Bug 11539 (oldest-bug-evar)

Summary: /sbin/ifup should not allow everyone to bring interface up/down
Product: [Fedora] Fedora Reporter: Michael Tokarev <mjt>
Component: initscriptsAssignee: Lukáš Nykrýn <lnykryn>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: fweimer, initscripts-maint-list, mattdm
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-08-12 12:27:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael Tokarev 2000-05-20 13:42:05 UTC 
When USERCTL=yes in /etc/sysconfig/network-scripts/ifcfg-iface is set,
everyone on the machine can up/down this interface.  This is not good.
I suggest to use group (say, ifctl-iface) of users who is allowed to
control that interface.  This can be made compatible with current config:

 USERCTL=yes       any user can bring iface up/down
 USERCTL=no        only root can
 USERCTL=somegroup only members of `somegroup' can control interface

(i.e. any value over than yes, Yes, no, No should cause getgrnam()
call)

Or, alternatively, only three choices: yes, no or group, and in the
last case, lookup group ifctl-iface.
Comment 1 Fedora Admin XMLRPC Client 2013-09-04 14:49:07 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 2 Matthew Miller 2014-04-22 13:41:36 UTC 
Hello, 14-year-old feature request!

This seems like a reasonable idea, even though it was never implemented. The shell based initscripts aren't really getting new development anymore; maybe this could be made into an RFE against NetworkManager instead?
Comment 3 Michael Tokarev 2014-04-22 14:46:58 UTC 
Hehe. Yeah, it's been that long ago.  Oh well, and I'm still alive and kicking too, but I moved from redhat to debian long ago as well.

Given the timeframe, I don't think it is worth the effort, even if it seems reasonable.  Because, well, no one added their +1 to this bug during all these years.
Comment 4 Matthew Miller 2014-08-12 11:57:25 UTC 
With Bug #998 closed, I think this officially inherents the crown of "oldest-bug-evar".
Comment 5 Lukáš Nykrýn 2014-08-12 12:27:15 UTC 
Currently we are not using network-scripts by default in fedora and my plan is to remove them completely in 2 or 3 releases in favor of networkd.

So I don't see a point to add new features into them.