hey guys, so i am trying to setup a gateway server, with a debian, using iptables as my firewall / router system.

problem is, i've made a WebInterface for it, that does the same as TurtleFirewall, but with less advanceness in it, as the people why want to use it, does not know a single thing about iptables, or command lines.

so my webinterface is running on a Apache2 service, with PHP5 scripting.

it generates a file called /var/nonpublic/router/iptables.new.rules

and i want to push thouse rules into action, when they are made.

but ofcasue i run the apache2 service as a restriced user, as it would be wierd otherwise.. and i wondereed if there was a way to, push them into action?

i've been thinking on a root cron job, running in a 1 minute interval, but i really wanted another way?

how does webmin do it? or any other webinterface, that writes to SuperUser files?

There are some HUGE security risks by doing what you are doing but there are a few ways to skin this cat.

You can first look at using the setuid/setgid permissions. In Linux the octal permission set is actually 4 digits with the first digit allowing you to set special permissions like setuid and setgid.

Take a look at http://www.cyberciti.biz/faq/unix-bs...x-setuid-file/

A more secure, but still vulnerable, way to go about it is using the suphp extension which allows PHP to run certain scripts and files as the owner of the file, in this case root.

See www.suphp.org and http://www.howtoforge.com/apache2_suphp_php4_php5