Web lists-archives.com

Re: Network config




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Aug 03, 2017 at 08:49:05PM +0200, Pascal Hambourg wrote:
> Le 03/08/2017 à 15:52, Zenaan Harkness a écrit :
> >On Thu, Aug 03, 2017 at 08:53:27AM -0400, Greg Wooledge wrote:
> >>But the problem is, various Unix DHCP client daemons do *too much*.
> >>All I want them to do is set the IP address, netmask, and gateway.
> >>I *don't* want them to change the system hostname, or the system
> >>resolv.conf (in which I have hand-placed *our* DNS search domain and
> >>*our* DNS resolvers).
> >
> >Well, making /etc/resolv.conf read-only, owned by root.root
> 
> ... is just useless. resolv.conf is already owned by root, DCHP
> client daemons run as root and on Linux systems root (uid 0) ignores
> read/write permissions.

That's what chattr +i is for. Don't forget to do chattr -i on the file
whenever *you* want to change it :-)

(For me, it's a satisfying feeling when I see the culprits whining
in the logs that they cannot write to the file, but that may be
my hidden sadistic alter ego).

Cheers
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlmELNwACgkQBcgs9XrR2kYNMACfSv64NQre+qFfAXONWOEdADtm
jIoAn3rP30lR8UAeYqvKSrZt55GgM4gU
=SZVO
-----END PGP SIGNATURE-----