Is it possible to add a connection by nmcli command without sudo?

I’m working with a lubuntu 22.04 distribution. I need to execute the following command by a user without root privileges:

> nmcli c add ifname enp3s0 type ethernet con-name 'connection-test'

The output of the previous command is the following:

Error: Failed to add 'connection-test' connection: Insufficient privileges

I have added the user to the group netdev (used the command sudo adduser <username> netdev) as suggested by this post, but the problem is not solved. The post reports this sentences:

On Debian, the "netdev" group gains access to using Network Manager. On Ubuntu, Network Manager access rights are gained by being at the system console, so the name of this entry in gnome-system-tools is misleading.

The "netdev" group can administer wicd and wpasupplicant.

The "netdev" group can set the avahi host name using DBus.

The "netdev" group can administer Bluetooth devices.

This means that on Ubuntu the name of the group netdev is different?

Is it possible to be able for a not root user to execute the nmcli c add command without sudo?


This other post treats the same topic and suggests to create a service, executed with root privilege, which creates the NetworkManager connection.

Asked By: User051209

||

Interface files are part of ifupdown, which is different from the NetworkManager.
NetworkManager is part of the freedesktop while nmcli takes it’s permissions from polkit.

Below I’ll show the file: /etc/polkit-1/localauthority/90-mandatory.d/99-network.pkla; it grants users in netdev access to NetworkManager. This is the content of the file:

[Allow netdev users to modify all network states and settings]
Identity=unix-group:netdev
Action=org.freedesktop.NetworkManager.*
ResultAny=yes
ResultInactive=yes
ResultActive=yes

Adding the previous file, the execution of the command nmcli general permissions will show that regular users have all permssions to yes:

$ nmcli general permissions
PERMISSION                                                        VALUE 
org.freedesktop.NetworkManager.checkpoint-rollback                yes   
org.freedesktop.NetworkManager.enable-disable-connectivity-check  yes   
org.freedesktop.NetworkManager.enable-disable-network             yes   
org.freedesktop.NetworkManager.enable-disable-statistics          yes   
org.freedesktop.NetworkManager.enable-disable-wifi                yes   
org.freedesktop.NetworkManager.enable-disable-wimax               yes   
org.freedesktop.NetworkManager.enable-disable-wwan                yes   
org.freedesktop.NetworkManager.network-control                    yes   
org.freedesktop.NetworkManager.reload                             yes   
org.freedesktop.NetworkManager.settings.modify.global-dns         yes   
org.freedesktop.NetworkManager.settings.modify.hostname           yes   
org.freedesktop.NetworkManager.settings.modify.own                yes   
org.freedesktop.NetworkManager.settings.modify.system             yes   
org.freedesktop.NetworkManager.sleep-wake                         yes   
org.freedesktop.NetworkManager.wifi.scan                          yes   
org.freedesktop.NetworkManager.wifi.share.open                    yes   
org.freedesktop.NetworkManager.wifi.share.protected               yes 

The original answer about topic polkit can be found here:
https://unix.stackexchange.com/q/692316

Answered By: sleepyhead