Bug 11539 (oldest-bug-evar) - /sbin/ifup should not allow everyone to bring interface up/down
Summary: /sbin/ifup should not allow everyone to bring interface up/down
Alias: oldest-bug-evar
Product: Fedora
Classification: Fedora
Component: initscripts   
(Show other bugs)
Version: rawhide
Hardware: All Linux
Target Milestone: ---
Assignee: Lukáš Nykrýn
QA Contact:
Keywords: FutureFeature
Depends On:
TreeView+ depends on / blocked
Reported: 2000-05-20 13:42 UTC by Michael Tokarev
Modified: 2014-08-12 12:27 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-08-12 12:27:15 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Michael Tokarev 2000-05-20 13:42:05 UTC
When USERCTL=yes in /etc/sysconfig/network-scripts/ifcfg-iface is set,
everyone on the machine can up/down this interface.  This is not good.
I suggest to use group (say, ifctl-iface) of users who is allowed to
control that interface.  This can be made compatible with current config:

 USERCTL=yes       any user can bring iface up/down
 USERCTL=no        only root can
 USERCTL=somegroup only members of `somegroup' can control interface

(i.e. any value over than yes, Yes, no, No should cause getgrnam()

Or, alternatively, only three choices: yes, no or group, and in the
last case, lookup group ifctl-iface.

Comment 1 Fedora Admin XMLRPC Client 2013-09-04 14:49:07 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 2 Matthew Miller 2014-04-22 13:41:36 UTC
Hello, 14-year-old feature request!

This seems like a reasonable idea, even though it was never implemented. The shell based initscripts aren't really getting new development anymore; maybe this could be made into an RFE against NetworkManager instead?

Comment 3 Michael Tokarev 2014-04-22 14:46:58 UTC
Hehe. Yeah, it's been that long ago.  Oh well, and I'm still alive and kicking too, but I moved from redhat to debian long ago as well.

Given the timeframe, I don't think it is worth the effort, even if it seems reasonable.  Because, well, no one added their +1 to this bug during all these years.

Comment 4 Matthew Miller 2014-08-12 11:57:25 UTC
With Bug #998 closed, I think this officially inherents the crown of "oldest-bug-evar".

Comment 5 Lukáš Nykrýn 2014-08-12 12:27:15 UTC
Currently we are not using network-scripts by default in fedora and my plan is to remove them completely in 2 or 3 releases in favor of networkd.

So I don't see a point to add new features into them.

Note You need to log in before you can comment on or make changes to this bug.