RE: network configuration for non root users

To: <debian-user@lists.debian.org>
Subject: RE: network configuration for non root users
From: "Mike Kuhar" <mikewk147@comcast.net>
Date: Wed, 9 Mar 2005 08:35:32 -0500
Message-id: <[🔎] 004901c524ac$de37f070$6301a8c0@mikekuha>
In-reply-to: <[🔎] 422EE95D.2080002@ngi.it>

> -----Original Message-----
> From: Bob Alexander [mailto:bob@ngi.it] 
> Sent: Wednesday, March 09, 2005 7:18 AM
> To: debian-user@lists.debian.org
> Cc: Debian-User
> Subject: Re: network configuration for non root users
> 
> 
> Ron Johnson wrote:
> > On Wed, 2005-03-09 at 12:05 +0100, Bob Alexander wrote:
> > 
> >>My laptop has a root user and my normal "bob" user.
> >>
> >>I currently need to use any "network configuration" command 
> via sudo.
> >>
> >>This includes the setup of my wifi card (AP association, 
> xsupplicant 
> >>and
> >>dhcp for my ath0).
> >>
> >>Is there some better way ?
> > 
> > 
> > How is sudo "bad", or "not good"?
> > 
> 
> Ron,
> I trust sudo more than my bank :)
> 
> I was just wondering if there was some accepted means of 
> assigning the 
> various network command to a group and making the "bob" user 
> belongigng 
> to that.
> 

The reason that the permissions are set the way they are for priviledged
commands is so that the casual user can not run them and potentially
corrupt you machine.  This protection is not only against the casual
user but also any one else that might get onto you machine.  

> I am so used to administering machines that I quite often 
> type ifconfig 
> as bob and am annoyed by not having /sbin on it's path and not being 

You can always add /sbin or any other path to your PATH declaration in
your .bashrc or .profile or whatever .file.  That's not a problem.  But
it won't let you run the priviledges commands unless you change the
permissions, which I DO_NOT_RECOMMEND.  

'sudo <command>' or 'sudo su -' seems to me to be a trivial issue when
compared to the can of worms you could be potentially opening by
altering permissions.  

> authorizied to execute that. I then follow with sudo which 
> fixes things, 
> but it would be more natural if bob could use ifconfig, 
> iwconfing, ifup, 
> ifdown etc etc.
> 
> Hope I managed to explain myself.
> 
> Thanks,
> Bob
> 

However, with ACL (access contol lists) you can extend the power of
permissions setting by giving any individual user or group the ability
to read, write or execute any file on the system, without sacrificing
security.  Read http://www.suse.de/~agruen/acl/linux-acls/online/ for
more details.

-mike

Reply to:

References:
- Re: network configuration for non root users
  - From: Bob Alexander <bob@ngi.it>

Prev by Date: Re: vim reporting a swap file
Next by Date: Re: vim reporting a swap file
Previous by thread: Re: network configuration for non root users
Next by thread: Re: network configuration for non root users
Index(es):
- Date
- Thread