sudo not working
Mike Lovell
mike at dev-zero.net
Tue Jan 17 09:20:23 MST 2012
On 01/16/2012 11:57 PM, Make Compile wrote:
> when i logged in using andrew's credential, and try issuing the command /sbin/ifconfig the user andrew can still view ip settings. any ideas? is this normal? Thanks
are you trying to make it so that 'andrew' can't see how any interface
is configured? if so, i don't think configuring specifics for ifconfig
in sudo is going to help because a user can execute ifconfig without
sudo and still be able to read settings. also, there are multiple other
ways to find out things like what ip addresses there are, what the mac
address of an interface is, and other interface settings. `ip addr list`
doesn't require elevated privileges and will show ip addresses.
/sys/class/net/<interface>/ has lots of information that can be read.
except for maybe something like some selinux or apparmor config, i'm not
sure you would be able to prevent a user from seeing what ip settings
there are.
mike
More information about the PLUG
mailing list