我编写了一个 .sh 和 .exp 脚本的组合:
- 激活VPN连接
- 连接到远程服务器
- 从服务器下载一些文件
- 停用 VPN 连接
该脚本应该按计划运行。我用于nmcli激活和停用连接。如果我手动运行脚本,它可以正常工作,但如果我通过运行此脚本cron,我会收到消息(关于 vpn conn 激活):Error: Connection activation failed: Not authorized to control networking.
在日志中我看到该脚本是从我下面运行的:
Dec 6 18:48:01 maskalev-Aspire-A514-54 CRON[10975]: (maskalev) CMD (./dev/promomed/__DRAFTS__/utils/sftp_monitor/main.sh)
我的小组:
maskalev@maskalev-Aspire-A514-54:~$ groups
maskalev root adm cdrom sudo dip plugdev netdev lpadmin lxd sambashare docker
nmcli 权限
maskalev@maskalev-Aspire-A514-54:~$ nmcli general permissions
PERMISSION VALUE
org.freedesktop.NetworkManager.checkpoint-rollback auth
org.freedesktop.NetworkManager.enable-disable-connectivity-check yes
org.freedesktop.NetworkManager.enable-disable-network yes
org.freedesktop.NetworkManager.enable-disable-statistics yes
org.freedesktop.NetworkManager.enable-disable-wifi yes
org.freedesktop.NetworkManager.enable-disable-wimax yes
org.freedesktop.NetworkManager.enable-disable-wwan yes
org.freedesktop.NetworkManager.network-control yes
org.freedesktop.NetworkManager.reload auth
org.freedesktop.NetworkManager.settings.modify.global-dns auth
org.freedesktop.NetworkManager.settings.modify.hostname auth
org.freedesktop.NetworkManager.settings.modify.own yes
org.freedesktop.NetworkManager.settings.modify.system yes
org.freedesktop.NetworkManager.sleep-wake no
org.freedesktop.NetworkManager.wifi.scan yes
org.freedesktop.NetworkManager.wifi.share.open yes
org.freedesktop.NetworkManager.wifi.share.protected yes
我想我对启用禁用网络感兴趣,不是吗?
你有什么想法吗?
也许我可以通过其他方式解决这个问题(主要是激活VPN)?
操作系统——Ubuntu 22.04
答案1
谢谢@木丁寻求建议(8个月后我又回到这个问题)!
我做了什么。首先,我比较了nmcli general permissions从终端启动和从 cron 启动的输出。
从终端(我的权限)
PERMISSION VALUE
org.freedesktop.NetworkManager.checkpoint-rollback auth
org.freedesktop.NetworkManager.enable-disable-connectivity-check yes
org.freedesktop.NetworkManager.enable-disable-network yes
org.freedesktop.NetworkManager.enable-disable-statistics yes
org.freedesktop.NetworkManager.enable-disable-wifi yes
org.freedesktop.NetworkManager.enable-disable-wimax yes
org.freedesktop.NetworkManager.enable-disable-wwan yes
org.freedesktop.NetworkManager.network-control yes
org.freedesktop.NetworkManager.reload auth
org.freedesktop.NetworkManager.settings.modify.global-dns auth
org.freedesktop.NetworkManager.settings.modify.hostname auth
org.freedesktop.NetworkManager.settings.modify.own yes
org.freedesktop.NetworkManager.settings.modify.system yes
org.freedesktop.NetworkManager.sleep-wake no
org.freedesktop.NetworkManager.wifi.scan yes
org.freedesktop.NetworkManager.wifi.share.open yes
org.freedesktop.NetworkManager.wifi.share.protected yes
来自 cron(cron 的权限或更确切地说是 adm 组用户的权限)
PERMISSION VALUE
org.freedesktop.NetworkManager.checkpoint-rollback auth
org.freedesktop.NetworkManager.enable-disable-connectivity-check no
org.freedesktop.NetworkManager.enable-disable-network no
org.freedesktop.NetworkManager.enable-disable-statistics no
org.freedesktop.NetworkManager.enable-disable-wifi no
org.freedesktop.NetworkManager.enable-disable-wimax no
org.freedesktop.NetworkManager.enable-disable-wwan no
org.freedesktop.NetworkManager.network-control auth
org.freedesktop.NetworkManager.reload auth
org.freedesktop.NetworkManager.settings.modify.global-dns auth
org.freedesktop.NetworkManager.settings.modify.hostname auth
org.freedesktop.NetworkManager.settings.modify.own auth
org.freedesktop.NetworkManager.settings.modify.system no
org.freedesktop.NetworkManager.sleep-wake no
org.freedesktop.NetworkManager.wifi.scan auth
org.freedesktop.NetworkManager.wifi.share.open no
org.freedesktop.NetworkManager.wifi.share.protected no
在我的情况下,我所需要的只是授予网络控制权限。我将x.pkla文件添加到/etc/polkit-1/localauthority/50-local.d/(文档在这里):
[Let adm group modify system settings for network]
Identity=unix-group:adm
Action=org.freedesktop.NetworkManager.network-control
ResultAny=yes
可能是您需要polkit在之后重新加载。
检查输出:
PERMISSION VALUE
org.freedesktop.NetworkManager.checkpoint-rollback auth
org.freedesktop.NetworkManager.enable-disable-connectivity-check no
org.freedesktop.NetworkManager.enable-disable-network no
org.freedesktop.NetworkManager.enable-disable-statistics no
org.freedesktop.NetworkManager.enable-disable-wifi no
org.freedesktop.NetworkManager.enable-disable-wimax no
org.freedesktop.NetworkManager.enable-disable-wwan no
org.freedesktop.NetworkManager.network-control yes
org.freedesktop.NetworkManager.reload auth
org.freedesktop.NetworkManager.settings.modify.global-dns auth
org.freedesktop.NetworkManager.settings.modify.hostname auth
org.freedesktop.NetworkManager.settings.modify.own auth
org.freedesktop.NetworkManager.settings.modify.system no
org.freedesktop.NetworkManager.sleep-wake no
org.freedesktop.NetworkManager.wifi.scan auth
org.freedesktop.NetworkManager.wifi.share.open no
org.freedesktop.NetworkManager.wifi.share.protected no
现在我可以通过 cron 激活(和停用)网络!