Tuesday, May 20, 2008

Run ifconfig as non-root user for read-only access to network interfaces

It is a frequent scenario that you are logged in to the console of a Linux system, and you need to know its IP address.

If you are the root user, that is easy:
$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:0B:6B:E1:BC:14
inet addr:192.168.0.103 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20b:6aff:fed0:bb04/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8100 errors:0 dropped:0 overruns:0 frame:0
TX packets:7727 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5385440 (5.1 MiB) TX bytes:1454259 (1.3 MiB)
Interrupt:177 Base address:0xdc00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:68 errors:0 dropped:0 overruns:0 frame:0
TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5204 (5.0 KiB) TX bytes:5204 (5.0 KiB)


However, if you are not root....
$ ifconfig
bash: ifconfig: command not found


At this point, you are probably ready to give up. Don't: there is always hope.

A not well-publicized fact is that the ifconfig command is executable by anyone: it is just NOT on the default PATH for non-root users.

To find out where ifconfig is:
$ whereis ifconfig
ifconfig: /sbin/ifconfig /usr/share/man/man8/ifconfig.8.gz


Is it true that anyone can run ifconfig?
$ ls -l /sbin/ifconfig
-rwxr-xr-x 1 root root 66024 Aug 12 2006 /sbin/ifconfig

The answer is yes.

To run ifconfig, /sbin needs to be on your PATH, is it?
$ echo $PATH
/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/opt/cdk4msp/bin:/home/peter/bin

No, afraid not. No wonder you cannot run the ifconfig command.

It is straight-forward to append that to your PATH.
$ export PATH=$PATH:/sbin
$ echo $PATH
/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/opt/cdk4msp/bin:/home/peter/bin:/sbin


Let's give ifconfig another try.
$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:0B:6B:E1:BC:14
inet addr:192.168.0.103 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20b:6aff:fed0:bb04/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8590 errors:0 dropped:0 overruns:0 frame:0
TX packets:8218 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5530730 (5.2 MiB) TX bytes:1509759 (1.4 MiB)
Interrupt:177 Base address:0xdc00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:68 errors:0 dropped:0 overruns:0 frame:0
TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5204 (5.0 KiB) TX bytes:5204 (5.0 KiB)


To save some typing, you can combine the setting of the PATH, and the ifconfig command as follow:
$ PATH=$PATH:/sbin ifconfig


Now, non-root users are happy.

Note that only non-root users can only get/read interface data, but not set/write it. Setting interface parameters as a non-root user will generate errors:

$ ifconfig eth0 192.168.0.155
SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied

10 comments:

benji said...

ifconfig was deprecated in kernels newer than 2.2.x See
http://www.linux-foundation.org/en/Net:Iproute2
http://en.wikipedia.org/wiki/Ifconfig

You can use "ip" instead ("ip a" lists interfaces). ip is in the default path, at least on suse.

Peter Leung said...

Thanks, benji.

ip will do the job.

On my Centos 4, /sbin/ip runs into the same problem as ifconfig: /sbin is not on the default path.

Same solution.

Anonymous said...

I didn't know you can call ifconfig from the user level. As I was looking for such a solution, I looked into using 'ping'. This works: ping -c 1 `hostname`
As I was playing around with dnsmasq and try to test it, I learned that the 'hostname' command has the '-i' option to retrieve once own IP address.

Cheers,
Rainer

Peter Leung said...

hostname -i certainly works.

And in my opinion, even simpler than the ifconfig idea.

Thanks

Peter

Anonymous said...

found some good ifconfig examples

Anonymous said...

Adding sbin to the PATH may be too much just for ifconfig. You could simply make a softlink to it in a directory in your path, for example:
# ln -s /sbin/ifconfig /usr/bin/ifconfig

Keep up with the good work! ^^

dare to solve puzzle said...

thanks, really good info, helped me play with ifconfig...

dare to solve puzzle said...

@doncbex
as a non-root user it says "permission denied"
@anonymous
it gives localhost or 127.0.0.1 instead of giving ip address..

Bharath said...

It's very nice. Very helpful.

Anonymous said...

thank you very much.. your simple code made it easy to redirect the non user path to the root path to run "ifconfig" direct instead of /sbin/ifconfig"

thanks again for your post.