I’m a new user to Fedora and am using Fedora 41 with the most recent updates. I am a Debian 12 user and most things I have found to be the same or similar, however, I cannot figure out how to lock a specific SSID.
In Debian 12 I was able to do this by editing the file /etc/network/interfaces and adding the following lines:
In Debian this locks the connection to a specific SSID and grays out all options in the Network Manager GUI icon in the task bar. After some searching on the web I realized that Fedora does networking differently than Debian and I haven’t been able to figure out how to do this? If anyone can provide some clues or assistance I would appreciate it. Thanks.
Also I posted on this forum:
I’m not sure which is the official forum but this forum looks more active than the one in the link above.
after all that, restart NetworkManager: sudo systemctl restart NetworkManager
edit:
this here is the official community forum, sponsored by the Project. And if you are not yet familiar with all the various resources the Fedora Project is providing, have a look at Fedora Start | The Fedora Project where you can find a lot of useful links. Another important but so much known one is packages.fedoraproject.org. Have fun!
Thank you for taking the time to respond. My apologies but I should have been more clear in what I am trying to achieve here. I want to lock a SSID so that a non admin. user account cannot change to a different network using the GUI. In Debian the commands in the first post worked by locking to one specific SSID and by graying out all the options in the Network Manager GUI so that a user cannot access a different network without a admin. account.
From my search online I did come across nmcli but is there a specific command or commands for nmcli that will allow for a specific SSID while blocking all other SSID. In other words it would be like whitelisting where you block everything and then allow what you want. Hope that is a bit clearer. Thanks again for the help.
Edit:
I was reading through the post made in the Debian forum (see link in first post) and I believe I need to make the connection without using Network Manager unless there is a way to do what I am trying to do through Network Manager. The GUI of the Network Manager is what gives a non admin. account the ability to change a network.
This is the file that has all the options to restrict various (if not all the options in the GUI). After playing around with some of the settings I was able to restrict access to only admin. user for wifi control and editing a connection (this prevents a user from seeing the wifi password).
Two things I changed in the above file:
For the setting:
action id=“org.freedesktop.NetworkManager.network-control”
description>Allow control of network connections</description
Change the allow settings to:
<allow_any>no</allow_any
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin</allow_active>
This will prevent a non admin. user from having control over the wifi connections.
For the setting:
action id=“org.freedesktop.NetworkManager.settings.modify.own”
description>Modify personal network connections</description
Change the allow settings to:
<allow_any>auth_self_keep</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>auth_admin</allow_active>
This will prevent a non admin. user from editing the connections and accessing the wifi password.
I can use the nmcli mentioned previously to auto connect to specific SSIDs and now restrict the GUI the way I want it. I’ve been looking for the file to restrict the NM GUI for years…I knew it had to be somewhere. Anyway thanks all for your help much appreciated and this has been a great forum so far.
Beware that most files under /usr will be overwritten when updating your system. To be sure your customizations are not lost the next time the NetworkManager package is updated, you should store your custom settings in a file under /etc/polkit-1/rules.d as suggested in the earlier link I shared.
FWIW, there is some more documentation about writing custom PolKit rules here.
Thanks for pointing that out. I went back to the first link you posted and looked through it again. That actually was the solution but I just did not understand it when I first read through but I got it to work after looking at it again. Below are step by step instructions in case someone else looking for a similar solution comes across this post.
So I changed everything back to default in the file:
/usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy
Created a file:
sudo nano /etc/polkit-1/rules.d/50-org.freedesktop.NetworkManager.rules
Changed the code in the link from:
polkit.addRule(function(action, subject) {
if (action.id.indexOf(“org.freedesktop.NetworkManager.”) == 0 && subject.isInGroup(“network”)) {
return polkit.Result.YES;
}
});
To:
polkit.addRule(function(action, subject) {
if (action.id.indexOf(“org.freedesktop.NetworkManager.”) == 0 && subject.isInGroup(“nmrestrict”)) {
return polkit.Result.NO;
}
});
Created a group called nmrestrict:
sudo groupadd nmrestrict
And added the user(s) to be restricted:
sudo usermod -aG nmrestrict username
I was able to achieve the same results as the previous method but in this case as you mentioned before it should not be overwritten with an update. Thanks again for the help. Learned a lot today.
Edit -
I tried to replicate this on another computer and it did not work. I realized it was because the spacing was off in the code so best to copy the code from the link and manually make the changes.
You should use markdown syntax to instruct this forum software to preserve the spacing in your example. Just surround your examples with three backticks (```) on the lines immediately before and after the code.
