Xfce Forum

Jakob77

Member

Registered: 2022-11-03

Posts: 58

[SOLVED] Control of the panel network program by Terminal

Hi.

I use:

Desktop: Xfce v: 4.18.1 tk: Gtk v: 3.24.36 info: xfce4-panel wm: xfwm v: 4.18.0 vt: 7
    dm: LightDM v: 1.26.0 Distro: MX-23.1_x64 Libretto October 15  2023

There is a panel network program with a network icon I have two questions about.

1)

I can control my wifi connection from Terminal with these commands:

Turning it on with full path:

/usr/bin/nmcli c up WiFimodem-connection_name

or just:

nmcli c up WiFimodem-connection_name

And off:

nmcli c down WiFimodem-connection_name

It works very well and I use it in a script many times a day.
I feel safer when I am off line and if possible I even want to take it one step further.
When I right click on the network icon I can deactivate the whole network with a click.

Is there a Terminal command for doing that as well, and if so what is the syntax.?

2)

Back to "nmcli".... I would very much like if I can find a way to make it work with "at" for scheduling the connection moment.
It is mostly for home automation where I just need to download a small file once or twice a day.

This syntax works for most Terminal commands also in scripts but not for "nmcli":

echo "DISPLAY=:0 /usr/bin/nmcli c up WiFimodem-connection_name" | at -M 18:35

It looks like the command is executed at the right moment but nothing happens.

When I use the syntax with different commands from Terminal I always get this output:

warning: commands will be executed using /bin/sh

I wonder if that has something to do with it but I find it hard to believe since other programs runs well.

I have used this command to create a log file:

echo '/usr/bin/nmcli c up WiFimodem-connection_name > /tmp/atcmd.log 2>&1' | at 12:34

And if I translate the content of the log file it goes like this:

Error: Activating the connection failed: Not authorized to control networking.

So how do I move forward from here.?

Thank you in advance.

Last edited by Jakob77 (2024-01-01 11:13:21)

eriefisher

Member

From: ON, Canada

Registered: 2008-10-25

Posts: 415

Re: [SOLVED] Control of the panel network program by Terminal

You don't need Network Manager just to turn off/on your connection.

ifconfig wlan0 down
ifconfig wlan0 up

You can call it with a script, add it to a cron job or just have it start at a particular time of the day. If you ask me though this is a bit overkill. A good firewall will take care of you along with some good user practices. If your behind a router you already have a hardware firewall.

---

Siduction
Debian Sid
Xfce 4.18

Jakob77

Member

Registered: 2022-11-03

Posts: 58

Re: [SOLVED] Control of the panel network program by Terminal

You don't need Network Manager just to turn off/on your connection.

ifconfig wlan0 down
ifconfig wlan0 up

You can call it with a script, add it to a cron job or just have it start at a particular time of the day. If you ask me though this is a bit overkill. A good firewall will take care of you along with some good user practices. If your behind a router you already have a hardware firewall.

Thank you.
That is very interesting but I can't make it work from Terminal.

I install the program:

sudo apt install net-tools

Run the command in Terminal:

ifconfig wlan0 down

And this is the disappointing translated output:

SIOCSIFFLAGS: Operation is not allowed

JayGursky

Member

Registered: 2023-07-04

Posts: 19

Re: [SOLVED] Control of the panel network program by Terminal

There is a more modern tool, ip from iproute2 package.
https://wiki.archlinux.org/title/Networ … n#iproute2

Deprecation of net-tools:
https://archlinux.org/news/deprecation-of-net-tools/

Deprecated Linux networking commands and their replacements (ifconfig):
https://dougvitale.wordpress.com/2011/1 … /#ifconfig

ip link set wlan0 down
ip link set wlan0 up

"Operation not permitted" means it requires root permissions. From non-root terminal, use pkexec:

pkexec ip link set wlan0 down
pkexec ip link set wlan0 up

It's possible to use commands that require root privileges without password via polkit settings:
https://wiki.archlinux.org/title/Polkit … ord_prompt

Jakob77

Member

Registered: 2022-11-03

Posts: 58

Re: [SOLVED] Control of the panel network program by Terminal

There is a more modern tool, ip from iproute2 package.
https://wiki.archlinux.org/title/Networ … n#iproute2

Deprecation of net-tools:
https://archlinux.org/news/deprecation-of-net-tools/

Deprecated Linux networking commands and their replacements (ifconfig):
https://dougvitale.wordpress.com/2011/1 … /#ifconfig

ip link set wlan0 down
ip link set wlan0 up

"Operation not permitted" means it requires root permissions. From non-root terminal, use pkexec:

pkexec ip link set wlan0 down
pkexec ip link set wlan0 up

It's possible to use commands that require root privileges without password via polkit settings:
https://wiki.archlinux.org/title/Polkit … ord_prompt

Thank you.

Your link in the bottom put me out on deep water. lol

I tested "auth_admin_keep" with gparted and it worked.

So I did a search for a sutable action.id with the "pkaction" command.

And I ended up making this file:

/etc/polkit-1/rules.d/49-nopasswd_limited.rules

With this content:

/* Allow members of the sudo group to execute the defined actions 
 * without password authentication, similar to "sudo NOPASSWD:"
 */
polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.NetworkManager.enable-disable-wifi" ||
	 action.id == "org.freedesktop.NetworkManager.enable-disable-network") &&
        subject.isInGroup("sudo"))
    {
        return polkit.Result.YES;
    }
});

I think it looks convincing but maybe I made a stupid mistake or picked the wrong action.ids from the long list because it doesn't work yet.

pkexec ip link set wlan0 down

still asks for password.

And "nmcli" still won't work with "at":

echo "DISPLAY=:0 /usr/bin/nmcli c up WiFimodem-connection_name" | at -M 22:30

And I still think that is very weird since "nmcli" don't need any password when executed alone from Terminal, and "at" don't either when used with other commands.
I can make "at" execute a script, and it will work for all the commands inside the script except "nmcli"

It is not solved yet but I am as usual learning a lot in this forum.
I hope you never run out of good ideas.

Happy New Year to all of you. :-)

Jakob77

Member

Registered: 2022-11-03

Posts: 58

Re: [SOLVED] Control of the panel network program by Terminal

I must have picked the wrong action.id.
From the 35 lines with the word "net"  in the "pkaction" output I picked 11 and brutally put them all in the file:

/* Allow members of the sudo group to execute the defined actions 
 * without password authentication, similar to "sudo NOPASSWD:"
 */
polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.NetworkManager.enable-disable-wifi" ||
	 action.id == "org.freedesktop.NetworkManager.enable-disable-network" ||
	 action.id == "org.freedesktop.NetworkManager.enable-disable-wwan" ||
	 action.id == "org.freedesktop.NetworkManager.network-control" ||
	 action.id == "org.freedesktop.NetworkManager.reload" ||
	 action.id == "org.freedesktop.NetworkManager.wifi.share.open" ||
	 action.id == "org.freedesktop.NetworkManager.wifi.share.protected" ||
	 action.id == "org.freedesktop.NetworkManager.wifi.share.open" ||
	 action.id == "org.freedesktop.NetworkManager.sleep-wake" ||
	 action.id == "org.freedesktop.network1.reload" ||
	 action.id == "net.reactivated.fprint.device.verify") &&
        subject.isInGroup("sudo"))
    {
        return polkit.Result.YES;
    }
});

And then "at" works with "nmcli":

echo "DISPLAY=:0 /usr/bin/nmcli c up WiFimodem-connection_name" | at -M 11:52

So now I just need to exclude action.ids one at a time and test until I find the one I really need.

Thank you again. I sense it is going to be a great year for Xfce.! :-))

Edit:

It turns out the only "action.id" I need to make "nmcli" and "at" work together is this one:

org.freedesktop.NetworkManager.network-control

The other commands are still not working, but they are not as important so they can be explored later.

Last edited by Jakob77 (2024-01-01 13:31:02)