Hi,
I am a newbie to Linux and I want to create a user which can only execute network config commands like ifconfig and ping(to check the config). The following is what I did but failed.
1) Created a group called 'netconfig'.
2) added a user named 'user'.
3) added user to the 'netconfig' group.
4) Changed the permissions on /bin and /sbin directories so that only groups 'root' and 'netconfig' can Read & execute.
The Result
1) I can execute ping and ifconfig commands when I log on as 'root' and can configure the network(as Default ofcourse).
2) The problem arises when I execute this command and get the following response.
[A]
/bin/ping x.x.x.x [enter]
ping: icmp open socket: Operation not permitted
[B]
/sbin/ifconfig [enter]
eth0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:x.x.x.x Bcast:x.x.x.255 Mask:255.255.255.0
inet6 addr: aaaa::aaaa:aaaa:aaaa:9999/00 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1320 errors:0 dropped:0 overruns:0 frame:0
TX packets:991 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:138423 (135.1 KiB) TX bytes:178569 (174.3 KiB)
Memory:d0200000-d0220000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2343 errors:0 dropped:0 overruns:0 frame:0
TX packets:2343 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2709476 (2.5 MiB) TX bytes:2709476 (2.5 MiB)
[this seems to work fine till I dont execute the following line]
[C]
/sbin/ifconfig eth0 down [enter]
SIOCSIFFLAGS: Permission denied
I have 2 questions
a} Am I at a right path for my goal, i.e. Am I doing right steps for creating a user which has only access to 'ifconfig' and 'ping' command?
b} Is there a better way for creating a restricted user with access to only 2 commands?
Please help with this. Any examples and experiences are welcome.
Thanks in advance,
Ankush Pandit.
ps: Sorry I forgot to mention I am using CentOS 5.2 and I also tried jailkit but failed