ipset: how to run non-root
xktnniuymlla at mailinator.com
Sun Nov 19 02:23:14 CET 2006
Maximilian Wilhelm wrote:
> Am Samstag, den 18 November hub Mike Wright folgendes in die Tasten:
>>I'm trying to use ipset from a php script on an apache server.
>>Does anybody know how I might accomplish this?
> I never used ipset, but you could use a generic trick:
> Set the owner of the ipset binary back to root and set the suid bit
> which will result in the ability for everyone who can execute the
> binary to do this "as root".
Excellent! Worked out of the box with no problems.
> You might want to think about an execution restriction (e.g. via the group)
> to prevent people who should no fiddle with ipset from doing so.
Done! As a paranoid I really like that advice.
> I hope you have some access control via your web application...
https, ip, user
More information about the netfilter