iptables: non-root user access?
Hello all. I am trying to figure out how to grant access to iptables by non-root users. I have tried editing /etc/sudoers, "x" permission is granted to all users on /sbin/iptables.
All I can figure is there is some hook built into iptables/netfilter that simply will not allow users other than 'root' to execute the command. Am I missing something here? I want to give access to iptables to a net admin temp, but I don't want to give the person root access to the box, just to the firewall. Very frustrating. I have even looked all around at netfilter.org and found nothing on controlling access. What am I missing?? Thanks!! |
What were the entries in your /etc/sudoers file for iptables? Did you include the entire path for iptables (i.e. /sbin/iptables) rather than just ipables?
|
Why grant direct access?
Wouldn't a message passing approach be better? I ran into this same situation with a wireless gateway I'm in the process of designing. I want a web server to be able to open access to paying customers, but I don't want the sucker running as root.
My answer was to write a monitor daemon that ran as root, and sat in the background waiting for messages. The webserver communicates to the daemon by writing messages into a MySQL table. The daemon checks for messages periodically, but it can be waken up by opening a connection to port 8000 and closing it again. I also use this same mechanism to tell the daemon to shut down. Simply write QUIT to the socket before closing it. (Though the daemon only listens for the QUIT command from local connections.) Here's the script in TCL: Code:
#! /usr/bin/tclsh |
All times are GMT -5. The time now is 06:09 AM. |