Dave Miller wrote:
>
>Hello -
>
> Is there a way to allow an additional (non root) user to access the
iptables tool without using sudo or similar?
Hi Dave,
What are you trying to accomplish? What specific parts of
iptables do you want your users to access?
In any case if you are bent on letting your users access iptables I
would develop a suid c program that only accepts specific iptables
manipulations (i.e. only blocking an ip address) and runs the iptables
program. Heavily check the program's arguments so that nothing gets
through but allowed data. Make sure that only designated users will have
the permissions to executer this suid program.
Nathan
