Bug 11539 - (oldest-bug-evar) /sbin/ifup should not allow everyone to bring interface up/down
/sbin/ifup should not allow everyone to bring interface up/down
Product: Fedora
Classification: Fedora
Component: initscripts (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Lukáš Nykrýn
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2000-05-20 09:42 EDT by Michael Tokarev
Modified: 2014-08-12 08:27 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-08-12 08:27:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Michael Tokarev 2000-05-20 09:42:05 EDT
When USERCTL=yes in /etc/sysconfig/network-scripts/ifcfg-iface is set,
everyone on the machine can up/down this interface.  This is not good.
I suggest to use group (say, ifctl-iface) of users who is allowed to
control that interface.  This can be made compatible with current config:

 USERCTL=yes       any user can bring iface up/down
 USERCTL=no        only root can
 USERCTL=somegroup only members of `somegroup' can control interface

(i.e. any value over than yes, Yes, no, No should cause getgrnam()

Or, alternatively, only three choices: yes, no or group, and in the
last case, lookup group ifctl-iface.
Comment 1 Fedora Admin XMLRPC Client 2013-09-04 10:49:07 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 2 Matthew Miller 2014-04-22 09:41:36 EDT
Hello, 14-year-old feature request!

This seems like a reasonable idea, even though it was never implemented. The shell based initscripts aren't really getting new development anymore; maybe this could be made into an RFE against NetworkManager instead?
Comment 3 Michael Tokarev 2014-04-22 10:46:58 EDT
Hehe. Yeah, it's been that long ago.  Oh well, and I'm still alive and kicking too, but I moved from redhat to debian long ago as well.

Given the timeframe, I don't think it is worth the effort, even if it seems reasonable.  Because, well, no one added their +1 to this bug during all these years.
Comment 4 Matthew Miller 2014-08-12 07:57:25 EDT
With Bug #998 closed, I think this officially inherents the crown of "oldest-bug-evar".
Comment 5 Lukáš Nykrýn 2014-08-12 08:27:15 EDT
Currently we are not using network-scripts by default in fedora and my plan is to remove them completely in 2 or 3 releases in favor of networkd.

So I don't see a point to add new features into them.

Note You need to log in before you can comment on or make changes to this bug.