know you can set up permissions on connections/devices in NetworkManager. To restrict control over the example-connection to user1 and user2:

(sudo) nmcli con mod example-connection connection.permissions user:user1,user2

and verify with

(sudo) nmcli con show example-connection
 ...
 connection.permissions: user:user1,user:user2
 ... 

and maybe only use root there?

But for servers I always set up static networking so I don't know if that is the proper way of configuring things.

share|improve this answer

answered Feb 8 '18 at 12:39

HBruijnHBruijn

56.4k1190150

(sudo) nmcli con mod example-connection connection.permissions user:user1,user2

(sudo) nmcli con show example-connection
 ...
 connection.permissions: user:user1,user:user2
 ... 

share|improve this answer

answered Feb 8 '18 at 12:39

HBruijnHBruijn

56.4k1190150

answered Feb 8 '18 at 12:39

HBruijnHBruijn

56.4k1190150

answered Feb 8 '18 at 12:39

HBruijnHBruijn

56.4k1190150