Wednesday, May 21, 2008
10:16 AM

Run ifconfig as non-root user for read-only access to network interfaces

It is a frequent scenario that you are logged in to the console of a Linux system, and you need to know its IP address.

If you are the root user, that is easy:
$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:0B:6B:E1:BC:14
inet addr:192.168.0.103 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20b:6aff:fed0:bb04/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8100 errors:0 dropped:0 overruns:0 frame:0
TX packets:7727 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5385440 (5.1 MiB) TX bytes:1454259 (1.3 MiB)
Interrupt:177 Base address:0xdc00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:68 errors:0 dropped:0 overruns:0 frame:0
TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5204 (5.0 KiB) TX bytes:5204 (5.0 KiB)


However, if you are not root....
$ ifconfig
bash: ifconfig: command not found


At this point, you are probably ready to give up. Don't: there is always hope.

A not well-publicized fact is that the ifconfig command is executable by anyone: it is just NOT on the default PATH for non-root users.

To find out where ifconfig is:
$ whereis ifconfig
ifconfig: /sbin/ifconfig /usr/share/man/man8/ifconfig.8.gz


Is it true that anyone can run ifconfig?
$ ls -l /sbin/ifconfig
-rwxr-xr-x 1 root root 66024 Aug 12 2006 /sbin/ifconfig

The answer is yes.

To run ifconfig, /sbin needs to be on your PATH, is it?
$ echo $PATH
/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/opt/cdk4msp/bin:/home/peter/bin

No, afraid not. No wonder you cannot run the ifconfig command.

It is straight-forward to append that to your PATH.
$ export PATH=$PATH:/sbin
$ echo $PATH
/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/opt/cdk4msp/bin:/home/peter/bin:/sbin


Let's give ifconfig another try.
$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:0B:6B:E1:BC:14
inet addr:192.168.0.103 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20b:6aff:fed0:bb04/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8590 errors:0 dropped:0 overruns:0 frame:0
TX packets:8218 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5530730 (5.2 MiB) TX bytes:1509759 (1.4 MiB)
Interrupt:177 Base address:0xdc00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:68 errors:0 dropped:0 overruns:0 frame:0
TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5204 (5.0 KiB) TX bytes:5204 (5.0 KiB)


To save some typing, you can combine the setting of the PATH, and the ifconfig command as follow:
$ PATH=$PATH:/sbin ifconfig


Now, non-root users are happy.

Note that only non-root users can only get/read interface data, but not set/write it. Setting interface parameters as a non-root user will generate errors:

$ ifconfig eth0 192.168.0.155
SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied


StumbleUpon Toolbar

0 comments:

Post a Comment