Re: ipset: how to run non-root

To:	"Mike Wright" <xktnniuymlla@mailinator.com>
Subject:	Re: ipset: how to run non-root
From:	PINTU <pintu9@gmail.com>
Date:	Sun, 19 Nov 2006 12:31:54 +0530
Cc:	netfilter@lists.netfilter.org
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=VVsUzwoN7AHazlWQ1IPWExnBoQZon1kCoF5YrMrxQVvD9/aJylMB5SeSRt+aRJgoG2JJjHurbwFWX/QAM4wVAJS7PQSnxMpucexoA/DzTFm9ZHEW2onr87Zbwq/VhjjiIacvjKTjhh6Up74Z7wyAkHFexjgOx8OPZUDWv2xwvxE=
In-reply-to:	<455FB202.1060702@mailinator.com>
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
References:	<455F8DE9.8060105@mailinator.com> <20061119001541.GA13056@outback.rfc2324.org> <455FB202.1060702@mailinator.com>
Sender:	netfilter-bounces@lists.netfilter.org

You can also try sudo

On 11/19/06, Mike Wright <xktnniuymlla@mailinator.com> wrote:

Maximilian Wilhelm wrote:
> Am Samstag, den 18 November hub Mike Wright folgendes in die Tasten:
>>
>>I'm trying to use ipset from a php script on an apache server.
>
>>Does anybody know how I might accomplish this?
>
>
> I never used ipset, but you could use a generic trick:
>  Set the owner of the ipset binary back to root and set the suid bit
>  which will result in the ability for everyone who can execute the
>  binary to do this "as root".
>
Excellent!  Worked out of the box with no problems.

> You might want to think about an execution restriction (e.g. via the group)
> to prevent people who should no fiddle with ipset from doing so.
>
Done!  As a paranoid I really like that advice.

> I hope you have some access control via your web application...
>
https, ip, user

Danke,
:m)

<Prev in Thread]	Current Thread	[Next in Thread>
ipset: how to run non-root, Mike Wright Re: ipset: how to run non-root, Maximilian Wilhelm Re: ipset: how to run non-root, Mike Wright Re: ipset: how to run non-root, PINTU <= Re: ipset: how to run non-root, R. DuFresne

Previous by Date:	Re: ipset: how to run non-root, Mike Wright
Next by Date:	Dynamic chain alternatives, Gary W. Smith
Previous by Thread:	Re: ipset: how to run non-root, Mike Wright
Next by Thread:	Re: ipset: how to run non-root, R. DuFresne
Indexes:	[Date] [Thread] [Top] [All Lists]