Date: Tue, 4 Sep 2007 10:10:31 -0500 From: Eric Crist <mnslinky@gmail.com> To: Bill Moran <wmoran@potentialtech.com> Cc: Juri Mianovich <juri_mian@yahoo.com>, freebsd-questions@freebsd.org Subject: Re: allowing non-root to "ipfw show" ? Message-ID: <F446B368-FB22-44E9-8F9F-BDA42C466ADE@gmail.com> In-Reply-To: <20070904105515.05e0d875.wmoran@potentialtech.com> References: <521035.63933.qm@web45613.mail.sp1.yahoo.com> <20070904105515.05e0d875.wmoran@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 4, 2007, at 9:55 AMSep 4, 2007, Bill Moran wrote: > In response to Juri Mianovich <juri_mian@yahoo.com>: > >> Is there any way to allow a non-root user the ability >> to view firewall rules with: >> >> ipfw show >> >> I would really like to allow some non-root users to >> see certain "count" rules I have in place, but they >> don't seem to be allowed to run 'ipfw' in any >> capacity. >> >> Suggestions ? > > sudo will give you this fine-grained control. It's in ports. To expand on that, a couple lines similar to the following should work for you: User_Alias IPFWSHOW = user1, user2, user3 IPFWSHOW ALL = NOPASSWD: /sbin/ipfw show The command they would need to use would be: $ sudo ipfw show The entry dictates that there would be no additional password required. It also limits them to ipfw show, and they're not able to use ipfw add, delete, etc. HTH ----- Eric F Crist Secure Computing Networks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F446B368-FB22-44E9-8F9F-BDA42C466ADE>