[CentOS] prevent users from fiddling with network?

Thu Sep 21 18:28:49 UTC 2017
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Thu, September 21, 2017 12:42 pm, Joseph L. Casale wrote:
>> Than was my first reaction when I realized that logged in with GUI (X11)
>> user can turn off (and on) network interfaces. Without being in sudoers
>> file.
>
> Would not being in sudoers prevent them from pulling the cord out? The
> rational for the control is well justified for users with multiple
> interfaces
> and is simply a convenience to something they could always do under any
> condition anyway.

Yes, I agree on that. However, psychologically pulling AC power cord (or
executing shutdown command) is more grave action than pressing toggle
"on/off" switch image for network interface, thus killing network
connection. So, I both agree and disagree with you. Namely, as with power
I agree that local user (especially armed with screwdriver) can do a lot.
Yet, I disagree that centrally managed "UNIX - like" (allegedly)
workstation can be easily subverted in variety of ways by local user,
effectively obliterating what sysadmin configured with something specific
in his mind.

My apologies, everybody. If I held myself from putting my rant when I
asked  for help, there wouldn't be any abstract discussion on topic none
of us can affect...

Valeri
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++