Bug 100475 - ifup/ifdown have permission problems when run as user
ifup/ifdown have permission problems when run as user
Status: CLOSED RAWHIDE
Product: Red Hat Linux Beta
Classification: Retired
Component: redhat-config-network (Show other bugs)
beta1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Harald Hoyer
Brock Organ
:
Depends On:
Blocks: CambridgeTarget
  Show dependency treegraph
 
Reported: 2003-07-22 15:54 EDT by Eric Bourque
Modified: 2007-04-18 12:55 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-10-27 08:32:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eric Bourque 2003-07-22 15:54:15 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030703

Description of problem:
After configuring an interface to be able to be activated and deactivated by
users, I tried running ifup and ifdown as an unpriviledged user. Here's the
output from each:

[ericb@miles ericb]$ /sbin/ifup eth1
/sbin/ifup: line 47: ifcfg-eth1: Permission denied
                                                                                
Determining IP information for eth1...save_previous /etc/resolv.conf
 done.

[ericb@miles ericb]$ /sbin/ifdown eth1
/sbin/ifdown: line 47: ifcfg-eth1: Permission denied

Despite the warnings, the interface seems to have been brought up and down properly.

Version-Release number of selected component (if applicable):
initscripts-7.28-1

How reproducible:
Always

Steps to Reproduce:
1. configure an interface for activation by users
2. use ifup/ifdown to activate/deactivate the interface
3.
    

Actual Results:  Worked, but displayed permissions warnings.

Expected Results:  To work, without permission warnings.

Additional info:
Comment 1 Bill Nottingham 2003-07-22 15:57:40 EDT
How did you create the interface configurations?
Comment 2 Eric Bourque 2003-07-22 16:04:56 EDT
I created the interface by using System Settings -> Network, and then adding a
new device (wireless pcmcia adapter) and clicking on the "allow users to enable
and disable the device" which works fine for me under RH9.
Comment 3 Bill Nottingham 2003-07-22 18:16:11 EDT
What does 'ls -l /etc/sysconfig/network-scripts' say?
Comment 4 Eric Bourque 2003-07-22 23:26:06 EDT
[ericb@miles ericb]$ ls -l /etc/sysconfig/network-scripts
total 196
-rw-r--r--    3 root     root           99 Jul 22 15:35 ifcfg-eth0
-rw-------    3 root     root          348 Jul 22 15:35 ifcfg-eth1
-rw-r--r--    1 root     root          254 Jun 20  2001 ifcfg-lo
lrwxrwxrwx    1 root     root           20 Jul 22 14:00 ifdown ->
../../../sbin/ifdown
-rwxr-xr-x    1 root     root         1026 Jan 23  2001 ifdown-aliases
-rwxr-xr-x    1 root     root          372 Jun  5 14:14 ifdown-cipcb
-rwxr-xr-x    1 root     root          820 Mar 11  2002 ifdown-ippp
-rwxr-xr-x    1 root     root         1285 Jul  2 21:32 ifdown-ipsec
-rwxr-xr-x    1 root     root         4076 Nov 11  2002 ifdown-ipv6
lrwxrwxrwx    1 root     root           11 Jul 22 14:00 ifdown-isdn -> ifdown-ippp
-rwxr-xr-x    1 root     root         1137 Jun 27 16:37 ifdown-post
-rwxr-xr-x    1 root     root         1056 Jun 26  2002 ifdown-ppp
-rwxr-xr-x    1 root     root         1568 Nov 11  2002 ifdown-sit
-rwxr-xr-x    1 root     root          902 Jun 26  2002 ifdown-sl
lrwxrwxrwx    1 root     root           18 Jul 22 14:00 ifup -> ../../../sbin/ifup
-rwxr-xr-x    1 root     root        13137 Feb 20 12:14 ifup-aliases
-rwxr-xr-x    1 root     root         2350 Jun  5 14:14 ifup-cipcb
-rwxr-xr-x    1 root     root        11156 Jul 25  2002 ifup-ippp
-rwxr-xr-x    1 root     root         7479 Jul  2 23:45 ifup-ipsec
-rwxr-xr-x    1 root     root        10128 Jan  7  2003 ifup-ipv6
-rwxr-xr-x    1 root     root          821 Jun 26  2002 ifup-ipx
lrwxrwxrwx    1 root     root            9 Jul 22 14:00 ifup-isdn -> ifup-ippp
-rwxr-xr-x    1 root     root          689 Jun 26  2002 ifup-plip
-rwxr-xr-x    1 root     root          926 Jun 26  2002 ifup-plusb
-rwxr-xr-x    1 root     root         2932 Jun 23 23:10 ifup-post
-rwxr-xr-x    1 root     root         3918 Jan 13  2003 ifup-ppp
-rwxr-xr-x    1 root     root         1191 Jul  1 11:02 ifup-routes
-rwxr-xr-x    1 root     root         3534 Jan  7  2003 ifup-sit
-rwxr-xr-x    1 root     root         1646 Jun 26  2002 ifup-sl
-rwxr-xr-x    1 root     root         2821 Jun 27  2002 ifup-wireless
-rwxr-xr-x    1 root     root         5397 Nov 11  2002 init.ipv6-global
-rw-r--r--    1 root     root         6340 Jul  9 08:39 network-functions
-rw-r--r--    1 root     root        41928 Dec  2  2002 network-functions-ipv6

[ericb@miles ericb]$ ls -l /sbin/ifup
-rwxr-xr-x    1 root     root        11361 Jun 27 16:37 /sbin/ifup
Comment 5 Bill Nottingham 2003-07-22 23:29:45 EDT
OK, redhat-config-network needs to write the keys into the separate
keys-<whatever> file, and make that not-world readable.
Comment 6 Harald Hoyer 2003-07-23 05:49:23 EDT
do we have the new initscripts in cambridge?
Comment 7 Bill Nottingham 2003-07-28 15:47:30 EDT
Yes.
Comment 8 Goetz Kluge 2004-08-13 10:49:45 EDT
network-functions only is readible by root.
You can make it readible by "others" or by "group".
In the latter case you can assign users to a group and then chgrp this
group to network-functions.
Then those users won't see the "permission denied" anymore.

Goetz

Keys: fedora permission-denied PPPoE ADSL VDSL DSL ifcfg-ppp0
ifcfg-eth0 ifup ifdown

Note You need to log in before you can comment on or make changes to this bug.