Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 100475 - ifup/ifdown have permission problems when run as user
Summary: ifup/ifdown have permission problems when run as user
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux Beta
Classification: Retired
Component: redhat-config-network
Version: beta1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact: Brock Organ
URL:
Whiteboard:
Depends On:
Blocks: CambridgeTarget
TreeView+ depends on / blocked
 
Reported: 2003-07-22 19:54 UTC by Eric Bourque
Modified: 2007-04-18 16:55 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2003-10-27 13:32:15 UTC
Embargoed:

Attachments (Terms of Use)

Description Eric Bourque 2003-07-22 19:54:15 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030703

Description of problem:
After configuring an interface to be able to be activated and deactivated by
users, I tried running ifup and ifdown as an unpriviledged user. Here's the
output from each:

[ericb@miles ericb]$ /sbin/ifup eth1
/sbin/ifup: line 47: ifcfg-eth1: Permission denied
                                                                                
Determining IP information for eth1...save_previous /etc/resolv.conf
 done.

[ericb@miles ericb]$ /sbin/ifdown eth1
/sbin/ifdown: line 47: ifcfg-eth1: Permission denied

Despite the warnings, the interface seems to have been brought up and down properly.

Version-Release number of selected component (if applicable):
initscripts-7.28-1

How reproducible:
Always

Steps to Reproduce:
1. configure an interface for activation by users
2. use ifup/ifdown to activate/deactivate the interface
3.
    

Actual Results:  Worked, but displayed permissions warnings.

Expected Results:  To work, without permission warnings.

Additional info:
Comment 1 Bill Nottingham 2003-07-22 19:57:40 UTC 
How did you create the interface configurations?
Comment 2 Eric Bourque 2003-07-22 20:04:56 UTC 
I created the interface by using System Settings -> Network, and then adding a
new device (wireless pcmcia adapter) and clicking on the "allow users to enable
and disable the device" which works fine for me under RH9.
Comment 3 Bill Nottingham 2003-07-22 22:16:11 UTC 
What does 'ls -l /etc/sysconfig/network-scripts' say?
Comment 4 Eric Bourque 2003-07-23 03:26:06 UTC 
[ericb@miles ericb]$ ls -l /etc/sysconfig/network-scripts
total 196
-rw-r--r--    3 root     root           99 Jul 22 15:35 ifcfg-eth0
-rw-------    3 root     root          348 Jul 22 15:35 ifcfg-eth1
-rw-r--r--    1 root     root          254 Jun 20  2001 ifcfg-lo
lrwxrwxrwx    1 root     root           20 Jul 22 14:00 ifdown ->
../../../sbin/ifdown
-rwxr-xr-x    1 root     root         1026 Jan 23  2001 ifdown-aliases
-rwxr-xr-x    1 root     root          372 Jun  5 14:14 ifdown-cipcb
-rwxr-xr-x    1 root     root          820 Mar 11  2002 ifdown-ippp
-rwxr-xr-x    1 root     root         1285 Jul  2 21:32 ifdown-ipsec
-rwxr-xr-x    1 root     root         4076 Nov 11  2002 ifdown-ipv6
lrwxrwxrwx    1 root     root           11 Jul 22 14:00 ifdown-isdn -> ifdown-ippp
-rwxr-xr-x    1 root     root         1137 Jun 27 16:37 ifdown-post
-rwxr-xr-x    1 root     root         1056 Jun 26  2002 ifdown-ppp
-rwxr-xr-x    1 root     root         1568 Nov 11  2002 ifdown-sit
-rwxr-xr-x    1 root     root          902 Jun 26  2002 ifdown-sl
lrwxrwxrwx    1 root     root           18 Jul 22 14:00 ifup -> ../../../sbin/ifup
-rwxr-xr-x    1 root     root        13137 Feb 20 12:14 ifup-aliases
-rwxr-xr-x    1 root     root         2350 Jun  5 14:14 ifup-cipcb
-rwxr-xr-x    1 root     root        11156 Jul 25  2002 ifup-ippp
-rwxr-xr-x    1 root     root         7479 Jul  2 23:45 ifup-ipsec
-rwxr-xr-x    1 root     root        10128 Jan  7  2003 ifup-ipv6
-rwxr-xr-x    1 root     root          821 Jun 26  2002 ifup-ipx
lrwxrwxrwx    1 root     root            9 Jul 22 14:00 ifup-isdn -> ifup-ippp
-rwxr-xr-x    1 root     root          689 Jun 26  2002 ifup-plip
-rwxr-xr-x    1 root     root          926 Jun 26  2002 ifup-plusb
-rwxr-xr-x    1 root     root         2932 Jun 23 23:10 ifup-post
-rwxr-xr-x    1 root     root         3918 Jan 13  2003 ifup-ppp
-rwxr-xr-x    1 root     root         1191 Jul  1 11:02 ifup-routes
-rwxr-xr-x    1 root     root         3534 Jan  7  2003 ifup-sit
-rwxr-xr-x    1 root     root         1646 Jun 26  2002 ifup-sl
-rwxr-xr-x    1 root     root         2821 Jun 27  2002 ifup-wireless
-rwxr-xr-x    1 root     root         5397 Nov 11  2002 init.ipv6-global
-rw-r--r--    1 root     root         6340 Jul  9 08:39 network-functions
-rw-r--r--    1 root     root        41928 Dec  2  2002 network-functions-ipv6

[ericb@miles ericb]$ ls -l /sbin/ifup
-rwxr-xr-x    1 root     root        11361 Jun 27 16:37 /sbin/ifup
Comment 5 Bill Nottingham 2003-07-23 03:29:45 UTC 
OK, redhat-config-network needs to write the keys into the separate
keys-<whatever> file, and make that not-world readable.
Comment 6 Harald Hoyer 2003-07-23 09:49:23 UTC 
do we have the new initscripts in cambridge?
Comment 7 Bill Nottingham 2003-07-28 19:47:30 UTC 
Yes.
Comment 8 Goetz Kluge 2004-08-13 14:49:45 UTC 
network-functions only is readible by root.
You can make it readible by "others" or by "group".
In the latter case you can assign users to a group and then chgrp this
group to network-functions.
Then those users won't see the "permission denied" anymore.

Goetz

Keys: fedora permission-denied PPPoE ADSL VDSL DSL ifcfg-ppp0
ifcfg-eth0 ifup ifdown
Note You need to log in before you can comment on or make changes to this bug.