Proper way to give a binary permissions to use iptables without sudo

Unix & Linux Asked by Thomas Braun on December 24, 2020

There is a single binary for my program that needs access to iptables/ip6tables to add/remove entries as required. It seems reasonable to have an install script that sets-up the environment to allow the user to run the binary without the need of using sudo each time. The only time the user would use sudo is for the install, and thereafter, would be able to use their own account to run the binary. The thing is, I’m not sure what commands I should run to enable this in the install script

One Answer

You would create a group for the user(s) who need that permission. Perhaps such a group already exists, e.g. users.

Then do (as root, perhaps by sudo)

# chgrp users /usr/bin/iptables
# chmod u+rxs,o= /usr/sbin/iptables

Then someone in that group ought to be able to run that command as root. (Please adjust the path of iptables as appropriate.)

Another way would be to use sudo to allow a user/group to run that command. Security wise it it equivalent, as long as o= is not omitted from the chmod command. The sudo approach is a little more modern, though - and perhaps a matter of taste.

Correct answer by Ned64 on December 24, 2020

Add your own answers!

Related Questions

convert a html book to a pdf file?

4  Asked on December 10, 2021


How do I kill an IRQ process in Linux?

3  Asked on December 10, 2021 by tmit


How to install gtk3 in CentOS?

1  Asked on December 10, 2021 by prashanth-sams


Swapfile Swapon invalid argument

2  Asked on December 10, 2021 by simernes


What does the Broken pipe message mean in an SSH session?

9  Asked on December 8, 2021 by peter-stuifzand


Ext4 All data deleted, can’t recover

0  Asked on December 8, 2021 by jean-christophe-richter


Ask a Question

Get help from others!

© 2022 All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP