5

By default, users that are logged in on the system are able to completely disable network or connection, is there a way to disable this?

Thanks

GioMac
  • 4,544
  • 4
  • 27
  • 41

2 Answers2

1

In my case, I had a particular Network Connection that I didn't want the user disabling, so I prevented NetworkManager from managing that particular network.

In NetworkManager.conf (/etc/NetworkManager/NetworkManager.conf on my system):

[main]
plugins=keyfile # At least keyfile, could have others comma-separated

[keyfile]
unmanaged-devices=mac:66:77:88:99:00:aa;interface-name:eth*

The unmanaged-devices key uses both mac or interface-name; you only need one to indicate that you don't want NetworkManager to manager that connection. Note that the mac key requires lower case letters and that the interface-name key can contain wildcards.

palswim
  • 442
  • 2
  • 6
  • 24
-2

As far as I know you can set up permissions on connections/devices in NetworkManager. To restrict control over the example-connection to user1 and user2:

(sudo) nmcli con mod example-connection connection.permissions user:user1,user2

and verify with 

(sudo) nmcli con show example-connection
 ...
 connection.permissions:   user:user1,user:user2
 ...

and maybe only use root there?
But for servers I always set up static networking so I don't know if that is the proper way of configuring things.

HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • 1
    Tested and it doesn't do that: "Restrict to certain users the access to this connection, and allow the connection to be active only when at least one of the specified users is logged into an active session.". So, connection is inactive, unless root logs in on the desktop session. – GioMac Feb 13 '18 at 21:46