On 01/16/2012 11:57 PM, Make Compile wrote: > when i logged in using andrew's credential, and try issuing the command > /sbin/ifconfig the user andrew can still view ip settings. any ideas? is this > normal? Thanks
are you trying to make it so that 'andrew' can't see how any interface is configured? if so, i don't think configuring specifics for ifconfig in sudo is going to help because a user can execute ifconfig without sudo and still be able to read settings. also, there are multiple other ways to find out things like what ip addresses there are, what the mac address of an interface is, and other interface settings. `ip addr list` doesn't require elevated privileges and will show ip addresses. /sys/class/net/<interface>/ has lots of information that can be read. except for maybe something like some selinux or apparmor config, i'm not sure you would be able to prevent a user from seeing what ip settings there are. mike /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
