Re: Network config
- Date: Fri, 4 Aug 2017 10:14:20 +0200
- From: <tomas@xxxxxxxxxx>
- Subject: Re: Network config
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, Aug 03, 2017 at 08:49:05PM +0200, Pascal Hambourg wrote:
> Le 03/08/2017 à 15:52, Zenaan Harkness a écrit :
> >On Thu, Aug 03, 2017 at 08:53:27AM -0400, Greg Wooledge wrote:
> >>But the problem is, various Unix DHCP client daemons do *too much*.
> >>All I want them to do is set the IP address, netmask, and gateway.
> >>I *don't* want them to change the system hostname, or the system
> >>resolv.conf (in which I have hand-placed *our* DNS search domain and
> >>*our* DNS resolvers).
> >Well, making /etc/resolv.conf read-only, owned by root.root
> ... is just useless. resolv.conf is already owned by root, DCHP
> client daemons run as root and on Linux systems root (uid 0) ignores
> read/write permissions.
That's what chattr +i is for. Don't forget to do chattr -i on the file
whenever *you* want to change it :-)
(For me, it's a satisfying feeling when I see the culprits whining
in the logs that they cannot write to the file, but that may be
my hidden sadistic alter ego).
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----