[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pfctl for non-root users



just an observation, but the /dev/pf is user root, group wheel, with
no explicit permissions set on the group there, only rw for the user,
root.
I use sudo for pfctl -s*, and havn't ran into any problems, however
this is on FreeBSD, but I don't imagine there being a big difference
otherwise..
You showed yourself su -'ing to 'hatchet', instead of using sudo, sudo
grants you root access, whereas that su only gives you access to
whatever the user has, which in this case isn't high enough access to
use pfctl.  Can you paste your sudoers file and show what you do with
sudo that gives the error?
I use this:
username           ALL=NOPASSWD: /sbin/pfctl -s *
-Ian
On Apr 11, 2005 3:21 AM, Jason Dixon <[email protected]> wrote:
> On Apr 11, 2005, at 5:13 AM, Peter N. M. Hansteen wrote:
> 
> > Jason Dixon <[email protected]> writes:
> >
> >> Is the ability to run pfctl (via sudo) as a non-root user still
> >> broken? I've tested this on a 3.6 -release system, and /dev/pf is
> >> still unavailable for non-root users.
> >
> > [email protected]:~$ ls -l /dev/pf
> > crw-------  1 root  wheel   73,   0 Oct 19 00:02 /dev/pf
> >
> > It certainly looks like being a member of wheel is a distinct
> > advantage,
> > at least.
> >
> > What kinds of operations did you have in mind?
> 
> # su - hatchet
> $ pfctl -vsr
> pfctl: /dev/pf: Permission denied
> $ whoami
> hatchet
> $ groups
> hatchet wheel
> 
> > Would eg a sensible authpf setup help achieve what you want to do?
> 
> It has nothing to do with my question.
> 
> 
> --
> Jason Dixon
> DixonGroup Consulting
> http://www.dixongroup.net
> 
>