Dear all,
I'm trying to grant access to my account user to see IPTables rules and packets statistics w\o using the Root account.
How may I do it?
I've tried to add the line: user localhost= NOPASSWD: /sbin/iptables -vnxL to my Sudoers file... but stil IPTables blocks me.
It seems like IPTables it-self is blocking the user account and not the system permissions.

P.S I'm using CentOS 6.3 & Fedora 17 in parallel.

Thanks in advance.

try changing your sudo rule to:

It didn't worked for me.

<code>
# cat /etc/sudoers | grep user
user localhost=(root) NOPASSWD: /sbin/iptables -vnxL

##

$ iptables -vnxL
iptables v1.4.14: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
</code>

when logged in as the user, what does this command tell you?

(that is a lower case L, not a "one")

Edit: the "localhost" you've used in your rule must be the hostname of the system. if it isn't, change it to that, or use ALL.

<code>
$ sudo -l
[sudo] password for user:
Matching Defaults entries for user on this host:
requiretty, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME
LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME
LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User user may run the following commands on this host:
(ALL) ALL
</code>

i'm confused, did you run "sudo -l" as root or as the user? is there a third username in the mix?

did you see my edit to my previous post?

I've run "sudo -l" as the user, just after creating a new tab on my Deksotp (Gnome) env.
There is another user account instead of "user" which I'm just replacing here in the output.

And I've noticed your edit + tried ALL & Localhost already.
I'm using several hostnames to my system... localhost is replying to pings though (as the local machine).

i didn't notice if you stated this: are you trying to run the command with sudo in front of it? e.g.:

Actually, not.
But when I do that, with sudo in the beginning, I still need to provide password - in order to get the output - which works then.

according to your (ALL) ALL when you run "sudo -l", it seems as though that rule is overriding your iptables-specific one.

can you comment out that (ALL) ALL rule? is that in /etc/sudoers or in a /etc/sudoers.d/* file?

Nugat, THANKS!
Commenting the %wheel ALL=(ALL) solved by issue, thanks a lot!

A-ha! so you were in the wheel group. glad you got it sorted.

iptables v1.4.7: can't initialize iptables table `filter': Permission denied (you must be root)

on the zabbix-agent server You could try to add "AllowRoot=1" to /etc/zabbix/zabbix_agentd.conf
Use echo AllowRoot=1 >> /etc/zabbix/zabbix_agentd.conf
then restart zabbix-agent
/etc/init.d/zabbix-agent restart

on the zabbix-server you could run you own shell again.