ipfw as a non-root user

Dominic Mitchell dom at happygiraffe.net
Wed Jun 18 13:47:03 BST 2003


On Wed, Jun 18, 2003 at 01:20:29PM +0100, Matt Whiteley wrote:
> All,
> 
> Hi. I want to be able to run ipfw as a non-root user. Is this possible ?

If it used a file under /dev to do its ditry work, then maybe.  As it
stands, it appears to use setsockopt(), so I would guess not.  There's
probably checks in the kernel to only let root do this.

> Alternatively, I'm actually trying to execute ipfw commands from php
> running under Apache. Is there another solution available that allows me
> to do this without running Apache as root ?

Look into sudo.  It's in /usr/ports/security/sudo.  You can specify that
certain users are allowed to execute certain commands as root, and
without asking for a password.

Whilst this will work, it's not ideal.  You may wish to set up a
dedicated daemon, running as root to run the ipfw commands on your
behalf.  Then you can connect to that over a Unix socket from apache.

Better ideas welcome!

-Dom




More information about the Ukfreebsd mailing list