Ubuntu
sudo package

Command runs as standard user but not using sudo from root

Asked by GSO

The following works from a console as a standard_user with adm group rights:

$ nmcli con up id "vpn_service_provider"

But running from root using sudo:

# /usr/bin/sudo -u standard_user -i /usr/bin/nmcli con up id "vpn_service_provider"

Results in the following error:

Error: Connection activation failed: Not authorized to control networking.
Sessions still open, not unmounting

'nmcli' is the command line interface to NetworkManager.

Has anyone any idea on what is going on here?

(The full context to the question can be found here https://answers.launchpad.net/ubuntu/+source/network-manager-openvpn/+question/205253)

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu sudo Edit question
Assignee:
No assignee Edit question
Solved by:
GSO
Solved:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

How about if you run:

sudo -i

Then run the first command, does it give an error?

Revision history for this message
GSO (gsosler-deactivatedaccount) said : 		#2

# sudo -u standard_user -i

and from the shell prompt

$ nmcli con up id "vpn_service_provider"

Gives the same error.

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#3

Just run:

sudo -i

Then run the command....

Revision history for this message
GSO (gsosler-deactivatedaccount) said : 		#4

Running first as the standard_user, and the 'sudo -i':

$ nmcli con up id "vpn_service_provider"
Active connection state: unknown
Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/4
state: VPN connecting (need authentication) (2)
state: VPN connecting (3)
state: VPN connecting (getting IP configuration) (4)
Connection activated

$ nmcli con down id "vpn_service_provider"

$ sudo -i

# /usr/bin/sudo -u standard_user -i /usr/bin/nmcli con up id "vpn_service_provider"
Error: Connection activation failed: Not authorized to control networking.
Sessions still open, not unmounting

Revision history for this message
GSO (gsosler-deactivatedaccount) said : 		#5

That should read btw: Running first as the standard_user, and then 'sudo -i'

The problem is NetworkManager accesses the GNOME key ring for credentials, and as root does not (as far as I can make out) possess a key ring then I need to be able to manage the network via a standard user with admin. rights.

Revision history for this message
GSO (gsosler-deactivatedaccount) said : 		#6

OK, sudoing into the root shell with 'sudo -i':

su standard_user -c '/usr/bin/nmcli con up id "vpn_service_provider"'

Works fine.

I shall test also if this works also from the '/etc/network/if-up.d/' script I need it to work from.

Revision history for this message
GSO (gsosler-deactivatedaccount) said : 		#7

OK, that seems to work fine :)

I shall flag the question as answered unless anyone wants to ponder what is going on here otherwise.

Thanks for your time AW.