Is there any way to disable "Automatically connect to this network when available" permanently?
I have so far been able to shut down NetworkManager in Kubuntu, tried installing network-manager-gnome, checked the config files listed with sudo NetworkManager --print-config including the main /etc/NetworkManager/NetworkManager.conf file (adding no-auto-default=* under [main]), and the individual config files per network connection in ll /etc/NetworkManager/system-connections/. Some of these do show autoconnect=false, but I need false to be the default boolean.
There must be a template file in /etc or a config file somewhere for this. I just tried sudo grep -R 'autoconnect=true' /etc and in /usr and /var too, with no luck. Any other location suggestions to try? Or does anyone know where the actual default 'true' setting is stored? Or if there is a place to create such a setting. I realize I could create a conf file for each expected network connection, but I want it off for any and all new connections.
The problem is that it is obviously a security flaw to connect to new networks by default. Also, I want to change the 'All users may connect to this network' to on by default, to stop the KDEWallet popups from interfering with every network change in tandem with the Autoconnect default on. Lastly, bonus if you know how to unset 'Restrict to this device' by default.. why would I want to always limit every network connection to just one device?? ..Thanks!
PS, Im pretty sure this applies to all Buntus.
Edit1: a longer response to @thallers answer below..
I believe the problem is that the 'default' of not specifying is a boolean True. That is the original flaw in the logic. And it could have security problems.
For example, if I have all connection passwords stored in a root protected keyring or wallet, and an attacker gets access to user level operations, all they would have to do is create a new connection to have it be autoconnected to a nearby wifi hotspot with no open authentication.
The safest setting for a default would be False for autoconnect, but I understand the desire to onboard new Ubuntu users with easier network connections (probably important also during first installation). However, there should be at least an option to set False as a default for new profiles. Again, there must be a piece of code somewhere, that says set True if not pre-existing, even if that is deep within the OS structure.
The problem with 'no-auto-default' is you have to know the new profile name in advance is impossible say if I buy a new wifi router.
"Solution: when you drop the file, create it with the autoconnect setting unset." doesn't make logical sense..? That would also default to True..?
Again, I conceded some defaults are just not my preference, but the should be a way to set a default differently. Because of the 'no setting equals True' logic, that appears to not be possible.
Disagree that useful to tie a network to a device.. so if I plug in another wifi dongle to troubleshoot a connection, or heaven forbid just to change it, I should have to drill into a connection setting to allow that..? On the other hand, I do see a security purpose for locking it down, but again, there should be a way to set the default to allow any device. And again, there must me a piece of code for this, unless by defining a 'Restrict device' feature in terms of negative functionality, in tandem with the 'no setting equals True' logic, it is the same problem. So the possible Solution would be to create a patch for an 'Unrestrict device' feature that would default to true. The same may be for the autoconnect, although the underlying logic problem in the first bullet point is likely the root of it.
NetworkManager only connects to a network of you have a profile for it. And NetworkManager does not create profiles, also because it wouldn't know which settings to you. So this security concern seems unwarranted. Yes, if you click in nm-applet, gnome-shell or plasma-nm on a Wi-Fi for which no profile exists, one will be created. But don't click, if you don't want that. And if you accidentally clicked, remove the profile again, that doesn't seem too hurtful.
There is an exception for "NetworkManager does not create profiles". If you didn't configure no-auto-default in NetworkManager.conf, and if you have an Ethernet device without a suitable profile, then NetworkManager will create a profile named 'Wired connection 1'. But if you have a profile, that won't happen. Also, if you delete or modify the generated profile, NM remembers that in /var/lib/NetworkManager/no-auto-default.state file.
Except the no-auto-default case (that you already diabled), NetworkManager does not generate profiles. Connection profiles are in their entirety created by the user (or by some NetworkManager client tool, presumably on behalf of the user). I think the noution that NetworkManager has defaults for properties of a connection profile is not right, and you cannot thus configure a default.
Note there is an exception to this: certain properties allow to be explicitly set to a value that indicates a default, and you can overwrite that default values in NetworkManager.conf. In this case the property of the profile explicitly says to use a default. But that is only implement for certain properties, and would hardly make sense for autoconnect, because those kind of defaults depend on the device (and autoconnect property is independent of a device). See
man NetworkManager.conffor these kinds of connection defaults).Of course, when you use a certain tool to create a profile, that tool may have a default.
For example, if you drop a file to
/etc/Networkmanager/system-connectionsand omit the autoconnect setting, it defaults to true. Solution: when you drop the file, create it with the autoconnect setting unset.Or for example, if you use
nmcli connection addto create a profile, the new profile will be create (by default) with autoconnect enabled. Solution: passautoconnect noon the command line, or use a shell script that helps you, or use an entirely different tool.Or for example, if you create the profile via
nmcli device connect(which creates a profile if none exists) it will be be created with autoconnect enabled. Solution: don't use this way to create the profile or adjust the profile afterward withnmcli connection modify.Or for example, if you create the profile with nm-connection-editor, the GUI is preinitialize to autoconnect automatically. Solution: untick the option before clicking "Save".
Of course, usually you create the profile once with the settings you want, and afterwards just use it. So, have the step of profile creation followed by something like
nmcli connection modify "$PROFILE" autoconnect no.Or even
for U in $(nmcli -g UUID connection) ; do nmcli connection modify uuid $U autoconnect no; done.No, most tools (nmcli, nm-connection-editor) don't allow you to define a default values for settings when creating . Instead, they usually allow you to specify the settings while creating the settings. Or create your own tool. NetworkManager's primary goal is to provide an API for network configuration. Use that API and create the profile as you prefer.
As to why most tools have a certain default and not the other, the answer is that this is usually deemed more useful, what most users would want. It's clear that the default value is nor right for everybody, otherwise the option wouldn't be configurable to begin with. The reasons for tying a profile to a certain interface name (or MAC address) are not very strong, but it's because (unless you set
connection.multi-connect) a profile can only activate once at a time. It seems preferable in that case to tie the profile to on device.Unfortunately the default of
autoconnect=truecan't currently be overridden because it's not defined as such in the Network Manager codebase. See in theinitfunction here [https://github.com/NetworkManager/NetworkManager/blob/master/libnm-core/nm-setting-connection.c#L1728] thatpriv->autoconnectis set toTRUEnot matter what.You could ask for a change to this to allow for it to be overridden by a configuration in either
/etc/NetworkManager/NetworkManager.confor better still something like/etc/NetworkManager/conf.d/default-wifi-autoconnect-false.conf. In that file you'd put something like the following if you wanted to override the default for WiFi devices to not auto-connect ...With a good reason for it the request might get considered.