ipset: how to run non-root

Mike Wright xktnniuymlla at mailinator.com
Sun Nov 19 02:23:14 CET 2006

Maximilian Wilhelm wrote:
> Am Samstag, den 18 November hub Mike Wright folgendes in die Tasten:
>>I'm trying to use ipset from a php script on an apache server.
>>Does anybody know how I might accomplish this?
> I never used ipset, but you could use a generic trick:
>  Set the owner of the ipset binary back to root and set the suid bit
>  which will result in the ability for everyone who can execute the
>  binary to do this "as root".
Excellent!  Worked out of the box with no problems.

> You might want to think about an execution restriction (e.g. via the group)
> to prevent people who should no fiddle with ipset from doing so.
Done!  As a paranoid I really like that advice.

> I hope you have some access control via your web application...
https, ip, user


More information about the netfilter mailing list