LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-21-2012, 01:08 PM   #1
davelikesbike
LQ Newbie
 
Registered: Feb 2012
Posts: 5

Rep: Reputation: Disabled
Allowing Chnage IP Access


I want to create a new user and give them very limited access, but the one (and only) thing I want them to be able to do is change system IP address.

How do I create a user and allow them to change the IP address of the box without giving them root or SU?

Cheers!
Dave
 
Old 02-21-2012, 01:28 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,577
Blog Entries: 14

Rep: Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969
Are you saying that at login you want them to change the IP address then exit? Or are you saying in additional to their normal user functions you want them to be able to change the IP address.

For either you'd need to work out the command line syntax to do the modification (or launch the GUI that does the modification) which is different for different distros of Linux. Ideally you'd create a script to do what you want.

To have them do the login, change and exit you can modify their login script (e.g. $HOME/.bashrc) to run an "exec" on the script - this makes it replace the shell with the script and once the script completes and exits it exits completely from the system. (For this to work you also need to disable traps and shell escapes.)

For the normal user setup and addition of IP address change you should setup sudo to run the script/command that does the IP change. Sudo is designed to allow non-root users to run specific root commands as if they were root without actually becoming the root user or needing to know the root password. Typing "man sudo" and "man visudo" will give you more information. The key point if you write a script is to insure that it is only writable by root user so that they can't change it to add other commands. (This also means the script should be in a protected directory so that the user can't change permissions on it.)
 
Old 02-21-2012, 01:40 PM   #3
davelikesbike
LQ Newbie
 
Registered: Feb 2012
Posts: 5

Original Poster
Rep: Reputation: Disabled
Yeah sorry I am new to Linux and did not explain very well.

I created an account on my box for a contractor to be able to login. Then I want him to be able to change the IP on the box for me so that I can remote into it.
So far I have worked out this command:

chmod a+rw /etc/sysconfig/network-scripts/ifcfg-eth0

This allows the user to edit that file and save it. Then he can reboot it by pulling the power.
Is there a way he can apply the new address change without having access to the reboot command?

Cheers!
Dave
 
Old 02-21-2012, 07:56 PM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Code:
service network restart
Do NOT just pull power; very likely cause corruption.

BTW, if it's only changing the IP, you could write script that does that and takes new ip as a param; then make that root only and sudo run just that (& service restart at the end).
 
Old 02-22-2012, 05:18 PM   #5
davelikesbike
LQ Newbie
 
Registered: Feb 2012
Posts: 5

Original Poster
Rep: Reputation: Disabled
Great thanks for that info.

The issue is the standard user is not allowed to run the command "service network restart".
Is there a way I can give him explicit access to that command?

Cheers!
Dave
 
Old 02-23-2012, 10:01 AM   #6
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,577
Blog Entries: 14

Rep: Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969
Yes. As noted previously you can give them access to do sudo. See the sudo and visudo man pages.

After granting access they'd run "sudo service network restart" instead of just "service network restart". That prompts for their login rather than root's but then runs the command as root. (Be sure when specifying the command that you specify the full command and not just "service" to avoid having them do other stop/starts of key services.

Also you can avoid sudo and hard boot altogether by simply having them hit "ctrl-alt-del" on the console. That will perform a soft boot (normal shutdown and restart).
 
Old 02-23-2012, 12:47 PM   #7
davelikesbike
LQ Newbie
 
Registered: Feb 2012
Posts: 5

Original Poster
Rep: Reputation: Disabled
So I have been monkeying around with "nano /etc/sudoers" and adding lines like:

satworker localhost=/sbin/shutdown -r now
satworker ALL = NETWORKING, SERVICES, PROCESSES

But I always get back the same responce:

[trixbox1.localdomain /]# sudo shutdown -r now
sudo: shutdown: command not found
[trixbox1.localdomain /]#

Any help would be great.
Cheers!
Dave
 
Old 02-23-2012, 12:49 PM   #8
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Debian
Posts: 8,576
Blog Entries: 31

Rep: Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195
shutdown is /sbin/shutdown so you either need /sbin in your PATH or to enter /sbin/shutdown
 
Old 02-23-2012, 01:09 PM   #9
davelikesbike
LQ Newbie
 
Registered: Feb 2012
Posts: 5

Original Poster
Rep: Reputation: Disabled
Ahhhhhhh!!!

Thanks Catkin, that did it!
And thanks to all others for your help.

Cheers!
Dave
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
wu-ftpd is allowing access to / rbblue Linux - Networking 7 06-03-2008 04:18 PM
Samba NOT allowing access cucolin@ Linux - Software 4 11-09-2006 04:34 PM
allowing rsh access uerden Linux - Networking 5 11-08-2006 03:15 PM
Allowing only SFTP access vanibhat Linux - Enterprise 8 06-30-2005 03:10 AM
Allowing only certain ip ranges to access squid Menestrel Linux - Networking 2 06-16-2005 05:10 PM


All times are GMT -5. The time now is 06:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration