# ifconfig, with partial user permission, who know how?



## Bra1n0v3rfl0w (Nov 18, 2010)

Hello everybody,

i would like to partially give user execution permission to ifconfig (i mean without root password), but only for two different options:


```
[I]> ifconfig sk0 up[/I]
```

and


```
[I]> ifconfig sk0 down[/I]
```

and left all other command options untouched (with root execution permission only), is it possible?

Thanks in advance for any answears.


----------



## phoenix (Nov 18, 2010)

Using security/sudo, yes, this is possible.  Just create a couple of Cmnd_Alias entries (one for */sbin/ifconfig sk0 up* and one for */sbin/ifconfig sk0 down*), and a user entry for those commands.  The sudoers(5) entry would be similar to:

```
Cmnd_Alias IFUP=/sbin/ifconfig sk0 up
Cmnd_Alias IFDOWN=/sbin/ifconfig sk0 down

username  (ALL)=ALL NOPASSWD: IFUP, IFDOWN
```

*Note:*  not tested, going from memory, so read the man pages and test it before deploying it.

Then, the user would be able to use sudo, without entering a password:
`$  sudo ifconfig sk0 up`
`$ sudo ifconfig sk0 down`


----------



## Bra1n0v3rfl0w (Nov 18, 2010)

*Thanks Phoenix,*

I will surely try and post results. Thanks again.


----------



## DutchDaemon (Nov 18, 2010)

Note: you can use full commands (including parameters/flags) without 'aliasing', e.g.:


```
someuser            ALL=NOPASSWD: /sbin/shutdown -p now,/usr/sbin/vipw
```

So this should work just as well:


```
someuser            ALL=NOPASSWD: /sbin/ifconfig sk0 up,/sbin/ifconfig sk0 down
```

If those users are already familiar with ifconfig, this may be less difficult to remember


----------



## phoenix (Nov 19, 2010)

Yeah, that works as well.  But, if you start adding more than 3 or 4 commands, it starts to get cluttered, and using Cmnd_Alias helps to keep things neat.  

TMTOWTDI fits well here.


----------



## Bra1n0v3rfl0w (Nov 19, 2010)

*Thanks Phoenix and DutchDaemon*

Hi,

It works! 

first i installed sudo (i was thinking that it was possible to do it with base system tools .... but i was wrong).

then edited sudoers (/usr/local/etc/sudoers)  with visudo (/usr/local/sbin/visudo):


```
# visudo -f sudoers
```

 adding, as last line:


```
username  ALL=NOPASSWD: /sbin/ifconfig sk0 up, /sbin/ifconfig sk0 down
```

then to run it as user:


```
> sudo ifconfig sk0 up
> sudo ifconfig sk0 down
```

Forgive me Phoenix, but i didn't add any alias cause: if i have to use it i don't care to type it, and for desktop users i will add a widget to run a shell script to launch them.

Thanks again for help DutchDaemon and Phoenix !!


----------



## DutchDaemon (Nov 20, 2010)

No, you don't have to type the literal Cmnd_Alias, so it's not going to be [cmd=]sudo IFUP[/cmd] or [cmd=]sudo IFDOWN[/cmd]  

That alias just serves to group commands internally (in the sudoers(5) file -> EXAMPLES section). 

In fact, this would work just as well:


```
Cmnd_Alias IFCONFIG = /sbin/ifconfig sk0 up, /sbin/ifconfig sk0 down

username  ALL=NOPASSWD: IFCONFIG
```

This would allow
[cmd=]sudo ifconfig sk0 up[/cmd]
and
[cmd=]sudo ifconfig sk0 down[/cmd]

The IFCONFIG alias just points to the real commands internally. You still type those real commands.


----------



## Bra1n0v3rfl0w (Nov 20, 2010)

*Thanks DutchDaemon*

I was thinking it was like alias i set in .cshrc.

Thanks again.


----------

