Re: User allowed commands -
Bob Goodwin wrote: Sharpe, Sam J wrote: Bob Goodwin wrote: Can someone tell me how I can arrange to be able to run system-control-network as user bobg. It looks like I should be able to accomplish this via visudo but that is overwhelmingly complex. My objective is to be able to close or open my eth0 internet connection without jumping though hoops. As it stands I have to use system-config-network, enter password, and when the GUI comes up I can then click on "de/activate." Hi, If you want to use sudo the following should work for you visudo and add bobg ALL = NOPASSWD: /usr/bin/system-config-network then sudo system-config-network -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: User allowed commands -
On Wed, 2009-03-18 at 12:19 -0400, Bob Goodwin wrote: > Sharpe, Sam J wrote: > > Bob Goodwin wrote: > >> > >> Can someone tell me how I can arrange to be able to run > >> system-control-network as user bobg. It looks like I should > >> be able to accomplish this via visudo but that is overwhelmingly > >> complex. > >> > >> My objective is to be able to close or open my eth0 internet connection > >> without > >> jumping though hoops. As it stands I have to use system-config-network, > >> enter password, and when the GUI comes up I can then click on > >> "de/activate." > > Two ways to not quite accomplish accomplish roughly what you want: > > > > 1) Allow the user to control the network device - add "USERCTL=yes" in > > /etc/sysconfig/network-scripts/ifcfg-eth0 as documented here: > > http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-networkscripts-interfaces.html > > > > > > > > - but I don't think that will allow you to launch s-c-network as a > > non-root user - i think you'd still have to run "ifup eth0" and > > "ifdown eth0" > > > > 2) add the following to /etc/security/console.apps/system-config-network > > UGROUPS=users (assuming bobg is in the users group) > > > > That will then prompt for bobg's password rather than root - but as > > you object to typing in a password I'm not sure it's great for you. > > > > -- > > Sam > > > None of the above afford me any advantage, all ask me to enter a > password again before permitting me to disconnect which seems like a > negative security feature! It ought to be simpler ... > > ifup/down-eth0 are not valid commands. ifdown-eth is but does not > work. "basename: missing operand" whatever that means? The command is : ifup eth0 or ifdown etho > > The command I would really like to be able to use is > "system-control-network+" which offers two buttons, Activate and > Deactivate plus a Configure button. I haven't been able to find the > file that produces that GUI. > > Thank you for the suggestions. > > Bob > > -- === You know it's going to be a long day when you get up, shave and shower, start to get dressed and your shoes are still warm. -- Dean Webber === Aaron Konstam telephone: (210) 656-0355 e-mail: akons...@sbcglobal.net -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: User allowed commands -
Sharpe, Sam J wrote: > 2) add the following to /etc/security/console.apps/system-config-network > UGROUPS=users (assuming bobg is in the users group) > > That will then prompt for bobg's password rather than root - but as you > object to typing in a password I'm not sure it's great for you. If you also change SESSION=true to SESSION=false, you'll have to only enter the password once and never again. Kevin Kofler -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: User allowed commands -
Rick Stevens wrote: Bob Goodwin wrote: Sharpe, Sam J wrote: Bob Goodwin wrote: Can someone tell me how I can arrange to be able to run system-control-network as user bobg. It looks like I should be able to accomplish this via visudo but that is overwhelmingly complex. My objective is to be able to close or open my eth0 internet connection without jumping though hoops. As it stands I have to use system-config-network, enter password, and when the GUI comes up I can then click on "de/activate." Two ways to not quite accomplish accomplish roughly what you want: 1) Allow the user to control the network device - add "USERCTL=yes" in /etc/sysconfig/network-scripts/ifcfg-eth0 as documented here: http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-networkscripts-interfaces.html - but I don't think that will allow you to launch s-c-network as a non-root user - i think you'd still have to run "ifup eth0" and "ifdown eth0" 2) add the following to /etc/security/console.apps/system-config-network UGROUPS=users (assuming bobg is in the users group) That will then prompt for bobg's password rather than root - but as you object to typing in a password I'm not sure it's great for you. -- Sam None of the above afford me any advantage, all ask me to enter a password again before permitting me to disconnect which seems like a negative security feature! You think asking you to enter a password to alter your network settings is a NEGATIVE security feature? Boy, do you have a warped sense of security. > It ought to be simpler ... ifup/down-eth0 are not valid commands. ifdown-eth is but does not work. "basename: missing operand" whatever that means? The commands are "ifup eth0" or "ifdown eth0" as was shown in Sam's posting. Look closer. The command I would really like to be able to use is "system-control-network+" which offers two buttons, Activate and Deactivate plus a Configure button. I haven't been able to find the file that produces that GUI. The closest is system-config-network and you need to be root to run it--precisely what you don't like. I don't want to scold you, Bob, but when you're futzing with your network settings, not only can you hose your machine but you can cause problems on the local network as well (e.g. force-feeding a duplicate IP onto one of your NICs thereby corrupting your router's ARP cache). At least requiring a root password to prevent normal users from potentially screwing the works up is a reasonable (and I would argue minimal) security restraint. -- - Rick Stevens, Systems Engineer ri...@nerd.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- - If at first you don't succeed, quit. No sense being a damned fool! - -- Yes but it is my machine and if I "hose" it is my problem and I will un-hose it! My concern is that if I see unexplained activity on my gkrellm monitor I should be able to shut down the internet connection immediately without going through a maze of Windows like commands! I just want a direct means of control, with or without a password, best of all would be to have the password displayed on screen as I type so that I can see my typing errors. I live in a virtual vacuum and only the dog and cat see what I am doing! I have no problem with entering passwords as necessary and have probably been doing it fifty times a day setting up this "new" computer the way I want it. At this time it would probably serve to replace this F-9 box which I am reluctant to leave for F-10. Bob -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: User allowed commands -
Rangeen Basu wrote: On Wed, Mar 18, 2009 at 9:49 PM, Bob Goodwin wrote: ifup/down-eth0 are not valid commands. ifdown-eth is but does not work. "basename: missing operand" whatever that means? You didn't get it quite right. Its actually ifup eth0 or ifdown eth0 (not ifup-eth0 notice the dash). Do this as said before: Allow the user to control the network device - add "USERCTL=yes" in /etc/sysconfig/network-scripts/ifcfg-eth0 as documented here: http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-networkscripts-interfaces.html Then run ifup or ifdown with the proper interface name as argument. Normally for wired LAN it is eth0(eth1 for a second card that might be present) Regards Yes! That works as user bobg. I will probably create a script and a button to manipulate things. It is F-10 and I use XFCE ... Thanks for clarifying things for me ... Bob -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: User allowed commands -
Bob Goodwin wrote: Sharpe, Sam J wrote: Bob Goodwin wrote: Can someone tell me how I can arrange to be able to run system-control-network as user bobg. It looks like I should be able to accomplish this via visudo but that is overwhelmingly complex. My objective is to be able to close or open my eth0 internet connection without jumping though hoops. As it stands I have to use system-config-network, enter password, and when the GUI comes up I can then click on "de/activate." Two ways to not quite accomplish accomplish roughly what you want: 1) Allow the user to control the network device - add "USERCTL=yes" in /etc/sysconfig/network-scripts/ifcfg-eth0 as documented here: http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-networkscripts-interfaces.html - but I don't think that will allow you to launch s-c-network as a non-root user - i think you'd still have to run "ifup eth0" and "ifdown eth0" 2) add the following to /etc/security/console.apps/system-config-network UGROUPS=users (assuming bobg is in the users group) That will then prompt for bobg's password rather than root - but as you object to typing in a password I'm not sure it's great for you. -- Sam None of the above afford me any advantage, all ask me to enter a password again before permitting me to disconnect which seems like a negative security feature! You think asking you to enter a password to alter your network settings is a NEGATIVE security feature? Boy, do you have a warped sense of security. > It ought to be simpler ... ifup/down-eth0 are not valid commands. ifdown-eth is but does not work. "basename: missing operand" whatever that means? The commands are "ifup eth0" or "ifdown eth0" as was shown in Sam's posting. Look closer. The command I would really like to be able to use is "system-control-network+" which offers two buttons, Activate and Deactivate plus a Configure button. I haven't been able to find the file that produces that GUI. The closest is system-config-network and you need to be root to run it--precisely what you don't like. I don't want to scold you, Bob, but when you're futzing with your network settings, not only can you hose your machine but you can cause problems on the local network as well (e.g. force-feeding a duplicate IP onto one of your NICs thereby corrupting your router's ARP cache). At least requiring a root password to prevent normal users from potentially screwing the works up is a reasonable (and I would argue minimal) security restraint. -- - Rick Stevens, Systems Engineer ri...@nerd.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- - If at first you don't succeed, quit. No sense being a damned fool! - -- -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: User allowed commands -
On Wed, Mar 18, 2009 at 9:49 PM, Bob Goodwin wrote: > ifup/down-eth0 are not valid commands. ifdown-eth is but does not work. > "basename: missing operand" whatever that means? You didn't get it quite right. Its actually ifup eth0 or ifdown eth0 (not ifup-eth0 notice the dash). Do this as said before: Allow the user to control the network device - add "USERCTL=yes" in /etc/sysconfig/network-scripts/ifcfg-eth0 as documented here: http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-networkscripts-interfaces.html Then run ifup or ifdown with the proper interface name as argument. Normally for wired LAN it is eth0(eth1 for a second card that might be present) Regards -- Rangeen Basu Roy Chowdhury Fedora Ambassador sherry...@gmail.com -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: User allowed commands -
Sharpe, Sam J wrote: Bob Goodwin wrote: Can someone tell me how I can arrange to be able to run system-control-network as user bobg. It looks like I should be able to accomplish this via visudo but that is overwhelmingly complex. My objective is to be able to close or open my eth0 internet connection without jumping though hoops. As it stands I have to use system-config-network, enter password, and when the GUI comes up I can then click on "de/activate." Two ways to not quite accomplish accomplish roughly what you want: 1) Allow the user to control the network device - add "USERCTL=yes" in /etc/sysconfig/network-scripts/ifcfg-eth0 as documented here: http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-networkscripts-interfaces.html - but I don't think that will allow you to launch s-c-network as a non-root user - i think you'd still have to run "ifup eth0" and "ifdown eth0" 2) add the following to /etc/security/console.apps/system-config-network UGROUPS=users (assuming bobg is in the users group) That will then prompt for bobg's password rather than root - but as you object to typing in a password I'm not sure it's great for you. -- Sam None of the above afford me any advantage, all ask me to enter a password again before permitting me to disconnect which seems like a negative security feature! It ought to be simpler ... ifup/down-eth0 are not valid commands. ifdown-eth is but does not work. "basename: missing operand" whatever that means? The command I would really like to be able to use is "system-control-network+" which offers two buttons, Activate and Deactivate plus a Configure button. I haven't been able to find the file that produces that GUI. Thank you for the suggestions. Bob -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: User allowed commands -
Bob Goodwin wrote: Can someone tell me how I can arrange to be able to run system-control-network as user bobg. It looks like I should be able to accomplish this via visudo but that is overwhelmingly complex. My objective is to be able to close or open my eth0 internet connection without jumping though hoops. As it stands I have to use system-config-network, enter password, and when the GUI comes up I can then click on "de/activate." Two ways to not quite accomplish accomplish roughly what you want: 1) Allow the user to control the network device - add "USERCTL=yes" in /etc/sysconfig/network-scripts/ifcfg-eth0 as documented here: http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-networkscripts-interfaces.html - but I don't think that will allow you to launch s-c-network as a non-root user - i think you'd still have to run "ifup eth0" and "ifdown eth0" 2) add the following to /etc/security/console.apps/system-config-network UGROUPS=users (assuming bobg is in the users group) That will then prompt for bobg's password rather than root - but as you object to typing in a password I'm not sure it's great for you. -- Sam -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
