On Thu, September 21, 2017 12:42 pm, Joseph L. Casale wrote:>> Than was my first reaction when I realized that logged in with GUI (X11) >> user can turn off (and on) network interfaces. Without being in sudoers >> file. > > Would not being in sudoers prevent them from pulling the cord out? The > rational for the control is well justified for users with multiple > interfaces > and is simply a convenience to something they could always do under any > condition anyway.Yes, I agree on that. However, psychologically pulling AC power cord (or executing shutdown command) is more grave action than pressing toggle "on/off" switch image for network interface, thus killing network connection. So, I both agree and disagree with you. Namely, as with power I agree that local user (especially armed with screwdriver) can do a lot. Yet, I disagree that centrally managed "UNIX - like" (allegedly) workstation can be easily subverted in variety of ways by local user, effectively obliterating what sysadmin configured with something specific in his mind. My apologies, everybody. If I held myself from putting my rant when I asked for help, there wouldn't be any abstract discussion on topic none of us can affect... Valeri> _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
-----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Valeri Galtsev Sent: Thursday, September 21, 2017 12:29 PM To: CentOS mailing list <centos at centos.org> Subject: Re: [CentOS] prevent users from fiddling with network?> Namely, as with power > I agree that local user (especially armed with screwdriver) can do a lot.Network cable Valeri, not power...
On Thu, September 21, 2017 1:41 pm, Joseph L. Casale wrote:> -----Original Message----- > From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Valeri Galtsev > Sent: Thursday, September 21, 2017 12:29 PM > To: CentOS mailing list <centos at centos.org> > Subject: Re: [CentOS] prevent users from fiddling with network? > >> Namely, as with power >> I agree that local user (especially armed with screwdriver) can do a lot. > > Network cable Valeri, not power...If it were not for creative editing/clipping I would show that I meant power cord as equivalent for shutdown, leaving network cable equivalent to turning off interface out of discussion (or implied as such). Being a moron I am I'm not against everybody having some loughs at my expense whenever possible... I still would prefer not this sidetracked discussion (I know I have myself to blame for that), but some push towards disabling local user's abilities to fiddle with network settings short of uninstalling networkmanager GUI and friends. I got one general pointer already (thanks, James!). Didn't do careful reading on that yet, so any straight guidance is still welcome! Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++