Is this a security backdoor?

Question

I just realised nmcli commands don't ask me password for sudo access, but ends up modifying a file under /etc/NetworkManager/system-connections/ which is root-only access.

How is this allowed? What's the mechanism that makes a process change a file that the user doesn't have access to?

Details are, I've got a vpn connection, let's say my-vpn, and run for example:

nmcli c modify my-vpn +ipv4.dns 192.168.1.12

and the /etc/NetworkManager/system-connections/my-vpn file is modified to include the dns.

The authentication mechanism is likely PolicyKit. See for example How can non-admin users connect to Wi-Fi networks?. Members of unix-group:sudo group are given localauthority by default. — steeldriver, Sep 07 '21 at 23:30

score 2 · Accepted Answer · answered Sep 07 '21 at 23:18

No it is not.

From https://wiki.ubuntu.com/Security/Privileges#Use_Network_Manager

All users at the console can manage Ethernet, wireless and 3G networks using Network Manager via DBus. (Ref.: /etc/dbus-1/system.d/NetworkManager.conf, /etc/dbus-1/system.d/nm-applet.conf)

Is this a security backdoor?

1 Answers1