I've got a bash script which sets up rules for ipchains. Also runs tcp_syncookies, icmp_ignore_bogus_error_responses, and a couple other root-only programs.
Because the script needs the IP address, it must run after the connection is made. I want to have the script be able to be run by normal users, because normal users will be doing the connecting.
Problem is, normal users can't run ipchains (or /proc/sys/net/ipv4/tcp_syncookies, and a couple of other things which are also in my bash script)
Can suid bash scritps, of course. Don't want to set up all normal users for sudo, unless I can restrict them to just my post-connect ipchains script.
Anyone have a work-around or other advice?
--------------------------------------------------------------------------
PROBLEM SOLVED EDIT FOLLOWS:
I didn't understand that sudo could be configured for specific scripts. I added this to sudoers:
%users ALL=NOPASSWD:/usr/bin/firewall
... then I added this to be executed after connection
/usr/bin/sudo /usr/bin/firewall
I guess I should have googled a bit more before posting here