Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] running ipchains from CGI script

don't change the ownership of ipchains. 
use sudo. (man sudo for details).
If your cgis are run by user apache then in /etc/sudoers allow user apache to run the ipchains command.
----- Original Message -----
Sent: Sunday, February 24, 2002 11:15 AM
Subject: [SLUG] running ipchains from CGI script

HI all,


I want to create a web based interface that allows me to add or delete ipchains (I want to dynamically allow or deny network access to workstations) – I have a simple PERL script in cgi-bin that runs the command to add or delete a chain – the only problem here is that I get “permission denied, you must be root” when I try to run it. I have created a user called apache_user and made it a member of the root group, then changed the ownership of ipchains to apache_user, still no luck. I have checked out suEXEC but this will not allow the ‘root’ group to execute CGI/SSI programs. Any ideas / completely different approaches greatly appreciated.


rgds and TIA


Nick Reese


Linux earns mindshare, Microsoft buys it...