Please Help!!! I need help with iptables permission issue

Hi,

I have two days before I need to demo my project to my teacher and I
need help desperately! I have a HTML form with C++ CGI to enter IP
Table rules, but I am running into permission issues. The CGI calls a
system command to enter the IP Table rule but it is running as apache
user which does not have permission for any of the tables. I have to
either give permission to apache user or make my CGI run as the root.
I don't know how to do any of this, please help me out. I don't
know if any of this makes any sense. I appreciate any help. Please
help. Thanks.


Regards,
Am

"Janice" <linux_help_wanted@yahoo.com> writes:

> I have two days before I need to demo my project to my teacher and I
> need help desperately! I have a HTML form with C++ CGI to enter IP
> Table rules, but I am running into permission issues. The CGI calls a
> system command to enter the IP Table rule but it is running as apache
> user which does not have permission for any of the tables. I have to
> either give permission to apache user or make my CGI run as the root.
> I don't know how to do any of this, please help me out. I don't
> know if any of this makes any sense. I appreciate any help. Please
> help. Thanks.

man sudo

~Tim
--
River, oh river, river running deep |piglet@stirfried.vegetable.org.uk
Bring me something |http://spodzone.org.uk/pigmail/
That will let me get to sleep |

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Janice wrote:
| Hi,
|
| I have two days before I need to demo my project to my teacher and I
| need help desperately! I have a HTML form with C++ CGI to enter IP
| Table rules, but I am running into permission issues. The CGI calls a
| system command to enter the IP Table rule but it is running as apache
| user which does not have permission for any of the tables. I have to
| either give permission to apache user or make my CGI run as the root.
| I don't know how to do any of this, please help me out. I don't
| know if any of this makes any sense. I appreciate any help. Please
| help. Thanks.

The quickest fix I can think of is to set up rules in /etc/sudoers to permit
your apache userid to run the iptables command, and then change your system()
call to invoke sudo (i.e. system("sudo iptables ..."); )

- --
Lew Pitcher
IT Consultant, Enterprise Data Systems,
Enterprise Technology Solutions, TD Bank Financial Group

(Opinions expressed are my own, not my employers')
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFBtLLHagVFX4UWr64RAgLrAKDduyu0q5A7AjeQ9n1job XJKSCFnwCfQN0H
r23qKQ+iUlu1ttDXzMHLKVw=
=WgVY
-----END PGP SIGNATURE-----

It is not really recommended to run apache as root, but to get you out
of this jam quickly you can edit the "httpd.conf" file and change the
parameter where references the "apache" user to "root". Then restart
apache. For a longer term solution you could probably wrap a sudo
command to read/write to iptable file.
Hope this helps.

www.bostontechgroup.com

Janice hi.

Stop messing with iptables before you hurt yourself. Instead, go to

http://simonzone.com/software/guarddog/

MUCH simpler.

Cheers, Andy

Janice wrote:
> Hi,
>
> I have two days before I need to demo my project to my teacher and I
> need help desperately! I have a HTML form with C++ CGI to enter IP
> Table rules, but I am running into permission issues. The CGI calls a
> system command to enter the IP Table rule but it is running as apache
> user which does not have permission for any of the tables. I have to
> either give permission to apache user or make my CGI run as the root.
> I don't know how to do any of this, please help me out. I don't
> know if any of this makes any sense. I appreciate any help. Please
> help. Thanks.
>
>
> Regards,
> Am
>