[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: User allowed commands -

Rick Stevens wrote:
Bob Goodwin wrote:
Sharpe, Sam J wrote:
Bob Goodwin wrote:

Can someone tell me how I can arrange to be able to run
system-control-network as user bobg.  It looks like I  should
be able to accomplish this via visudo but that is overwhelmingly complex.

My objective is to be able to close or open my eth0 internet connection
jumping though hoops. As it stands I have to use system-config-network,
enter password, and when the GUI comes up I can then click on
Two ways to not quite accomplish accomplish roughly what you want:

1) Allow the user to control the network device - add "USERCTL=yes" in /etc/sysconfig/network-scripts/ifcfg-eth0 as documented here: http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-networkscripts-interfaces.html

- but I don't think that will allow you to launch s-c-network as a non-root user - i think you'd still have to run "ifup eth0" and "ifdown eth0"

2) add the following to /etc/security/console.apps/system-config-network
UGROUPS=users (assuming bobg is in the users group)

That will then prompt for bobg's password rather than root - but as you object to typing in a password I'm not sure it's great for you.


None of the above afford me any advantage, all ask me to enter a password again before permitting me to disconnect which seems like a negative security feature!

You think asking you to enter a password to alter your network settings
is a NEGATIVE security feature?  Boy, do you have a warped sense of

>  It ought to be simpler ...

ifup/down-eth0 are not valid commands. ifdown-eth is but does not work. "basename: missing operand" whatever that means?

The commands are "ifup eth0" or "ifdown eth0" as was shown in Sam's posting. Look closer.

The command I would really like to be able to use is "system-control-network+" which offers two buttons, Activate and Deactivate plus a Configure button. I haven't been able to find the file that produces that GUI.

The closest is system-config-network and you need to be root to run
it--precisely what you don't like.

I don't want to scold you, Bob, but when you're futzing with your
network settings, not only can you hose your machine but you can cause
problems on the local network as well (e.g. force-feeding a duplicate IP
onto one of your NICs thereby corrupting your router's ARP cache).  At
least requiring a root password to prevent normal users from potentially
screwing the works up is a reasonable (and I would argue minimal) security restraint.
- Rick Stevens, Systems Engineer                      ricks nerd com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
- If at first you don't succeed, quit. No sense being a damned fool! -

Yes but it is my machine and if I "hose" it is my problem and I will un-hose it!

My concern is that if I see unexplained activity on my gkrellm monitor I should be able to shut down the internet connection immediately without going through a maze of Windows like commands! I just want a direct means of control, with or without a password, best of all would be to have the password displayed on screen as I type so that I can see my typing errors. I live in a virtual vacuum and only the dog and cat see what I am doing!

I have no problem with entering passwords as necessary and have probably been doing it fifty times a day setting up this "new" computer the way I want it.

At this time it would probably serve to replace this F-9 box which I am reluctant to leave for F-10.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]