Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 06-16-2003, 06:23 PM   #1
Registered: Feb 2003
Location: Phoenix, AZ - USA
Distribution: RedHat 8, Micro$haft
Posts: 33

Rep: Reputation: 15
Angry iptables: non-root user access?

Hello all. I am trying to figure out how to grant access to iptables by non-root users. I have tried editing /etc/sudoers, "x" permission is granted to all users on /sbin/iptables.

All I can figure is there is some hook built into iptables/netfilter that simply will not allow users other than 'root' to execute the command. Am I missing something here?

I want to give access to iptables to a net admin temp, but I don't want to give the person root access to the box, just to the firewall.

Very frustrating. I have even looked all around at and found nothing on controlling access. What am I missing??

Old 06-16-2003, 08:23 PM   #2
Registered: Aug 2002
Location: Sydney, Australia
Distribution: Redhat, Open BSD, SuSe, Debian, CentOS
Posts: 177

Rep: Reputation: 31
What were the entries in your /etc/sudoers file for iptables? Did you include the entire path for iptables (i.e. /sbin/iptables) rather than just ipables?
Old 06-17-2003, 07:33 AM   #3
Registered: Mar 2003
Location: Philadelphia, PA
Distribution: RedHat, Gentoo
Posts: 51

Rep: Reputation: 15
Why grant direct access?

Wouldn't a message passing approach be better? I ran into this same situation with a wireless gateway I'm in the process of designing. I want a web server to be able to open access to paying customers, but I don't want the sucker running as root.

My answer was to write a monitor daemon that ran as root, and sat in the background waiting for messages. The webserver communicates to the daemon by writing messages into a MySQL table. The daemon checks for messages periodically, but it can be waken up by opening a connection to port 8000 and closing it again. I also use this same mechanism to tell the daemon to shut down. Simply write QUIT to the socket before closing it. (Though the daemon only listens for the QUIT command from local connections.)

Here's the script in TCL:

#! /usr/bin/tclsh

# Preen Daemon
# This script sits in the background, listening for
# commands to be recieved.
# The poll time can be abbreviated by simply
# opening a connection to port 8000
# Local process can send a kill signal to the
# daemon by writing the string QUIT to 8000

set ::tfi(application) preend
# Check for updates every minute
set ::poll_time   [expr 1 * 60 * 1000]
set ::block 0

proc tock {} {
    if [info exists ::next_tock] {
        # Cancel any pending polls
        after cancel $::next_tock
    if $::block {
        # Grr, someone tried to wake me up
        # while I was operating
    set ::block 1
    if [catch {
    } err] {
        set fout [open /tmp/preen.err a]
        puts $fout "[clock seconds] - $err"
        close $fout

        set fout [open /tmp/preen.errinfo w]
        puts $fout $::errorInfo
        close $fout
    set ::block 0
    set ::next_tock [after ${::poll_time} tock]

proc socket_wakeup {chan addr port} {
    fconfigure $chan -buffering line -translation crlf

    if [info exists ::next_tock] {
        after cancel $::next_tock
    if { $addr == "" } {
        gets $chan line
        if { $line == "QUIT" } {
    close $chan

# Your Code Here
proc update_loop {} {
    # This is where it looks for commands
    puts "UPDATE [clock format [clock seconds]]"

# Listen on port 8000 for the command to wake up
socket -server socket_wakeup 8000

# Start the monitor

vwait forever


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
usbport access as a non-root user m.harshavardhan Linux - Hardware 3 07-05-2005 07:10 PM
Gain root access to user longnam Slackware 5 03-29-2005 11:43 AM
Access on a hdd as User not root tkienzle Linux - Newbie 1 02-08-2005 09:21 PM
Access to root applications as a user Hungry ghost Fedora 1 02-04-2005 02:29 PM
No access to FAT32 for non-root user kornerr Slackware 4 01-02-2005 02:55 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:22 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration