IPtables Permissions on Linux

Posted in Code, Linux by Elliott Back on March 27th, 2007.

If you want to, say, run iptables from a script to ban naughty users on your website, you’re going to quickly find yourself with an error:

Can't initialize iptables table 'some table': Permission denied (you must be root)

Since only root is allowed to run iptables, then we need to let apache be root to run it. Just edit /etc/sudoers and add the line apache (ALL)=(root) NOPASSWD: /sbin/iptables. This means that the user apache is allowed to run iptables as root for any server group, so it is not particularly security adverse. It certainly doesn’t grant apache all of root permissions, which would lead to instant disaster. After you make this change, you can now run sudo iptables as apache:

sudo -u apache sudo iptables -I INPUT -s 127.0.0.1 -j DROP

This entry was posted on Tuesday, March 27th, 2007 at 6:26 pm and is tagged with root permissions, server group, sbin, disaster, apache, linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback.

The Search

search site archives

You Came From

must, remove, script, iptable, permissions, cant, sudoer, entry, banlist, table, bmon, iptables, linux, user, root, file, apache, permission, execute, filter, sudo, from, sudoers, denied, initialize

Results by WP From / Where

Elliott C. Back: Internet & Technology

IPtables Permissions on Linux

Leave a Reply

The Search

You Came From

The Meta

Elliott C. Back: Internet & Technology

IPtables Permissions on Linux

Leave a Reply

The Search

Related Posts:

Iptables Bash Shell Cleanup Script

1 Free Opera Code

“We are so Secure,” they cry, hacked full of holes

Bury that lede – What Windows Designers don’t know about UI

bmon for Fedora Core

You Came From

The Meta