Re: (Perhaps?) dumb pf question relating to tables
On Wed, Nov 10, 2010 at 01:45:16PM +0100, Tor Houghton wrote: May I ask whether or not per user ownership (or permission to update) a table is/will be possible? I am pondering the best mechanism for a non-root process to add/remove addresses to a table. You can look at sysutils/tabled in ports, which provides this functionality (permissions would be controlled by the filesystem permissions on the fifo) I don't think we'll be making /dev/pf accessible by non-root processes any time soon.
Re: (Perhaps?) dumb pf question relating to tables
On Thu, Nov 11, 2010 at 05:32:27PM +0900, Ryan McBride wrote: On Wed, Nov 10, 2010 at 01:45:16PM +0100, Tor Houghton wrote: May I ask whether or not per user ownership (or permission to update) a table is/will be possible? I am pondering the best mechanism for a non-root process to add/remove addresses to a table. You can look at sysutils/tabled in ports, which provides this functionality (permissions would be controlled by the filesystem permissions on the fifo) I don't think we'll be making /dev/pf accessible by non-root processes any time soon. This looks exactly like what I need. Thank you! Kind regards, Tor
Re: (Perhaps?) dumb pf question relating to tables
On Thu, 11 Nov 2010, Tor Houghton wrote:
From: Tor Houghton t...@bogus.net
To: Ryan McBride mcbr...@openbsd.org
Cc: misc@openbsd.org
Date: Thu, 11 Nov 2010 11:06:25
Subject: Re: (Perhaps?) dumb pf question relating to tables
X-Spam-Score: 0.0 (/)
On Thu, Nov 11, 2010 at 05:32:27PM +0900, Ryan McBride wrote:
On Wed, Nov 10, 2010 at 01:45:16PM +0100, Tor Houghton wrote:
May I ask whether or not per user ownership (or permission to update) a
table is/will be possible?
I am pondering the best mechanism for a non-root process to add/remove
addresses to a table.
You can look at sysutils/tabled in ports, which provides this
functionality (permissions would be controlled by the filesystem
permissions on the fifo)
I don't think we'll be making /dev/pf accessible by non-root processes
any time soon.
This looks exactly like what I need.
You could also used pftabled from:
http://www.wolfermann.org/pftabled.html
although it's mainly intended for keeping table(s) in step across
co-operating hosts. Access is controlled by knowing a HMAC-SHA1
keyed hash.
Make this small change to get it to build on OpenBSD4.8:
--- Makefile.in.origWed Feb 4 11:09:33 2009
+++ Makefile.in Thu Nov 11 11:28:31 2010
@@ -27,7 +27,7 @@
${CC} ${LDFLAGS} -o $@ ${SERVEROBJS} ${LIBS}
pftabled.cat1: pftabled.1
- nroff -Tascii -man pftabled.1 pftabled.cat1
+ mandoc -Tascii -mandoc pftabled.1 pftabled.cat1
pftabled-client: ${CLIENTOBJS}
${CC} ${LDFLAGS} -o $@ ${CLIENTOBJS} ${LIBS}
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
d.h.da...@bath.ac.uk Phone: +44 1225 386101
Re: (Perhaps?) dumb pf question relating to tables
On Wed, Nov 10, 2010 at 01:45:16PM +0100, Tor Houghton wrote: Hello, May I ask whether or not per user ownership (or permission to update) a table is/will be possible? I am pondering the best mechanism for a non-root process to add/remove addresses to a table. Privilege separation. Kind regards, Tor
Re: (Perhaps?) dumb pf question relating to tables
On Wed, Nov 10, 2010 at 13:45, Tor Houghton t...@bogus.net wrote: Hello, May I ask whether or not per user ownership (or permission to update) a table is/will be possible? I am pondering the best mechanism for a non-root process to add/remove addresses to a table. Kind regards, Tor You might be interested in having a look at authpf(8) eventually?
