Re: User allowed commands -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Bob Goodwin wrote:
Sharpe, Sam J wrote:
Bob Goodwin wrote:

Can someone tell me how I can arrange to be able to run
system-control-network as user bobg.  It looks like I  should
be able to accomplish this via visudo but that is overwhelmingly complex.

My objective is to be able to close or open my eth0 internet connection
without
jumping though hoops. As it stands I have to use system-config-network,
enter password, and when the GUI comes up I can then click on
"de/activate."
Two ways to not quite accomplish accomplish roughly what you want:

1) Allow the user to control the network device - add "USERCTL=yes" in /etc/sysconfig/network-scripts/ifcfg-eth0 as documented here: http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-networkscripts-interfaces.html

- but I don't think that will allow you to launch s-c-network as a non-root user - i think you'd still have to run "ifup eth0" and "ifdown eth0"

2) add the following to /etc/security/console.apps/system-config-network
UGROUPS=users (assuming bobg is in the users group)

That will then prompt for bobg's password rather than root - but as you object to typing in a password I'm not sure it's great for you.

--
Sam

None of the above afford me any advantage, all ask me to enter a password again before permitting me to disconnect which seems like a negative security feature!

You think asking you to enter a password to alter your network settings
is a NEGATIVE security feature?  Boy, do you have a warped sense of
security.

>  It ought to be simpler ...

ifup/down-eth0 are not valid commands. ifdown-eth is but does not work. "basename: missing operand" whatever that means?

The commands are "ifup eth0" or "ifdown eth0" as was shown in Sam's posting. Look closer.

The command I would really like to be able to use is "system-control-network+" which offers two buttons, Activate and Deactivate plus a Configure button. I haven't been able to find the file that produces that GUI.

The closest is system-config-network and you need to be root to run
it--precisely what you don't like.

I don't want to scold you, Bob, but when you're futzing with your
network settings, not only can you hose your machine but you can cause
problems on the local network as well (e.g. force-feeding a duplicate IP
onto one of your NICs thereby corrupting your router's ARP cache).  At
least requiring a root password to prevent normal users from potentially
screwing the works up is a reasonable (and I would argue minimal) security restraint.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks@xxxxxxxx -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
- If at first you don't succeed, quit. No sense being a damned fool! -
----------------------------------------------------------------------

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux