Remove sudo password when connecting to *new* WiFi network

I found success with the following solution in Ubuntu 13.04:

Open /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy with root/sudo privileges and search for the following line:

<message>System policy prevents modification of network settings for all users</message>

A few lines below that should be this:

<allow_active>auth_admin_keep</allow_active>

Change it to:

<allow_active>yes</allow_active>

Save the file and restart your computer.


You can edit system configuration files, but that's brute force. First of all, as a rule of thumb, configuration resides under /etc, not /usr or /var or anywhere else. HarlemSquirrel explained how to do a proper change to the default policy. Editing files under /usr is guaranteed to blow up in your face sooner or later, as those files are provided by system packages, which will be updated/replaced eventually.

But the bigger problem is that these changes are completely unnecessary, as of 18.04 at least. This is a "you're holding it wrong" issue. Actually, it's a usability issue on the NM applet's part, but anyway. Take a look at /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy:

  <action id="org.freedesktop.NetworkManager.settings.modify.system">
    <description>Modify network connections for all users</description>
    <defaults>
      <allow_any>auth_admin_keep</allow_any>
      <allow_inactive>auth_admin_keep</allow_inactive>
      <allow_active>auth_admin_keep</allow_active>
    </defaults>
  </action>

Meaning users can't create connections, right? Wrong! Look further:

  <action id="org.freedesktop.NetworkManager.settings.modify.own">
    <description>Modify personal network connections</description>
    <defaults>
      <allow_any>auth_self_keep</allow_any>
      <allow_inactive>yes</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
  </action>

As you can see, NetworkManager supports the concept of user and system connections. The problem is, the applet creates system connections by default. So when you open the applet on the tray and click Select Network, then select the one you want to connect to, it asks for a sudo user, because creating system connections are only allowed for admins.

BUT if you open the Settings app, go to Wi-Fi and click on the desired network, it'll easily let you connect without admin password. Walk in the park.

Why the applet wants to create system connections by default is beyond me though, especially since you can make a user connection a system one anytime later. It's the Make available to other users option under connection properties, and when you check that and click Apply, it'll immediately ask for sudo password, as it should. I'll try to find a way to make the applet create user connections by default, I'll update this answer if I figured it out.


You can also create a local policy for this

[Let user pupil modify system settings for network]
Identity=unix-user:pupil
Action=org.freedesktop.NetworkManager.settings.modify.system
ResultAny=no
ResultInactive=no
ResultActive=yes

in a file called /etc/polkit-1/localauthority/50-local.d/10-network-manager.pkla.

The advantage here is this can be a single command and usable in a script!

printf "[Let user pupil modify system settings for network]\nIdentity=unix-user:pupil\nAction=org.freedesktop.NetworkManager.settings.modify.system\nResultAny=no\nResultInactive=no\nResultActive=yes" | sudo tee /etc/polkit-1/localauthority/50-local.d/10-network-manager.pkla

Reference: Ubuntu Manpage:pklocalauthority


How To Resolve the Error: System policy prevents modification of network settings for all users

There is a critical step missing from an answer above, so I am including it here. :)

This works in Ubuntu 14.04 LTS & 16.04 LTS

  1. Open Terminal

  2. su to root

    su -
    
  3. Type the following:

    nano /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy
    
  4. Towards the end of the file, find the section labeled:

    <action id="org.freedesktop.NetworkManager.settings.modify.system">
    
  5. At the the bottom of the org.freedesktop.NetworkManager.settings.modify.system Section, locate the following line of code:

    <allow_active>auth_admin_keep</allow_active>
    
  6. Change this line to read as follows:

    <allow_active>yes</allow_active>
    
  7. Save the file using:

    ^X
    
  8. Answer "Save modified buffer (ANSWERING "No" WILL DESTROY CHANGES) ?" by Typing:

    Y
    
  9. Hit Enter when prompted with:

    File Name to Write: /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy
    
  10. Restart.

:)


This isn't really the fix I was hoping for but one workaround I've found is just to disable NetworkManager all-together and instead use Wicd.

First stop NetworkManager from running at startup:

sudo gedit /etc/NetworkManager/NetworkManager.conf

then # out the managed line. Also # out #start on (local-filesystems and started dbus) from /etc/init/network-manager.conf . Then just to make double sure

sudo mv /etc/init/network-manager.conf /etc/init/network-manager.conf-disabled
sudo mv /etc/xdg/autostart/nm-applet.desktop /etc/xdg/autostart /nm-applet.desktop.disabled  

Now can just use Wicd and no password prompts needed it seems.