Red Hat Bugzilla – Bug 11539
/sbin/ifup should not allow everyone to bring interface up/down
Last modified: 2014-08-12 08:27:15 EDT
When USERCTL=yes in /etc/sysconfig/network-scripts/ifcfg-iface is set,
everyone on the machine can up/down this interface. This is not good.
I suggest to use group (say, ifctl-iface) of users who is allowed to
control that interface. This can be made compatible with current config:
USERCTL=yes any user can bring iface up/down
USERCTL=no only root can
USERCTL=somegroup only members of `somegroup' can control interface
(i.e. any value over than yes, Yes, no, No should cause getgrnam()
Or, alternatively, only three choices: yes, no or group, and in the
last case, lookup group ifctl-iface.
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Hello, 14-year-old feature request!
This seems like a reasonable idea, even though it was never implemented. The shell based initscripts aren't really getting new development anymore; maybe this could be made into an RFE against NetworkManager instead?
Hehe. Yeah, it's been that long ago. Oh well, and I'm still alive and kicking too, but I moved from redhat to debian long ago as well.
Given the timeframe, I don't think it is worth the effort, even if it seems reasonable. Because, well, no one added their +1 to this bug during all these years.
With Bug #998 closed, I think this officially inherents the crown of "oldest-bug-evar".
Currently we are not using network-scripts by default in fedora and my plan is to remove them completely in 2 or 3 releases in favor of networkd.
So I don't see a point to add new features into them.