Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
At work we have laptops that are used in the field for customer service. We need to connect to customer's wireless access points to test. We do not want NetworkManager saving these connections because over the months we end up with hundreds of connections being stored.
We want the default configuration to be not saving connections. Is that possible?
We want NM only to save a few common connection points.
I notice this can be done using nmcli (persistent/temporary) but I do not see anything about using the nm-applet GUI. Hopefully this is an option staring me in the face and I am blind.
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524
Rep:
Most of the time you can use the same connection. It should give a list of available access points. You don't need a new connection for each access point.
Last edited by AwesomeMachine; 06-02-2018 at 01:01 PM.
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524
Rep:
That's right. Sorry. I guess either script with nmcli, or manually delete the connections after you use them. It might be difficult to incorporate temp connections into the gui, because it would be quite confusing what the actual meaning of 'temporary' is to many users.
It might be difficult to incorporate temp connections into the gui, because it would be quite confusing what the actual meaning of 'temporary' is to many users.
I am not asking for a redesign of NM. Just asking whether there is currently a way to configure persistent/temporary connections as the default.
Quote:
maybe cleaning out the directory in question is a good alternative?
Not a "good" alternative but perhaps the only choice.
Quote:
but NEVER storing connections will also prove problematic for the users of these laptops.
Users are techs. Storing some connections is sane, but the customer connections are one-time occurrences. The techs might not be at that customer's location again for years. No sense in these one-off connections cluttering the NM editor. With 500+ connections just opening the editor or editing a single connection takes a horribly long time. "Linux" gets blamed for being crappy and slow.
A security issue with this design is all of the respective connection files contain passwords in clear text. Should such a laptop be compromised or stolen all of those passwords are accessible with a Live USB.
A security issue with this design is all of the respective connection files contain passwords in clear text. Should such a laptop be compromised or stolen all of those passwords are accessible with a Live USB.
The last Fortune 500 company I worked for encrypted the hard drives of all laptops. New laptops were not allowed off the property until that encryption was done following installation and configuration. It's been too long, so I'm not sure exactly how (what software...maybe PGP?) they used to do that, but every bootup of the laptop required entry of passphrase prior to normal login to the laptop.
I think cleaning up the unwanted connections/files is probably the best way to go...or, alternatively, restoring connections to the "defaults" you want/need to keep.
Alternatively you could use another user for off-site connections. Perhaps a site specific user. Probably too much for mere users.
I tend to not use network-manager. Although I'll use nmtui for "others" laptops. Partly old habits more than a reasonable choice. At home I connect via ethernet to another device that connects to the wifi. In this way changes to the wifi, like new leases only results in a delay, not a disconnect for existing connections. Plus with 4+ devices I'd like to think that my radiation exposure is reduced with all but one using ethernet only. But mostly better positioning for the wifi device and a better connection.
The last Fortune 500 company I worked for encrypted the hard drives of all laptops.
This seems to be the only solution for this horrible security design.
I have mentioned encryption to the owner although we did not discuss in detail or earnest. The laptops are EFI and have Windows 7 preinstalled. Ubuntu got installed by a previous employee who did not consider security and was/is unaware of various Linux related security issues. To encrypt though I think a reinstall is required.
I agree the laptops should be encrypted based on common sense security principles, even if NM was not used. In the field I use my personal laptop for work related tasks because I use encryption and SSH key pairs, passwords, etc. The laptops used at work can't protect me if they suddenly grow legs.
This seems to be the only solution for this horrible security design.
...
To encrypt though I think a reinstall is required.
...
Actually, when they "refreshed" a user's laptop (issued a new one), the encryption was the last thing that was done. The OS was setup (Windows 7), the user's files were transferred to the new laptop, any user-specific software not include in the installation installed, THEN the encryption was started...so no, I don't think a reinstall is required -- it's just something you can do anytime, tho, AFAIK, it can't later be undone.
Again, this was a Fortune 500 (maybe 100) company, so they purchased the license to the software (again, I think it was PGP, but not sure)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.