[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pfctl for non-root users



On Apr 11, 2005 2:15 PM, Henning Brauer <[email protected]> wrote:
> * Matt Rowley <[email protected]> [2005-04-11 14:05]:
> > I don't believe it's ever been possible to run pfctl as non-root
> 
> it is possible and desirable to run pfctl -n as non-root.
> 
> --
> Henning Brauer, [email protected], [email protected]
> BS Web Services, http://bsws.de
> OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
> 
localhost% ssh -l test remotehost
Last login: Tues Nov 2 02:52:42 2004 from localhost
OpenBSD 3.6-stable (GENERIC) #0: Sat Jan 22 14:41:42 GMT 2005
remotehost$ whoami
test
remotehost$ user info test
login   test
passwd  *
uid     1002
groups  test
change  NEVER
class   default
gecos   &
dir     /usr/home/test
shell   /bin/sh
expire  NEVER
remotehost$ ls -lf /dev/pf
cr-------  1 root  wheel   73,   0 Jan 22 14:14 /dev/pf
remotehost$ whereis pfctl
/sbin/pfctl
remotehost$ ls -lf /sbin/pfctl
-r-xr-xr-x  1 root  bin  383532 Jan 22 14:14 /sbin/pfctl
remotehost$ pfctl -nf pf.conf
remotehost$ ls -lf /etc/pf.conf
-rw-------  1 root  wheel  4015 Apr 11 02:46 /etc/pf.conf
remotehost$ pfctl -nf /etc/pf.conf
pfctl: /etc/pf.conf: Permission denied
remotehost$
That's without sudo?
-- 
spamassassinexception