Tom Eastep wrote: > Bernhard Weisshuhn wrote: > >> As I understand it, the local /etc/shorewall directory on the >> administrative machine should not be used at all for the compilation. > > Not so -- see below. > >> All that matters should the export directory for the host currently >> compiled. Because of that, I figured there should not be much reason >> to be root while compiling. (Deploying yes, but just preparing no, right?) > > Correct > >> I must have misunderstood something or nobody tried this before: >> >> % id -u >> 501 >> % cd ~/svn/admin/shorewall/hosts/tim >> % shorewall compile -e -C perl . firewall >> /sbin/shorewall: line 134: /etc/shorewall/params: Permission denied >> % shorewall version >> 4.0.5 > > The non-priv user must have read access to /etc/shorewll/params and > /etc/shorewall/shorewall.conf > > - /etc/shorewall/shorewall.conf contains the site-wide SHOREWALL_COMPILER > directive and the default VERBOSITY settings. Both are needed by > /sbin/shorewall. > > - /etc/shorewall/shorewall.conf can contain shell variable expansions; that > requires that /etc/shorewall/params be processed before > /etc/shorewall/shorewall.conf. > > ~/svn/admin/shorewall/hosts/tim/shorewall.conf should set the CONFIG_PATH in > such a way that it omits /etc/shorewall/. That way, the compiler will not > look in /etc/shorewall/ for any of the other files. > > The tarball installer and the RPM from shorewall.conf install both files > with mode 0644.
That should have read: The tarball installer and the RPM from _shorewall.net_ install both files with mode 0644. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
