ipfw as a non-root user
dom at happygiraffe.net
Wed Jun 18 13:47:03 BST 2003
On Wed, Jun 18, 2003 at 01:20:29PM +0100, Matt Whiteley wrote:
> Hi. I want to be able to run ipfw as a non-root user. Is this possible ?
If it used a file under /dev to do its ditry work, then maybe. As it
stands, it appears to use setsockopt(), so I would guess not. There's
probably checks in the kernel to only let root do this.
> Alternatively, I'm actually trying to execute ipfw commands from php
> running under Apache. Is there another solution available that allows me
> to do this without running Apache as root ?
Look into sudo. It's in /usr/ports/security/sudo. You can specify that
certain users are allowed to execute certain commands as root, and
without asking for a password.
Whilst this will work, it's not ideal. You may wish to set up a
dedicated daemon, running as root to run the ipfw commands on your
behalf. Then you can connect to that over a Unix socket from apache.
Better ideas welcome!
More information about the Ukfreebsd