Tom Eastep wrote: > The non-priv user must have read access to /etc/shorewll/params and > /etc/shorewall/shorewall.conf > > - /etc/shorewall/shorewall.conf contains the site-wide SHOREWALL_COMPILER > directive and the default VERBOSITY settings. Both are needed by > /sbin/shorewall. > > - /etc/shorewall/shorewall.conf can contain shell variable expansions; that > requires that /etc/shorewall/params be processed before > /etc/shorewall/shorewall.conf.
Incidentally, this is all explained at http://www.shorewall.net/CompiledPrograms.html#Lite in the Caution in item a): Caution If you want to be able to allow non-root users to manage remote filewall systems, then the files /etc/shorewall/params and /etc/shorewall/shorewall.conf must be readable by all users on the administrative system. Not all packages secure the files that way and you may have to change the file permissions yourself. /sbin/shorewall uses the SHOREWALL_SHELL setting from /etc/shorewall/shorewall.conf to determine the shell to use when compiling programs and it uses the VERBOSITY setting for determining how much output the compiler generates. All other settings are taken from the shorewall.conf file in the remote systems export directory (see below). Beginning with Shorewall 4.0, the SHOREWALL_COMPILER setting is also needed from /etc/shorewall/shorewall.conf. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
