I use a command like nmcli connection import type wireguard file wg.conf to create new network
connections on my laptop and server. I’d found that it’s possible to create a new connection on the
Ubuntu 24.04 laptop without entering a password, but my AlmaLinux 10 server always asks me to type
my password to proceed.
I was curious why the behavior differs on different Linux distributions.
NetworkManager relies on Polkit for user access control. It allows execute privileged operations without sudo and SUID bit.
Ubuntu has a file /usr/share/polkit-1/rules.d/org.freedesktop.NetworkManager.rules that allows all
users from sudo and netdev groups to modify system network connections. AlmaLinux has stricter
access control, so there are no such Polkit rules. That is why the system asks to type password to
modify network connections.
It’s possible to duplicate Ubuntu’s behavior for AlmaLinux: just create a file
/etc/polkit-1/rules.d/99-NetworkManager.rules:
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" &&
subject.local && subject.active && subject.isInGroup("wheel")) {
return polkit.Result.YES;
};
});