--- "Mikkel L. Ellertson" <mikkel@xxxxxxxxxxxxxxxx> wrote: > What happens if you run "/sbin/ifconfig eth0" instead of > "/sbin/ifconfig eth0 down"? Is the permission denied message about > running ifconfig or about trying to bring down eth0? There are times > when the information presented by ifconfig is useful to a normal > user, even though you can not change the settings. > As non-root, you're allowed to view the information, but not change the status of the network interface. So the command /sbin/ifconfig eth0 works as non-root. > One thing I think you are missing is that keeping these commands off > a normal user's path is not really a security measure. It is more a > matter of keeping them out of the way of people that would not > normally need access to them. Chances are, they are not going to > stumble across them by accident, but they are there if you do need > to use them. The security is that most actions by the commands > require root permissions. The information function of the commands > still works for normal users. I don't think I'm missing anything. Actually we mostly agree. However, I do most of my system work from a normal user account, using "sudo" when I need to run something as root. It's easily fixed, but an annoyance, when I set up a new system, and ifconfig and other /sbin and /usr/sbin commands don't work initially. > > Mikkel === Al
