Yup. I actually use chmod 700. Most the time the interface is up. Except twice it wasn't...
I tried making a script (owned by root) that ran `ifdown eth1 ; ifup eth1` and "set user or group ID on execution (s)" using chmod 6755, but I get: "/sbin/ifdown: failed to open statefile /etc/network/run/ifstate: Permission denied"
Shouldn't it be running as root?
I tried making that file read/write accessable to everyone (chmod 666) but that just caused the next file to give a permission error.
Hm. For now I let anyone run the script with sudo. It works, but I'd prefer if the suid worked and I'd prefer if it worked without.
EDIT: No go. Even with SUID, it failed. With sudo it worked. So I may as well stick to the shell script and sudo.
EDIT: According to Wikipedia:
"Due to the increased likelihood of security flaws, many operating systems ignore the setuid attribute when applied to executable shell scripts."
Is there a work around?
EDIT: Is this safe? I'm thinking of wrapping the ifdown/ifup in a C program and using the system() call. That should be OK, right?
Last edited by yitzle; 03-18-2008 at 10:03 AM.
|