Network accessibility for local user accounts

leon · 10 August 2022 09:09

For testing purposes I added a new user to the system and noticed, that this user can not access remote network destination.

[test@Sailfish ~]$ curl -I https://www.github.com
curl: (6) Could not resolve host: www.github.com

[test@Sailfish ~]$ nslookup www.github.com
net.c:156: socket() failed: Permission denied
net.c:156: socket() failed: Permission denied
(null): can't find either v4 or v6 networking

Looking at all local accounts, it seems that only root, nemo/defaultuser, inet and net_raw have this ability.

What controls such network access and where could I extend the list of users that have access…? Thanks!

ric9k · 10 August 2022 20:58

Maybe into /etc/group ?
No precise idea really.
There is no terminal available with a secondary user either.
But one can use e.g. ToeTerm.

For your commands,

devel-su

is not working but

su

is.

leon · 11 August 2022 20:42

So, what I have: My development Xperia 10 I, does not have any SIM card inserted. I do just use my WIFI. In this scenario the above mentioned behavior can be observed.

A different device with a SIM card inserted and connected to the same WIFI with the same routing table, allows different daemon users to make outbound connections (http/api).

What does the connection manager do differently here? It seems like a regression bug. Any hints?