[CentOS] prevent users from fiddling with network?

Thu Sep 21 22:23:23 UTC 2017
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Thu, September 21, 2017 12:42 pm, Joseph L. Casale wrote:
>> Than was my first reaction when I realized that logged in with GUI (X11)
>> user can turn off (and on) network interfaces. Without being in sudoers
>> file.
> Would not being in sudoers prevent them from pulling the cord out? The
> rational for the control is well justified for users with multiple
> interfaces
> and is simply a convenience to something they could always do under any
> condition anyway.

Yes, I can understand the rationale as above - if it is somebody's laptop.
Or someone's home computer. But it is arguable if it is centrally managed
workstation. This ability to screw settings up is a pain for sysadmin if
this workstation sits on common area (like library) and multiple users can
access that, and even if it is workstation that is basically a single user
one, but has to be managed centrally. I rest my case. Basically, all _I_
said on this sidetracked thread should be treated as enclosed into "rant"
tags ;-)


Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247