allowing non-root to "ipfw show" ?
Eric Crist
mnslinky at gmail.com
Tue Sep 4 08:10:38 PDT 2007
On Sep 4, 2007, at 9:55 AMSep 4, 2007, Bill Moran wrote:
> In response to Juri Mianovich <juri_mian at yahoo.com>:
>
>> Is there any way to allow a non-root user the ability
>> to view firewall rules with:
>>
>> ipfw show
>>
>> I would really like to allow some non-root users to
>> see certain "count" rules I have in place, but they
>> don't seem to be allowed to run 'ipfw' in any
>> capacity.
>>
>> Suggestions ?
>
> sudo will give you this fine-grained control. It's in ports.
To expand on that, a couple lines similar to the following should
work for you:
User_Alias IPFWSHOW = user1, user2, user3
IPFWSHOW ALL = NOPASSWD: /sbin/ipfw show
The command they would need to use would be:
$ sudo ipfw show
The entry dictates that there would be no additional password
required. It also limits them to ipfw show, and they're not able to
use ipfw add, delete, etc.
HTH
-----
Eric F Crist
Secure Computing Networks
More information about the freebsd-questions
mailing list