Unix & Linux Asked by Thomas Braun on December 24, 2020
There is a single binary for my program that needs access to iptables/ip6tables to add/remove entries as required. It seems reasonable to have an install script that sets-up the environment to allow the user to run the binary without the need of using sudo each time. The only time the user would use sudo is for the install, and thereafter, would be able to use their own account to run the binary. The thing is, I’m not sure what commands I should run to enable this in the install script
You would create a group for the user(s) who need that permission. Perhaps such a group already exists, e.g. users.
Then do (as root, perhaps by sudo)
# chgrp users /usr/bin/iptables
# chmod u+rxs,o= /usr/sbin/iptables
Then someone in that group ought to be able to run that command as root. (Please adjust the path of iptables as appropriate.)
Another way would be to use sudo to allow a user/group to run that command. Security wise it it equivalent, as long as o= is not omitted from the chmod command. The sudo approach is a little more modern, though - and perhaps a matter of taste.
Correct answer by Ned64 on December 24, 2020
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP