[PLUG] Disconnect eth1 from the command line without sudo
David
dafr+plug at dafr.us
Thu Nov 20 23:59:29 UTC 2014
On 11/20/2014 01:52 PM, Keith Lofstrom wrote:
> On Wed, Nov 19, 2014 at 03:05:22PM -0800, David wrote:
>
>> Using the visudo command, you can follow this template I have:
>>
>> Cmnd_Alias NETWORK = /sbin/ifconfig, /usr/sbin/wpa_gui, \
>> /sbin/dhclient, \
>> /etc/init.d/networking, /usr/sbin/iftop
>>
>> dafr ALL=PASSWD: ALL, NOPASSWD:NETWORK,TOOLS,PMTOOLS
>
> That looks like a useful way for me to accomplish a similar
> networking hack. Thanks!
>
> What security issues does it create? Using sudo in a script
> seems somewhat safer than enabling a command by typing my
> password in a public place with dozens of cameras about.
>
> Keith
>
This is probably no more and no less secure, but it does prevent anyone
shoulder surfing from having additional chances to observe you typing
your password. Once they have your login password, and physical access,
they can do anything they want on your system, whether sudo requires a
password or not.
This is especially useful for scripting where you want to run things via
cron or remote commands via SSH where typing, and retyping, and retyping
your password gets old.
You could even set ALL=NOPASSWD (or something like that) and never have
to type your password again when using sudo. I don't do that as the
password at least keeps me from being on auto-pilot mode too much and
doing something really stupid.
dafr
More information about the PLUG
mailing list