Tux

...making Linux just a little more fun!

specifying trusted devices other than eth0

qqq1one @yahoo.com [qqq1one at yahoo.com]


Tue, 1 May 2007 23:24:37 -0700 (PDT)

Hi Everyone,

Does anyone remember how Fedora Core 4 let the user specify trusted devices (e.g. eth0, sit0, nlv0) through the system-config-securitylevel tool? That feature seems to have gone away with Core 5. I always liked that feature because it let me open up just the nlv0 device for VPN. With that feature gone, I have to open up a lot more it seems.

Does anyone know of a workaround? Or did the feature just get moved somewhere else? Thanks in advance. Oh, and I did find the ASCI version of the tool, system-config-securitylevel-tui - it knows that eth0 can be set as a trusted device, but that's it. Even when nlv0 is up (as confirmed by ifconfig), system-config-securitylevel-tui only lists eth0 as a device that can be set as trusted.

-- 
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Top    Back


Ben Okopnik [ben at linuxgazette.net]


Fri, 4 May 2007 11:00:17 -0400

On Tue, May 01, 2007 at 11:24:37PM -0700, qqq1one @yahoo.com wrote:

> Hi Everyone,
> 
> Does anyone remember how Fedora Core 4 let the user specify trusted devices (e.g. eth0, sit0,
> nlv0) through the system-config-securitylevel tool?  That feature seems to have gone away with
> Core 5.  I always liked that feature because it let me open up just the nlv0 device for VPN.  With
> that feature gone, I have to open up a lot more it seems.
> 
> Does anyone know of a workaround?  Or did the feature just get moved somewhere else?  Thanks in
> advance.  Oh, and I did find the ASCI version of the tool, system-config-securitylevel-tui - it
> knows  that eth0 can be set as a trusted device, but that's it.  Even when nlv0 is up (as
> confirmed by ifconfig), system-config-securitylevel-tui only lists eth0 as a device that can be
> set as trusted.

I don't know anything about how Fedora did this, but the traditional way to configure a device so that it can only be accessed by a given group of users is via the permissions mechanism. E.g.,

# addgroup --system trusted
# chown root:trusted /dev/foo
# chmod 660 /dev/foo
# for n in joe jenny jim josie jack jill jeff joy
	do adduser $n trusted
done
-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *

Top    Back