[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Running IPTables as non-root user?



On Fri, Jul 25, 2003 at 11:23:04AM -0300, breno.moiana@partekforest.com wrote:
> I would like to have an ordinary user to be created and give him only power
> enough to run IPTables. It would work like this:
> When the user logs in, (either locally or through SSH), a bash script is ran
> which allows him to select, from a menu, what service he wants to activate. When
> he is done, he deactivates the service and logs off. The user wouldn't even see
> the prompt.
> 
> I would like to do that with an user other than root. The problem is to allow
> this user to alter iptables rules. Is it possible?

I'm pretty sure that hacking things so that you don't need to be root to add
iptables rules would be hard.  luckily, we have sudo, which can be used to
grant limited privileges to specified users.  They don't need the root
password, merely their own, to access these privileges.

The other way might be to make iptables SUID root, but that might not be
overly healthy.  My recommendation is to use sudo.

- Matt



Reply to: