Visit the LQ Articles and Editorials section
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 03-19-2009, 01:57 AM   #1
Registered: Mar 2008
Posts: 69

Rep: Reputation: 15
allow iftop without shell console


I tried to allow a Linux user to use iftop for monitoring network. The trouble is that iftop doesn't work for users and using sudo allows user to access shell console. Is there a option to restrict user for using shell console from iftop ???

Thanks !
Old 03-19-2009, 08:13 PM   #2
Registered: Aug 2006
Location: Michigan
Distribution: Ubuntu
Posts: 237

Rep: Reputation: 30
I believe there is a way to allow users to do this by editing the sudoers file. But that is for someone far smarter than I.
Old 03-20-2009, 03:55 AM   #3
Registered: May 2001
Posts: 28,826
Blog Entries: 55

Rep: Reputation: 3341Reputation: 3341Reputation: 3341Reputation: 3341Reputation: 3341Reputation: 3341Reputation: 3341Reputation: 3341Reputation: 3341Reputation: 3341Reputation: 3341
Iftop "not working for users" is correct behaviour because it can be used to sniff traffic in promiscuous mode. Allowing unprivileged users to make a network device enter promiscuous mode requires root account rights (CAP_MOD capability IIRC) and exposes information those users may or should not have access to. If you do not like to give users console access for monitoring (set up a separate account that can only execute 'sudo iftop' as login shell) then an alternative solution could be to run iftop through Xinetd or a webserver CGI so users can only access displayed results. Unfortunately iftop will not work that way since it expects to run continuously. There's other interface statistics tools that will display network stats like Ntop. It has a built-in webserver, the trade-off being more dependencies (RRD, GDBM) and configuration compared to KISS-honouring tools like iftop.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
possible to run iftop as non-root? drokmed Linux - Software 3 01-18-2010 10:25 AM
iftop -- unable to get IP address for interface Ramonvel Slackware 3 05-28-2008 07:47 AM
Problems installing iftop jim.thornton Linux - Software 0 01-13-2008 05:44 PM
Network or Samba slow, except when running iftop? Dee-ehn Linux - Hardware 3 09-24-2007 11:58 PM
iftop will not load mahjong Linux - Software 0 10-16-2003 09:27 AM

All times are GMT -5. The time now is 05:09 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration