ifconfig, with partial user permission, who know how?

Hello everybody,

i would like to partially give user execution permission to ifconfig (i mean without root password), but only for two different options:

Code:
[I]> ifconfig sk0 up[/I]

and

Code:
[I]> ifconfig sk0 down[/I]

and left all other command options untouched (with root execution permission only), is it possible?

Thanks in advance for any answears.
 
Using security/sudo, yes, this is possible. Just create a couple of Cmnd_Alias entries (one for /sbin/ifconfig sk0 up and one for /sbin/ifconfig sk0 down), and a user entry for those commands. The sudoers(5) entry would be similar to:
Code:
Cmnd_Alias IFUP=/sbin/ifconfig sk0 up
Cmnd_Alias IFDOWN=/sbin/ifconfig sk0 down

username  (ALL)=ALL NOPASSWD: IFUP, IFDOWN

Note: not tested, going from memory, so read the man pages and test it before deploying it.

Then, the user would be able to use sudo, without entering a password:
$ sudo ifconfig sk0 up
$ sudo ifconfig sk0 down
 
Note: you can use full commands (including parameters/flags) without 'aliasing', e.g.:

Code:
someuser            ALL=NOPASSWD: /sbin/shutdown -p now,/usr/sbin/vipw

So this should work just as well:

Code:
someuser            ALL=NOPASSWD: /sbin/ifconfig sk0 up,/sbin/ifconfig sk0 down

If those users are already familiar with ifconfig, this may be less difficult to remember ;)
 
Yeah, that works as well. But, if you start adding more than 3 or 4 commands, it starts to get cluttered, and using Cmnd_Alias helps to keep things neat. :)

TMTOWTDI fits well here. :)
 
Thanks Phoenix and DutchDaemon

Hi,

It works! :)

first i installed sudo (i was thinking that it was possible to do it with base system tools .... but i was wrong).

then edited sudoers (/usr/local/etc/sudoers) with visudo (/usr/local/sbin/visudo):

Code:
# visudo -f sudoers

adding, as last line:

Code:
username  ALL=NOPASSWD: /sbin/ifconfig sk0 up, /sbin/ifconfig sk0 down

then to run it as user:

Code:
> sudo ifconfig sk0 up
> sudo ifconfig sk0 down

Forgive me Phoenix, but i didn't add any alias cause: if i have to use it i don't care to type it, and for desktop users i will add a widget to run a shell script to launch them.

Thanks again for help DutchDaemon and Phoenix !! :)
 
No, you don't have to type the literal Cmnd_Alias, so it's not going to be [cmd=]sudo IFUP[/cmd] or [cmd=]sudo IFDOWN[/cmd] ;)

That alias just serves to group commands internally (in the sudoers(5) file -> EXAMPLES section).

In fact, this would work just as well:

Code:
Cmnd_Alias IFCONFIG = /sbin/ifconfig sk0 up, /sbin/ifconfig sk0 down

username  ALL=NOPASSWD: IFCONFIG

This would allow
[cmd=]sudo ifconfig sk0 up[/cmd]
and
[cmd=]sudo ifconfig sk0 down[/cmd]

The IFCONFIG alias just points to the real commands internally. You still type those real commands.
 
Back
Top