Weblog entry #2 for lakshmananindia
See all weblog entries made by lakshmananindia.
#2
Permission to access NIC
Posted by lakshmananindia on Tue 2 Mar 2010 at 13:02
Hi all, Did any one know how to give access to a normal user to access the ethernet device for both read and write?? Is there any way to do that?
Comments on this Entry
Posted by lakshmananindia (125.22.xx.xx) on Tue 23 Mar 2010 at 03:57
[ Send Message | View Weblogs ]
[ Send Message | View Weblogs ]
Hi thanks for you reply.
I am the root user. I have many users in my system. For some purpose, I want to give permission to the user, so that he can actually capture the packets in the Ethernet device, or he can send out a RAW packet through the Ethernet device.
The user has to access only the Ethernet device as like root.
I am the root user. I have many users in my system. For some purpose, I want to give permission to the user, so that he can actually capture the packets in the Ethernet device, or he can send out a RAW packet through the Ethernet device.
The user has to access only the Ethernet device as like root.
[ Parent | Reply to this comment ]
Posted by AJxn (2001:0xx:0xx:0xxx:0xxx:0xxx:xx) on Tue 23 Mar 2010 at 22:27
[ Send Message | View Weblogs ]
[ Send Message | View Weblogs ]
Take a look at wireshark(1) (and read the documentation in /usr/share/doc/wireshark-common/README.Debian). Wireshark can be set up so that users in the group "wireshark" can trace all that is transfered through your net.
Wireshark uses dumpcap(1) to capture packages, so your user can use that tool to to dump what happens on your network.
How to send out raw packages on the net without root I have no clue how to do. Maybe sudo(1) could be a sollution to your needs? It can be set up only allow a user to run one (or two) programs as root. But be carefull, as it could lead to escalating privillidges.
But have you thought about adding a couple of virtual machines where the user(s) can be root? I uses VirtualBox in my courses, and that works great. I set up two-three small Debian machines (32Mbyte RAM) that is connected to one or two internal networks. So your users could set up internal networks that the user can analize in a controlled environment. Would be a better sollution, I guess.
And finally, just to be clear. Do not ever login and run as root. Use sudo to run those commands that needs to be runned as another user.
Wireshark uses dumpcap(1) to capture packages, so your user can use that tool to to dump what happens on your network.
How to send out raw packages on the net without root I have no clue how to do. Maybe sudo(1) could be a sollution to your needs? It can be set up only allow a user to run one (or two) programs as root. But be carefull, as it could lead to escalating privillidges.
But have you thought about adding a couple of virtual machines where the user(s) can be root? I uses VirtualBox in my courses, and that works great. I set up two-three small Debian machines (32Mbyte RAM) that is connected to one or two internal networks. So your users could set up internal networks that the user can analize in a controlled environment. Would be a better sollution, I guess.
And finally, just to be clear. Do not ever login and run as root. Use sudo to run those commands that needs to be runned as another user.
[ Parent | Reply to this comment ]
[ Send Message | View Weblogs ]
What do you actually want to do, what is the problem you want to solve?
No, access to ethernet device is prob. not the answer. I would guess it is a try on solving the problem you have not told us about.
[ Parent | Reply to this comment ]