Product SiteDocumentation Site

2.2.4. System-wide and Private Connection Profiles

NetworkManager stores all connection profiles. That is, connection profiles for system-wide use (system connections) as well as all user connection profiles. Access to the connection profiles is controlled by permissions which are stored by NetworkManager. See man nm-settings(5) for more information on the connection settings permissions property. The permissions correspond to the USERS directive in the ifcfg files. If the USERS directive is not present, it means the configuration settings will be used to create a profile available to all users. As an example, the following command in an ifcfg file will make the connection available only to the users listed:
USERS="joe bob alice"
This can also be set using graphical user interface tools. In nm-connection-editor there is the corresponding All users may connect to this network checkbox on the General tab and in the GNOME control-center Network settings Identity window there is the Make available to other users checkbox.
NetworkManager's default policy enables users to create and modify user connections, but requires them to have root privileges to add, modify, or delete system connections. Profiles that should be available at boot time cannot be private because they will not be visible until the user logs in. For example, if user joe creates joe-em2 connection with ONBOOT=yes; USERS=joe, it will not be available at boot time.


Because creating a virtual private network (VPN) involves details considered confidential, it is recommended to configure your personal VPN connections as private by means of the USERS directive in the ifcfg files or by unselecting the checkboxes in the graphical user interface tools mentioned above. If you do so, then other non-root users on the system cannot access these connections, or view their settings, in any way.
Procedure 2.2. Changing a Connection to be User-Specific instead of System-Wide, or Vice-Versa
Depending on the system's policy, you may need root privileges on the system in order to change whether a connection is user-specific or system-wide.
  1. Press the Super key to enter the Activities Overview, type control network and then press Enter. The Network settings tool appears.
  2. Select the type of connection from the left-hand-side menu.
  3. Click on gear wheel icon in the lower right hand side corner. The Network details window appears.
  4. Select the Identity menu entry on the left. The Network window changes to the identity view.
  5. Select the Make available to other users check box to cause NetworkManager to make the connection a system-wide connection. Depending on system policy, you may then be prompted for the root password by the PolicyKit application. If so, enter the root password to finalize the change.
    Conversely, unselect the Make available to other users check box to make the connection user-specific.