sudo not working

Mike Lovell mike at dev-zero.net
Tue Jan 17 09:20:23 MST 2012


On 01/16/2012 11:57 PM, Make Compile wrote:
> when i logged in using andrew's credential, and try issuing the command /sbin/ifconfig the user andrew can still view ip settings. any ideas? is this normal? Thanks

are you trying to make it so that 'andrew' can't see how any interface 
is configured? if so, i don't think configuring specifics for ifconfig 
in sudo is going to help because a user can execute ifconfig without 
sudo and still be able to read settings. also, there are multiple other 
ways to find out things like what ip addresses there are, what the mac 
address of an interface is, and other interface settings. `ip addr list` 
doesn't require elevated privileges and will show ip addresses. 
/sys/class/net/<interface>/ has lots of information that can be read. 
except for maybe something like some selinux or apparmor config, i'm not 
sure you would be able to prevent a user from seeing what ip settings 
there are.

mike


More information about the PLUG mailing list