Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
10-20-2012, 10:09 AM
|
#1
|
Member
Registered: Sep 2008
Posts: 37
Rep:
|
User permissions to see IPTables rules & packets.
Dear all,
I'm trying to grant access to my account user to see IPTables rules and packets statistics w\o using the Root account.
How may I do it?
I've tried to add the line: user localhost= NOPASSWD: /sbin/iptables -vnxL to my Sudoers file... but stil IPTables blocks me.
It seems like IPTables it-self is blocking the user account and not the system permissions.
P.S I'm using CentOS 6.3 & Fedora 17 in parallel.
Thanks in advance.
Last edited by CrAzYoNi; 10-20-2012 at 12:10 PM.
Reason: Solved thanks to Nugat
|
|
|
10-20-2012, 10:49 AM
|
#2
|
Member
Registered: Sep 2012
Posts: 122
Rep:
|
Quote:
Originally Posted by CrAzYoNi
I'm trying to grant access to my account user to see IPTables rules and packets statistics w\o using the Root account.
How may I do it?
I've tried to add the line: user localhost= NOPASSWD: /sbin/iptables -vnxL to my Sudoers file... but stil IPTables blocks me.
It seems like IPTables it-self is blocking the user account and not the system permissions.
|
try changing your sudo rule to:
Code:
user ALL = (root) NOPASSWD: /sbin/iptables -vnxL
|
|
|
10-20-2012, 11:00 AM
|
#3
|
Member
Registered: Sep 2008
Posts: 37
Original Poster
Rep:
|
It didn't worked for me.
<code>
# cat /etc/sudoers | grep user
user localhost=(root) NOPASSWD: /sbin/iptables -vnxL
##
$ iptables -vnxL
iptables v1.4.14: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
</code>
|
|
|
10-20-2012, 11:07 AM
|
#4
|
Member
Registered: Sep 2012
Posts: 122
Rep:
|
Quote:
Originally Posted by CrAzYoNi
It didn't worked for me.
<code>
# cat /etc/sudoers | grep user
user localhost=(root) NOPASSWD: /sbin/iptables -vnxL
##
$ iptables -vnxL
iptables v1.4.14: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
</code>
|
when logged in as the user, what does this command tell you?
(that is a lower case L, not a "one")
Edit: the "localhost" you've used in your rule must be the hostname of the system. if it isn't, change it to that, or use ALL.
Last edited by nugat; 10-20-2012 at 11:10 AM.
Reason: hostname
|
|
|
10-20-2012, 11:10 AM
|
#5
|
Member
Registered: Sep 2008
Posts: 37
Original Poster
Rep:
|
<code>
$ sudo -l
[sudo] password for user:
Matching Defaults entries for user on this host:
requiretty, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME
LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME
LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User user may run the following commands on this host:
(ALL) ALL
</code>
Last edited by CrAzYoNi; 10-20-2012 at 11:10 AM.
Reason: .
|
|
|
10-20-2012, 11:13 AM
|
#6
|
Member
Registered: Sep 2012
Posts: 122
Rep:
|
i'm confused, did you run "sudo -l" as root or as the user? is there a third username in the mix?
did you see my edit to my previous post?
|
|
|
10-20-2012, 11:18 AM
|
#7
|
Member
Registered: Sep 2008
Posts: 37
Original Poster
Rep:
|
I've run "sudo -l" as the user, just after creating a new tab on my Deksotp (Gnome) env.
There is another user account instead of "user" which I'm just replacing here in the output.
And I've noticed your edit + tried ALL & Localhost already.
I'm using several hostnames to my system... localhost is replying to pings though (as the local machine).
|
|
|
10-20-2012, 11:26 AM
|
#8
|
Member
Registered: Sep 2012
Posts: 122
Rep:
|
i didn't notice if you stated this: are you trying to run the command with sudo in front of it? e.g.:
Code:
sudo /sbin/iptables -vnxL
|
|
|
10-20-2012, 11:29 AM
|
#9
|
Member
Registered: Sep 2008
Posts: 37
Original Poster
Rep:
|
Actually, not.
But when I do that, with sudo in the beginning, I still need to provide password - in order to get the output - which works then.
|
|
|
10-20-2012, 11:48 AM
|
#10
|
Member
Registered: Sep 2012
Posts: 122
Rep:
|
according to your (ALL) ALL when you run "sudo -l", it seems as though that rule is overriding your iptables-specific one.
can you comment out that (ALL) ALL rule? is that in /etc/sudoers or in a /etc/sudoers.d/* file?
|
|
|
10-20-2012, 12:09 PM
|
#11
|
Member
Registered: Sep 2008
Posts: 37
Original Poster
Rep:
|
Nugat, THANKS!
Commenting the %wheel ALL=(ALL) solved by issue, thanks a lot! 
|
|
|
10-20-2012, 12:10 PM
|
#12
|
Member
Registered: Sep 2012
Posts: 122
Rep:
|
A-ha! so you were in the wheel group. glad you got it sorted.
|
|
|
09-21-2017, 03:23 AM
|
#13
|
LQ Newbie
Registered: Sep 2017
Posts: 1
Rep: 
|
zabbix server remote shell Permission denied
iptables v1.4.7: can't initialize iptables table `filter': Permission denied (you must be root)
on the zabbix-agent server You could try to add "AllowRoot=1" to /etc/zabbix/zabbix_agentd.conf
Use echo AllowRoot=1 >> /etc/zabbix/zabbix_agentd.conf
then restart zabbix-agent
/etc/init.d/zabbix-agent restart
on the zabbix-server you could run you own shell again.
|
|
|
All times are GMT -5. The time now is 12:08 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|