PDA

Click to See Complete Forum and Search --> : permission problems

Carl Pender
04-17-2003, 03:38 PM
I have a problem with permissions. Here goes;

When logged on as 'root' I can obviously execute/change iptables, but when I log on as my username "cpender" I can't, even though I am part of the root group. I also tried changing the permissions of iptables themselves using chmod 777 /usr/sbin/iptables or changing the owner using chown cpender /usr/sbin/iptables but when I try to even list the iptables, using iptables -L I get an error message like so:

iptables v1.2.2: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

I need to able to modify them as cpender. How do I do this. I thought that I had done all I could to so this but obviously not.

Thanks

Carl
bwkaz
04-17-2003, 04:41 PM
The kernel will not allow anyone other than UID 0 to use iptables.

Umm... maybe sudo would be of use? You can configure it to allow your user to execute iptables, or allow your user to execute iptables with only certain parameters.
busa_blade
04-17-2003, 04:53 PM
Why can't you su to root?

You should be able to change anything there. Plus, you probably would not want to chmod any binaries to 777, could be a security risk.
Carl Pender
04-22-2003, 05:25 AM
I could su to root but I need this automated so that I dont need to manually su to root.

How do I sudo so that a user "cpender" can have access to iptables? Dont worry about security. I know the implications of this but this is only for demonstration purposes that I need to do this. It will not be permanent.

Thnks again

Carl
filp
04-22-2003, 06:55 AM
You can use sudo and the NOPASSWD option in /etc/sudoers for the user, then you can execute commands "sudo <command>" and it will execute as root with out prompting for a password.

Horribley insecure with bountless possibilities to compromise a system, but hey. It gets the job done.

Seeya,
Filp
Carl Pender
04-22-2003, 08:51 AM
Thanks for that. i edited the sudoers file so that I, cpender, can run things with root permissions. e.g. I can list the iptables using sudo iptables -L I am prompted for a password. How/where do I set the NOPASSWD option?


Here is a copy of my sudoers file:


# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL) ALL
cpender ALL=(ALL) ALL


Thanks again:D
Carl Pender
04-23-2003, 09:07 AM
I got it working, by usin this line:

cpender ALL=NOPASSWD:ALL

Thanks for all your help guys!