LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-11-2008, 01:44 PM   #1
markseger
Member
 
Registered: Jul 2003
Posts: 244

Rep: Reputation: 26
How can a non-priv user find a NIC's speed?


Clearly ethtool is the way to go if you have privs, but what if you don't? I didn't see anything in /proc or /sys that jumped out at me, though that doesn't mean it isn't hiding in there somewhere.
-mark
 
Old 01-11-2008, 02:09 PM   #2
lazlow
Senior Member
 
Registered: Jan 2006
Posts: 4,363

Rep: Reputation: 172Reputation: 172
ethtool is USUALLY not a permissions issue in most distros but a path issue. Find or locate ethtool and use the full path to call it. In my case /sbin/ethtool
 
Old 01-11-2008, 02:24 PM   #3
inspiron_Droid
Member
 
Registered: Dec 2006
Distribution: Debian (Wheeze)
Posts: 391

Rep: Reputation: Disabled
Quote:
Originally Posted by lazlow View Post
ethtool is USUALLY not a permissions issue in most distros but a path issue. Find or locate ethtool and use the full path to call it. In my case /sbin/ethtool
ethtool may be found by entering the following command eityher in an xterminal window userally under the applications menu in must distros or by hitting ctrl +alt+fi-f4 to pull up a command line Interface terminal and typing thre following command.

Code:
which ethtool
 
Old 01-11-2008, 04:21 PM   #4
markseger
Member
 
Registered: Jul 2003
Posts: 244

Original Poster
Rep: Reputation: 26
Quote:
Originally Posted by lazlow View Post
ethtool is USUALLY not a permissions issue in most distros but a path issue. Find or locate ethtool and use the full path to call it. In my case /sbin/ethtool
I'm afraid I have to disagree. Have you ever tried running it without permissions? Look at the following (path intentionally included):

[mjs@opteron167]$ /sbin/ethtool eth0
Settings for eth0:
Cannot get device settings: Operation not permitted
Cannot get wake-on-lan settings: Operation not permitted
Current message level: 0x000000ff (255)
Cannot get link status: Operation not permitted

works just fine if I'm root

-mark
 
Old 01-11-2008, 05:03 PM   #5
lazlow
Senior Member
 
Registered: Jan 2006
Posts: 4,363

Rep: Reputation: 172Reputation: 172
Quote:
[fred@localhost ~]$ /sbin/ethtool eth0
Settings for eth0:
Supported ports: [ MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: MII
PHYAD: 9
Transceiver: external
Auto-negotiation: on
Supports Wake-on: g
Wake-on: d
Link detected: yes
Works fine here on both boxes 2 distros.
 
Old 01-11-2008, 05:28 PM   #6
markseger
Member
 
Registered: Jul 2003
Posts: 244

Original Poster
Rep: Reputation: 26
Quote:
Originally Posted by lazlow View Post
Works fine here on both boxes 2 distros.
So how sure are you that this doesn't have setuid enabled? Or that your uid has privs? Or conversely why doesn't mine work?
-mark
 
Old 01-11-2008, 06:40 PM   #7
lazlow
Senior Member
 
Registered: Jan 2006
Posts: 4,363

Rep: Reputation: 172Reputation: 172
Centos 5.1 and Fedora 8 straight out of the box. It has been the same on my installs at least since FC4. To the best of my knowledge I have not done anything special. What distro are you using?
 
Old 01-11-2008, 09:17 PM   #8
markseger
Member
 
Registered: Jul 2003
Posts: 244

Original Poster
Rep: Reputation: 26
Quote:
Originally Posted by lazlow View Post
Centos 5.1 and Fedora 8 straight out of the box. It has been the same on my installs at least since FC4. To the best of my knowledge I have not done anything special. What distro are you using?
I've tried this on lots of redhat distros including RHEL5. Maybe more important is the version of ethtool, which doesn't even have a -v switch! The man page says it's version 5.

I'd think whatever runs on fedora would have made it into RHEL by now. Very odd...

-mark
 
Old 01-12-2008, 09:40 AM   #9
osor
HCL Maintainer
 
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450

Rep: Reputation: 78
Here’s the thing: on a vanilla kernel (2.6.19+) only a few ethtool operations are allowed for users without the CAP_NET_ADMIN privilege. Those operations are (taken from net/core/ethtool.c):
Code:
ETHTOOL_GDRVINFO:    Get driver info
ETHTOOL_GMSGLVL:     Get driver message level
ETHTOOL_GCOALESCE:   Get coalesce config
ETHTOOL_GRINGPARAM:  Get ring parameters
ETHTOOL_GPAUSEPARAM: Get pause parameters
ETHTOOL_GRXCSUM:     Get RX hw csum enable (ethtool_value)
ETHTOOL_GTXCSUM:     Get TX hw csum enable (ethtool_value)
ETHTOOL_GSG:         Get scatter-gather enable (ethtool_value)
ETHTOOL_GSTRINGS:    Get specified string set
ETHTOOL_GTSO:        Get TSO enable (ethtool_value)
ETHTOOL_GPERMADDR:   Get permanent hardware address
ETHTOOL_GUFO:        Get UFO enable (ethtool_value)
ETHTOOL_GGSO:        Get GSO enable (ethtool_value)
ETHTOOL_GFLAGS:      Get flags bitmap(ethtool_value)
ETHTOOL_GPFLAGS:     Get driver-private flags bitmap
All other operations are not permitted to users without the CAP_NET_ADMIN privilege. In particular, the following operations are not permitted:
Code:
ETHTOOL_GSET  Get settings
ETHTOOL_GWOL  Get wake-on-lan options
ETHTOOL_GLINK Get link status (ethtool_value)
So unless Redhat changes their vendor kernel (which they do often) to add other operations to the list, their kernels will have the same operations permitted as any other. The other possibility is that the default setup has given certain capabilities to anyone executing certain files (à la setfcaps).
 
Old 01-13-2008, 08:00 AM   #10
markseger
Member
 
Registered: Jul 2003
Posts: 244

Original Poster
Rep: Reputation: 26
Makes sense to me. So that would then get me back to my original question of how can a non-privileged use tell what the interface speed is?

For what it's worth, and if anyone cares, the problem I'm trying to solve is when I monitor network traffic by looking at /proc/net/dev, and I think this is only on 64 bit systems, it very rarely reports bogus numbers and the only way to really tell they're bogus is that the traffic for that monitoring interval can be a large number. How large? It depends on the previous values of the counters. The most reliable way I can think of to tell a value is bad is if the reported traffic is more than double the speed of the interface and hence my need to know.

-mark
 
Old 01-13-2008, 06:34 PM   #11
osor
HCL Maintainer
 
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450

Rep: Reputation: 78
Quote:
Originally Posted by markseger View Post
So that would then get me back to my original question of how can a non-privileged use tell what the interface speed is?
I think the point is that you shouldn’t be able to. Someone in kernel development apparently decided that such information should be available only to network administrators. I don’t think I agree with that decision, but that’s how it stands now. The only kernel-userspace interfaces to view that information are the ethtool and mii ioctls (in particular, information such as link speed is not in /proc or /sys).

I guess you have a few workarounds/choices, but all of them require elevated privileges eventually:
  1. Patch your kernel such as the vendor kernel lazlow uses. This is the easiest solution, as the patch should be pretty small:
    Code:
    diff --git a/net/core/ethtool.c b/net/core/ethtool.c
    index 1163eb2..b255a2a 100644
    --- a/net/core/ethtool.c
    +++ b/net/core/ethtool.c
    @@ -813,6 +813,7 @@ int dev_ethtool(struct net *net, struct ifreq *ifr)
     	case ETHTOOL_GGSO:
     	case ETHTOOL_GFLAGS:
     	case ETHTOOL_GPFLAGS:
    +	case ETHTOOL_GSET:
     		break;
     	default:
     		if (!capable(CAP_NET_ADMIN))
    The problem is that it isn’t portable (e.g., if you want to put this in a tool to distribute, you have to bank on the user having the same patch on their machine). Root privileges are required to replace the kernel image on most machines.
  2. Create a module. The purpose of the module would be to create alternate userspace interfaces for the information (e.g., in /proc or /sys). This would be a small amount of code, but much larger than your patch. It also improves portability somewhat—you don’t have to bank on users having a patched kernel, but instead distribute your module with the package itself. Root privileges are generally required to put a compiled module in the module directory and also to load/unload the module. You could, however, make it autoloading or make it load through bootscripts.
  3. Use setfcaps to give anyone executing your ethtool network administrator capabilities. This is a highly discouraged workaround, as it allows any user to perform the set operations through ethtool. In order to assign capabilities, you need to have the capability to set capabilities (and usually the only one who has this is root).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
When apache drops root priv to other user does...? helptonewbie Linux - Newbie 2 12-14-2007 08:43 AM
Just loaded Mepis 6.0 - French user - make new user - speed of machine NewbiePenguinista MEPIS 3 01-04-2007 04:03 PM
How do you restrict a nic's speed? mehesque Linux - Networking 2 05-27-2004 10:13 PM
constant fan speed w/o root priv. CyberGnu Linux - Hardware 1 04-06-2004 10:49 AM
how to create a user that has access priv to mysql in rh 9.0? spyghost Linux - Software 4 11-02-2003 03:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration