4

This might be a security issue. In Ubuntu 14.10, 14.04... under -network connections/edit wi-fi/wi-fi security - my wireless password is shown and it can be seen by anyone who can access my computer.

Can I protect my password? Is there any application which will ask for root access? To whom shall I report this problem?

VRR
  • 1,270
  • 6
    do not use a single account for all users. I suggest you use the guest account for non-trusted users . Lock you screen or log out when you leave your computer. – Panther Mar 10 '15 at 14:18
  • Thanks for the comment, but that is not an option for me. – VRR Mar 21 '15 at 13:17

2 Answers2

6

This is normal - Ubuntu has this out of the box.

What you can do, is restrict access to the actual command that allows you editing network settings, the nm-connnection-editor.

Open terminal with Ctrl + alt + T, and enter the following commands:

  1. ls -l $(sudo which nm-connection-editor) ; This will show current permissions for the nm-connection-editor

2.sudo chmod 700 $(sudo which nm-connection-editor) ; this will change the permissions

  1. Repeat the command #1, to make sure you have changed the permissions. Now try editing the connections.

NOTE : in case you ever want to go back to editing , you will need to enter this command sudo chmod 755 $(sudo which nm-connection-editor) to make the editor accessible again

A.B.
  • 90,397
Sergiy Kolodyazhnyy
  • 105,154
  • 20
  • 279
  • 497
0

Besides the answer provided earlier I was going for a different direction and after some research created another answer.

After creating wi-fi connection the next step would be to edit the keyfile corresponding to it. With root permissions, edit the keyfile which is located in /etc/NetworkManager/system-connections.

Within [wifi-security] section add the psk flag below your password:

psk=yourpassword
psk-flags=1

It is added to make sure the password maintain non visible. Now, the connection's properties cannot be changed without typing the password. The drawback is that Network Manager must be restarted in case you want to disconnect/connect again, otherwise you will have to type in password each time. For that we can use a script, but note you must uncheck autoconnect option with this method. Open text editor and paste following:

#!/bin/bash
if [ "$2" = "down" ];then
    case "$CONNECTION_UUID" in
        12e5ffbb-ec82-465a-a405-04e5072cebba)
        service network-manager restart;;
        *) ;;
    esac
fi
exit 0

Replace UUID from script with the one from your connection (or pipe several for multiple connections). It can be retrieved with nmcli connection show command. Save the script to your home folder and name it restart_wireless. Then move it to /etc/NetworkManager/dispatcher.d folder:

sudo mv '~/restart_wireless' /etc/NetworkManager/dispatcher.d

and change permissions:

sudo chmod 755 '/etc/NetworkManager/dispatcher.d/restart_wireless'

At this point you might experience password being visible after logout/login. It is due to default keyring setting. To prevent this you might add new item to Startup Applications:

/usr/bin/gnome-keyring-daemon --replace --components=secrets

and all pass-phrases will be flushed each time you login. Do this only if you don't have other applications corresponding to your keyring settings.

Restart for effect.

After this procedure Wi-Fi password is not shown in Network Connections:

enter image description here

PROS:

  • password cannot be accessed with command line tools

  • there is no need to alter GNOME Keyring settings

  • ability to use Network connections GUI

  • ability to use Wi-fi connection within Guest session (although it might be interesting to reproduce those restrictions as well)

CONS:

  • cannot use 'Automatically connect to this network when is available' option
  • passwords will be flushed each time on login

Source

VRR
  • 1,270