At work we have laptops that are used in the field for customer service. We need to connect to customer's wireless access points to test. We do not want NetworkManager saving these connections because over the months we end up with hundreds of connections being stored.

We want the default configuration to be not saving connections. Is that possible?

We want NM only to save a few common connection points.

I notice this can be done using nmcli (persistent/temporary) but I do not see anything about using the nm-applet GUI. Hopefully this is an option staring me in the face and I am blind.

Thanks.

Most of the time you can use the same connection. It should give a list of available access points. You don't need a new connection for each access point.

I don't think that works because NM creates a new wireless connection based on the SSID and password. Perhaps I am missing something.

That's right. Sorry. I guess either script with nmcli, or manually delete the connections after you use them. It might be difficult to incorporate temp connections into the gui, because it would be quite confusing what the actual meaning of 'temporary' is to many users.

maybe cleaning out the directory in question is a good alternative?
maybe at boot?

maybe networkmanager has options to never store these connections - it has LOADS of options, but not many of them are accesible via nm-applet.

but NEVER storing connections will also prove problematic for the users of these laptops.

I am not asking for a redesign of NM. Just asking whether there is currently a way to configure persistent/temporary connections as the default.

Not a "good" alternative but perhaps the only choice.

Users are techs. Storing some connections is sane, but the customer connections are one-time occurrences. The techs might not be at that customer's location again for years. No sense in these one-off connections cluttering the NM editor. With 500+ connections just opening the editor or editing a single connection takes a horribly long time. "Linux" gets blamed for being crappy and slow.

i see.
well, cleaning them out once per reboot sounds like a good compromise/workaround to me.

hack it, store it in the back of your mind, and when the real solution comes along evtl., you can fix it properly.

A security issue with this design is all of the respective connection files contain passwords in clear text. Should such a laptop be compromised or stolen all of those passwords are accessible with a Live USB.

The last Fortune 500 company I worked for encrypted the hard drives of all laptops. New laptops were not allowed off the property until that encryption was done following installation and configuration. It's been too long, so I'm not sure exactly how (what software...maybe PGP?) they used to do that, but every bootup of the laptop required entry of passphrase prior to normal login to the laptop.

I think cleaning up the unwanted connections/files is probably the best way to go...or, alternatively, restoring connections to the "defaults" you want/need to keep.

Alternatively you could use another user for off-site connections. Perhaps a site specific user. Probably too much for mere users.

I tend to not use network-manager. Although I'll use nmtui for "others" laptops. Partly old habits more than a reasonable choice. At home I connect via ethernet to another device that connects to the wifi. In this way changes to the wifi, like new leases only results in a delay, not a disconnect for existing connections. Plus with 4+ devices I'd like to think that my radiation exposure is reduced with all but one using ethernet only. But mostly better positioning for the wifi device and a better connection.

This seems to be the only solution for this horrible security design.

I have mentioned encryption to the owner although we did not discuss in detail or earnest. The laptops are EFI and have Windows 7 preinstalled. Ubuntu got installed by a previous employee who did not consider security and was/is unaware of various Linux related security issues. To encrypt though I think a reinstall is required.

I agree the laptops should be encrypted based on common sense security principles, even if NM was not used. In the field I use my personal laptop for work related tasks because I use encryption and SSH key pairs, passwords, etc. The laptops used at work can't protect me if they suddenly grow legs.

Overall I am really perturbed with NM.

Send that data to a ramdisk maybe. On reboot the info is lost.

Actually, when they "refreshed" a user's laptop (issued a new one), the encryption was the last thing that was done. The OS was setup (Windows 7), the user's files were transferred to the new laptop, any user-specific software not include in the installation installed, THEN the encryption was started...so no, I don't think a reinstall is required -- it's just something you can do anytime, tho, AFAIK, it can't later be undone.

Again, this was a Fortune 500 (maybe 100) company, so they purchased the license to the software (again, I think it was PGP, but not sure)

Sorry I can't help with NetworkManager...

elegant.