nmcheck forbidden brower popup

Asked by Jim Pye

On several desktop Ubuntu 20.04 machines over the last week or so (after patching?) I am getting random popups of the Firefox browser with an obtuse message stating:

Forbidden (can't remember rest as using Kali Linux to write this)

Anyways a forum thread mentions what this is and the fix. However, I think it is a bug that suddenly Ubuntu/Canonical would change a setting that would pop up this message, with very little details on what is going on, especially after sitting back with a nice vino to watch a Netflix movie.

Thread is: https://unix.stackexchange.com/questions/662579/i-get-forbidden-you-dont-have-permission-to-access-on-this-server-every-tim


Serious System Admin and Home user of Ubuntu

Question information

English Edit question
Ubuntu Edit question
No assignee Edit question
Solved by:
Jim Pye
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said :

Do you have the entries mentioned in the stackexchange article, in /etc/NetworkManager/NetworkManager.conf, in the [connectivity] section?

Revision history for this message
Jim Pye (jimpye) said :


It looks like Ubuntu is using the second option mentioned in the article. The files have the following:

NOTE: This is the setting AFTER I switched the option off in the Setting Panel. I don't have a "clean" Desktop to see if this option is not there and therefore it would be using the default configuration.

Let me know if you need more information.







# Internal configuration file. This file is written and read
# by NetworkManager and its configuration values are merged
# with the configuration from 'NetworkManager.conf'.
# Keys with a ".set." prefix specify the value to set.
# A corresponding key with a ".was." prefix records the value
# of the user configuration at the time of storing the file.
# The value from internal configuration is rejected if the corresponding
# ".was." key no longer matches the configuration from 'NetworkManager.conf'.
# That means, if you modify a value in 'NetworkManager.conf', the internal
# overwrite no longer matches and is ignored.
# Certain sections can only be overwritten whole, not on a per key basis.
# Such sections are marked with a ".was" key that records the user configuration
# at the time of writing.
# Internal sections of the form [.intern.*] cannot
# be set by user configuration.


Revision history for this message
Bernard Stafford (bernard010) said (last edit ):

"Firefox browser with an obtuse message stating: "
Do you have the latest Firefox 96.0.1 ?
Perhaps, On Firefox: Settings -> Privacy & Security Tab -> Scroll down to Permissions ->
Block Pop-Up windows Check-mark Box.
Solved no Pop-Up windows in Browser.
Firefox also has a Pop-Up blocker that I use located at 4 horizontal bars top right of screen corner.
Settings -> Add-ons and Themes -> In the search box type: Ghostery
Privacy Ad Blocker - Block ads, stop trackers.
Powerful privacy extension for Firefox.

Revision history for this message
Manfred Hampl (m-hampl) said :

"NOTE: This is the setting AFTER I switched the option off in the Setting Panel."

Does this setting solve your problem?

Revision history for this message
Jim Pye (jimpye) said :

@Bernard - unfortunate choice of terminology. The popup I mention in the title is not a popup caused by a website. This is some application, NetworkManager in this case, actually starting a new browser window, that pops up over all other windows with the forbidden message. So I think privacy setting within the browser itself will not have an impact in this case. Sorry for the confusion.

@Manfred. Yes this setting has stopped the issue. However, we are talking about installations of Ubuntu 20.04 LTS from April 2020 that have never done this before and all of a sudden in the last week or so started to do this. So some change in a patch somewhere has changed a default to suddenly cause this behavior.


Revision history for this message
Manfred Hampl (m-hampl) said :

I am not aware of an update of the network-manager packages in the past few weeks (last change for focal was the update to 1.22.10-1ubuntu2.2 on 2020-11-12).

Is there any output for the command

grep -i -e nmcheck -e uri /etc/NetworkManager/NetworkManager.conf /etc/NetworkManager/conf.d/*.conf /run/NetworkManager/conf.d/*.conf /usr/lib/NetworkManager/conf.d/*.conf /var/lib/NetworkManager/NetworkManager-intern.conf

Revision history for this message
Jim Pye (jimpye) said :

Interesting. Only one hit from those files:


Which looks suspiciously like an Ubuntu config :-)

The website that it is trying to go to and causing the error is nmcheck.gnome.org.


Revision history for this message
Manfred Hampl (m-hampl) said :

As far as I can see that file comes from the package network-manager-config-connectivity-ubuntu.
It only changes the URL but does not enable or disable the connectivity check.

Yet this does not fit to the error message about nmcheck.gnome.org.

I am sorry, I am at my wits' end.

Revision history for this message
Jim Pye (jimpye) said :


This has me stumped too. As a morning task this morning, instead of reading the paper during breakfast, I did some searching on the freedesktop.org gitlab instance. I have learnt a lot more about NetworkManager :-)

One thing I see is there is a contrib area and Redhat/Fedora have some code that points to their connectivity check infrastructure. But nothing mentions gnome.org. There are however A LOT of developers that have a gnome.org email address :-)

I see that this idea of distributors adding to this contrib area is where Ubuntu are putting their configuration I mentioned in #7

Grepping over the /usr directory I do see some binaries coming back. One of interest, but need to get ready for work, is the libnm.so.0.2.0 file.

I will see what further info I can grab and update this.

Cheers and thanks for your input.


Revision history for this message
Jim Pye (jimpye) said :

Update on this. I installed a new Ubuntu 20.04 on an old MacMini (living on the edge) and the popup appeared again. Some additional facts:

It is not a Firefox browser that I first thought, just looks like a pared down one.

I ran a ps while it was running, and then one after I closed it and the differences indicate this:

< 4460 ? S 0:00 /usr/bin/bwrap --args 22 -- /usr/lib/x86_64-linux-gnu/webkit2gtk-4.0/WebKitWebProcess 9 16
< 4461 ? S 0:00 /usr/bin/bwrap --args 22 -- /usr/lib/x86_64-linux-gnu/webkit2gtk-4.0/WebKitWebProcess 9 16
< 4463 ? SLl 0:01 /usr/lib/x86_64-linux-gnu/webkit2gtk-4.0/WebKitWebProcess 9 16

And man page of bwrap says it is a sandboxy/containery thing which going by the options is launching a WebKit sort of library used by Gnome/gtk. So something that is completely behind the scenes until it goes to get http://nmcheck.gnome.org and gets a Forbidden error and pops up.

Still can't find any configuration file with this URI in it, and only thing that has any mention is the binary files I mentioned in #9.

But as the source code does not seem to mention this URI either, somewhere along the compilation trail it is getting added.

Anyways, enough peering under the covers, onto serious work...


Revision history for this message
Manfred Hampl (m-hampl) said :

/usr/bin/bwrap is in the package bubblewrap.
You could consider uninstalling it unless it is a dependency of something else.

What output do you receive for

apt --simulate remove bubblewrap

Revision history for this message
Jim Pye (jimpye) said :

Going by the output of the simulate it wants to remove half of the gnome desktop :-)

I see mentions of Rythmbox, Zenity, Cheese, gnome-shell-extension-appindicator to name a few in the multi-screens full of Remv entries that scrolled past.

So that's not an option.

Revision history for this message
Manfred Hampl (m-hampl) said :

I assume the program responsible isn't bwrap, but WebKitWebProcess from the package libwebkit2gtk-4.0-37 (which cannot be uninstalled either). And furthermore I assume that WebKitWebProcess in turn is triggered by some other program in the list of those that get removed (e.g. mutter, evolution, ...)

Revision history for this message
Jim Pye (jimpye) said :

Some further information... I saw that an update that came through today was updating some of the webkit .so files etc. So I did some pre and post information gathering.

Checking for the mentions of nmcheck in /usr/lib files:

# grep -r -i nmcheck /usr/lib/*
Binary file /usr/lib/x86_64-linux-gnu/libnm.so.0.1.0 matches
Binary file /usr/lib/x86_64-linux-gnu/girepository-1.0/NM-1.0.typelib matches

This did not change after upgrade. However, was not expecting it too.

And running a sha256sum over the files in /usr/lib with gtk in their name using:

# find /usr/lib -name "*gtk*" -type f -exec sha256sum {} \; > before-upgrade-sha256.txt and then one after and running a diff:

# diff before-upgrade-sha256.txt after-upgrade-sha256.txt
< bf3d119bfb8fece810dc075b1d1d61c80a6740aaa54bd86b4c9172f52aa2f81d /usr/lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37.55.6
> 9a951fde5cc444d3e318562ff6c0adb1664685962ca3982d379a8797f45135a5 /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18.19.9
< 7ddd3ec4e8cb7ceb256d959b30b30453e0fce685e7dc698093a6bf975ca158d2 /usr/lib/x86_64-linux-gnu/webkit2gtk-4.0/injected-bundle/libwebkit2gtkinjectedbundle.so
> 38896353b3e8500591d780c91aef287f9091fde7a6f42880c43c69860f958409 /usr/lib/x86_64-linux-gnu/webkit2gtk-4.0/injected-bundle/libwebkit2gtkinjectedbundle.so
< a0f870e972e79e4c101a61a962344b8a39a3961ffd9378562cef07e668ef049e /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18.19.8
> 793248923f4e772251546a1e05e1c86825f7a54deb2855963c06ad6afc1d80ec /usr/lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37.55.7

Which indicates to me

Changed, ie. upgraded
/usr/lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37.55.6 to /usr/lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37.55.7
/usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18.19.8 to /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18.19.9

And the following was changed in-place

I am guessing this will not dampen down the popup, as you say something is calling the webkit infrastructure and it is only doing what it is told to do. But as this popup seems random I will have to leave it and see if it changed anything.