what are the possible ways to Edit iptables in red-hat Linux 6 without root user privilege ? We can edit or modify iptables only as root user. How can we perform edit operation without root user privilege in redhat linux 6 Enterprise.
asked Nov 4, 2013 at 6:16
Java_Linux_Buddy_112358
93 bronze badges
-
I dont think you can. If you can get root access then you can setuid the iptables command to make it so it runs with root access when called by anormal user. (Without need to sudo or su)James Sefton– James Sefton2013年11月04日 06:20:35 +00:00Commented Nov 4, 2013 at 6:20
-
Bit of info on setuid here: cyberciti.biz/faq/unix-bsd-linux-setuid-fileJames Sefton– James Sefton2013年11月04日 06:23:26 +00:00Commented Nov 4, 2013 at 6:23
-
Can you explain @james sefton that process. I means Complete Description of your above suggestion.Java_Linux_Buddy_112358– Java_Linux_Buddy_1123582013年11月04日 06:24:40 +00:00Commented Nov 4, 2013 at 6:24
1 Answer 1
Login as root and run:
chmod u+s /path/to/iptables/command
You should now be able to run iptables command without being root.
Be aware that this means all users can now run iptables command as root.
Sign up to request clarification or add additional context in comments.
2 Comments
Java_Linux_Buddy_112358
Ok, how can I just allow setuid only for users belong to a group
James Sefton
I don't know if that can be done. Setuid is a flag to tell the system to execute the file as its owner. You could possibly remove the world execute permission from the file and set the group of the iptables file. (chmod o-x /path/to/iptables , then chown root:somegroup /path/to/iptables)