[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pfctl for non-root users



On Apr 12, 2005 12:42 AM, Ian <[email protected]> wrote:
> On Apr 11, 2005 12:03 PM, Kimi Ostro <[email protected]> wrote:
---%< snip %<---
> > localhost% ssh -l test remotehost
> > Last login: Tues Nov 2 02:52:42 2004 from localhost
> > OpenBSD 3.6-stable (GENERIC) #0: Sat Jan 22 14:41:42 GMT 2005
> >
> > remotehost$ whoami
> > test
> > remotehost$ user info test
> > login   test
> > passwd  *
> > uid     1002
> > groups  test
> > change  NEVER
> > class   default
> > gecos   &
> > dir     /usr/home/test
> > shell   /bin/sh
> > expire  NEVER
> > remotehost$ ls -lf /dev/pf
> > cr-------  1 root  wheel   73,   0 Jan 22 14:14 /dev/pf
> > remotehost$ whereis pfctl
> > /sbin/pfctl
> > remotehost$ ls -lf /sbin/pfctl
> > -r-xr-xr-x  1 root  bin  383532 Jan 22 14:14 /sbin/pfctl
> > remotehost$ pfctl -nf pf.conf
> 
> > remotehost$ ls -lf /etc/pf.conf
> > -rw-------  1 root  wheel  4015 Apr 11 02:46 /etc/pf.conf
> > remotehost$ pfctl -nf /etc/pf.conf
> > pfctl: /etc/pf.conf: Permission denied
> > remotehost$
> 
> The file permissions on /etc/pf.conf are 600, owned by root, so unless
> you're root (or using sudo), you won't be able to access that file
> anyways.
It was just a real-world working example, with an un-privileged user.
> For the command just above your ls, 'pfctl -nf pf.conf' what is your pwd?
remotehost$ pwd
/usr/home/test
remotehost$ 
my example was verbatim (well, some sanitizing involved); I've just
SSH'd into my firewall/gateway, which usually would put the user into
$HOME, which for user test expands to /usr/home/test, issued the
previous commands in order give another hopefully useful example,
going by the premise that one example is good, two is better.
sorry if there was any confusion anyhow.
> >
-- 
spamassassinexception