IPtables Permissions on Linux
If you want to, say, run iptables from a script to ban naughty users on your website, you’re going to quickly find yourself with an error:
Can’t initialize iptables table ’some table’: Permission denied (you must be root)
Since only root is allowed to run iptables, then we need to let apache be root to run it. Just edit /etc/sudoers and add the line apache (ALL)=(root) NOPASSWD: /sbin/iptables. This means that the user apache is allowed to run iptables as root for any server group, so it is not particularly security adverse. It certainly doesn’t grant apache all of root permissions, which would lead to instant disaster. After you make this change, you can now run sudo iptables as apache:
sudo -u apache sudo iptables -I INPUT -s 127.0.0.1 -j DROP
This entry was posted on Tuesday, March 27th, 2007 at 6:26 pm and is tagged with root permissions, server group, sbin, disaster, apache, linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback.
Leave a Reply
Fresh, related resources:
- The Ultimate SSH Security Tutorial
Make sure permissions on the ~/.ssh directory are 700. Now from the client machine copy the .pub key you generated to ~/.ssh on the server. You can do this with something like (from the client machine): ... - LinuxCBT feat. SUSE 9 Enterprise Edition
SUSE 9 Enterprise Edition teach you what traditional training outlets and other CBTs do not; real SUSE Linux skills! Recommended Prerequisites: * Open mind & determination to master Linux and related open-source applications * Basic MS ... - Linux Commands
Topics will be covered in this Blog are : Linux System Administrator - Memory Performance Tuning - File System - User Group - Linux / Unix Commands Processes - Virtual Swap Memory - Mail Server - Remote Access - Linux Permissions - Boot ... - LinuxCBT feat. SUSE 9 Enterprise Edition
System V Linux Runlevel implementation * RPM Package Management Tool Concepts & Usage * Manage Users and Groups & Permissions * Kernel Management * Miscellaneous Configuration & Commands SUSE Enterprise Linux Core Networking Services ... - Linux VTMs
3) Introduction to Linux Permissions (visual rwx,777, ugo, chmod,chown,chgrp,ls -l). 4) Introduction to the Bash Shell, what it is, what it does, redirection, variables, quoting, globs. 5) Basic Bash Scripting, Pipes, script files, ...