Re: iptables rules, cron, web auth

Root's cronjobs will run as root. I'm uncertain what webspace authentication has to do with the problem.

I'd be more comfortable if I knew what sort of rule mangling you propose. Most firewall setups rely on restrictive defaults, prepending rules to permit what is permitted. When done dynamically, it is usually part of the 'up' and 'down' -interface (or daemon) scripting. That is commonly done with /bin/sh so that only the root partition is needed to configure. That is a repairability issue.

Node posted through lynx, watch me pound two rocks together!

After Compline,
Zaxo

Comment on Re: iptables rules, cron, web auth

Replies are listed 'Best First'.
Re: (2) iptables rules, cron, web auth by satanklawz (Beadle) on Aug 13, 2002 at 14:53 UTC
i'm working on a web based authentication thing for people on a wlan. when they successfully log in, they can surf freely. so, in the background perl needs to update the iptables rulesets.	[reply]
Permissions by neilwatson (Priest) on Aug 13, 2002 at 15:04 UTC
I see a problem: Your webserver should be running as nobody. Nobody does not have permissions to run iptables. Giving nobody permission makes me leary that you'll be opening up other security issues. Neil Watson watson-wilson.ca	[reply]
Re: (2) iptables rules, cron, web auth by Anonymous Monk on Sep 06, 2002 at 18:32 UTC
Just a note for other people who might have a similar problem. I didn't wind up using perl sudo, too many means and methods for remote exploits. I just installed and am using sudo. What the purpose was was for clients to log into a webpage, once logged in, the script would add an iptables rule to let their traffic go through. Tis all, easy enough.	[reply]