Additional user for iptables

Additional user for iptables

[Dave Miller]

[-- Attachment #1.1: Type: text/plain, Size: 195 bytes --]

Hello –

Is there a way to allow an additional (non root) user to access the iptables
tool without using sudo or similar?

Thank you.


David S. Miller
Strategic Services Group, Inc.


[-- Attachment #1.2: Type: text/html, Size: 5294 bytes --]

[-- Attachment #2: image001.gif --]
[-- Type: application/octet-stream, Size: 1899 bytes --]

Re: Additional user for iptables

[Ramin Alidousti]

On Thu, Jun 20, 2002 at 07:58:55PM -0400, Dave Miller wrote:

> Hello ?
> 
> Is there a way to allow an additional (non root) user to access the iptables
> tool without using sudo or similar?

There is always the setuid-bit solution but why do you want to do this? If
you trust the user to play with your netfilter part of the system you can
trust them for more, no? Or do you want to only trust an application? In
which case, sudo is still a better solution, IMO.

Ramin

> 
> Thank you.
> 
> 
> David S. Miller
> Strategic Services Group, Inc.
> 

Re: Additional user for iptables

[Patrick Schaaf]

Hello,

> Is there a way to allow an additional (non root) user to access the iptables
> tool without using sudo or similar?

No.

regards
  Patrick

RE: Additional user for iptables

[Nathan Cassano]

Dave Miller wrote:
>
>Hello - 
>
> Is there a way to allow an additional (non root) user to access the
iptables tool without using sudo or similar?

Hi Dave,
	What are you trying to accomplish? What specific parts of
iptables do you want your users to access?

In any case if you are bent on letting your users access iptables I
would develop a suid c program that only accepts specific iptables
manipulations (i.e. only blocking an ip address) and runs the iptables
program. Heavily check the program's arguments so that nothing gets
through but allowed data. Make sure that only designated users will have
the permissions to executer this suid program.


Nathan