ipset: how to run non-root

Mike Wright xktnniuymlla at mailinator.com
Sun Nov 19 02:23:14 CET 2006


Maximilian Wilhelm wrote:
> Am Samstag, den 18 November hub Mike Wright folgendes in die Tasten:
>> 
>>I'm trying to use ipset from a php script on an apache server.
> 
>>Does anybody know how I might accomplish this?
> 
> 
> I never used ipset, but you could use a generic trick:
>  Set the owner of the ipset binary back to root and set the suid bit
>  which will result in the ability for everyone who can execute the
>  binary to do this "as root".
>
Excellent!  Worked out of the box with no problems.

> You might want to think about an execution restriction (e.g. via the group)
> to prevent people who should no fiddle with ipset from doing so.
> 
Done!  As a paranoid I really like that advice.

> I hope you have some access control via your web application...
>
https, ip, user

Danke,
:m)




More information about the netfilter mailing list