Wednesday, May 21, 2008
Home » Unlabelled » Run ifconfig as non-root user for read-only access to network interfaces
Hasan Basri
10:16 AM
0 comments

Run ifconfig as non-root user for read-only access to network interfaces

It is a frequent scenario that you are logged in to the console of a Linux system, and you need to know its IP address.

If you are the root user, that is easy:
$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0B:6B:E1:BC:14
          inet addr:192.168.0.103  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20b:6aff:fed0:bb04/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8100 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7727 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:5385440 (5.1 MiB)  TX bytes:1454259 (1.3 MiB)
          Interrupt:177 Base address:0xdc00

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:68 errors:0 dropped:0 overruns:0 frame:0
          TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5204 (5.0 KiB)  TX bytes:5204 (5.0 KiB)


However, if you are not root....
$ ifconfig
bash: ifconfig: command not found


At this point, you are probably ready to give up. Don't: there is always hope.

A not well-publicized fact is that the ifconfig command is executable by anyone: it is just NOT on the default PATH for non-root users.

To find out where ifconfig is:
$ whereis ifconfig
ifconfig: /sbin/ifconfig /usr/share/man/man8/ifconfig.8.gz


Is it true that anyone can run ifconfig?
$ ls -l /sbin/ifconfig
-rwxr-xr-x  1 root root 66024 Aug 12  2006 /sbin/ifconfig

The answer is yes.

To run ifconfig, /sbin needs to be on your PATH, is it?
$ echo $PATH
/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/opt/cdk4msp/bin:/home/peter/bin

No, afraid not. No wonder you cannot run the ifconfig command.

It is straight-forward to append that to your PATH.
$ export PATH=$PATH:/sbin
$ echo $PATH
/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/opt/cdk4msp/bin:/home/peter/bin:/sbin


Let's give ifconfig another try.
$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0B:6B:E1:BC:14
          inet addr:192.168.0.103  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20b:6aff:fed0:bb04/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8590 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8218 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:5530730 (5.2 MiB)  TX bytes:1509759 (1.4 MiB)
          Interrupt:177 Base address:0xdc00

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:68 errors:0 dropped:0 overruns:0 frame:0
          TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5204 (5.0 KiB)  TX bytes:5204 (5.0 KiB)


To save some typing, you can combine the setting of the PATH, and the ifconfig command as follow:
$ PATH=$PATH:/sbin ifconfig


Now, non-root users are happy.

Note that only non-root users can only get/read interface data, but not set/write it. Setting interface parameters as a non-root user will generate errors:

$ ifconfig eth0 192.168.0.155
SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied


StumbleUpon Toolbar
Posted by Hasan Basri at 10:16 AM
Share:

0 comments:

Post a Comment