Jacobo de Vera’s Weblog

GNOME’s Network Manager Applet has a particularly annoying bug/feature: Only one instance can be running at a particular time. This is a problem when several users have sessions opened at a time, by using the fast user switch feature. It looks like this is annoying a lot of people out there, as you can see from the comments in the bug report.

Precisely in those comments you can see the two scenarios why this bug can annoy you and even upset you:

Scenario 1, as described in comment 11 (annoying):

1. First user logs into PC, network manager starts up and connects to network
2. Second user uses fast-user-switcher to logon, has no icon for network manager
3. Some time later the first user switches back on, and logs out of their account
4. Now, the second user has no network manager, and the network connection is lost. They’ve got no way of re-connecting to the network, save manually starting nm or logging out and logging back on.

Scenario 2, as described in comment 12 (upsetting):

1. User A logs into the machine and connects to network
2. User B logs into the machine
3. User A or user B puts the machine to sleep
4. User B wakes the machine but can no longer connect to the network, user A has to log in for this to work.

I would normally understand that, from a security point of view, a connection started by one user should not be allowed to be changed by another. However, there are some environments where this kind of security is not the main goal. I want all the users in my machine to be able to use the Internet even if I leave my session opened before going to work.

So I conveniently disregarded this security issue and created a workaround to temporarily alleviate the consequences of the bug. This doesn’t solve scenario 1 completely, but at least your users won’t get trapped in scenario 2.

The first solution I thought of, and the one I originally described in this entry, involved writing a small C program with a calle to one of the exec functions, compiling it and seting the user ID bit so that it would be executed as root. This seemed OK except for the fact that it required compiling a C program. Ruyk suggested a better alternative that involved no C at all. This is the one I will describe now.

This is what I did: Give all my users the power to kill the Gnome Network Manager Applet without having to allow them to run sudo (at least not without control) on my machine. After this, they can run the applet again and they will have access to the network.

I did this by editing the file /etc/sudoers by running:

sudo visudo

I added this to the end:

This will allow all users who belong to the group called users to run /usr/bin/killall nm-applet with sudo without being asked for a password. This means that killall will be executed as root, so my other users could kill the nm-applet instance that I have started). Of course, I need to add those users to the users group, I did so by running this for each user name:

usermod -a -G users <username>

But I wanted to make life easier for my users, so I wrote this script that kills any running network manager applet and starts a new one in the current session:

I saved it in a file called nm-force, copied it to /usr/local/bin, made root the owner and allowed everyone to run it:

sudo cp nm-force /usr/local/bin/nm-force
sudo chown root.root /usr/local/bin/nm-force
sudo chmod 0755 /usr/local/bin/nm-force

After all this, you can reproduce scenario 2 and all user B has to do is to hit ALT+F2, type nm-force, and hit Enter. User A won’t have the applet when she logs back in later, but she can do the same as user B to get the applet back. You can also create a launcher for nm-force to make things simpler for your users.

Don’t forget to delete those two files when the bug gets fixed!

Tags: gnome, linux, ubuntu

This entry was posted on Thursday, July 30th, 2009 at 00:01 and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.