There is a single binary for my program that needs access to iptables/ip6tables to add/remove entries as required. It seems reasonable to have an install script that sets-up the environment to allow the user to run the binary without the need of using sudo each time. The only time the user would use sudo is for the install, and thereafter, would be able to use their own account to run the binary. The thing is, I'm not sure what commands I should run to enable this in the install script
Asked
Active
Viewed 1,214 times
1
-
1Does this answer your question? How to run a specific program as root without a password prompt? – Panki Dec 11 '20 at 18:53
1 Answers
2
You would create a group for the user(s) who need that permission. Perhaps such a group already exists, e.g. users.
Then do (as root, perhaps by sudo)
# chgrp users /usr/bin/iptables
# chmod u+rxs,o= /usr/sbin/iptables
Then someone in that group ought to be able to run that command as root. (Please adjust the path of iptables as appropriate.)
Another way would be to use sudo to allow a user/group to run that command. Security wise it it equivalent, as long as o= is not omitted from the chmod command. The sudo approach is a little more modern, though - and perhaps a matter of taste.
Ned64
- 8,726