diff options
| author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2008-03-07 10:27:20 -0800 |
|---|---|---|
| committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2008-03-07 10:29:58 -0800 |
| commit | 3f063193874914d2a4c3d0a52d079bd81e0f4831 (patch) | |
| tree | 903e95051c84706019e0acad19f146ad63eeeb05 | |
| parent | 79af7637dcba8aa1d9f52655800e4ef7caedb03c (diff) | |
| download | vyatta-nat-3f063193874914d2a4c3d0a52d079bd81e0f4831.tar.gz vyatta-nat-3f063193874914d2a4c3d0a52d079bd81e0f4831.zip | |
fix non-root iptables usage in nat
Bugfix: 2698
Align usage of sudoers /sbin/iptables in NAT to allow non-root user
to run commands.
| -rw-r--r-- | Makefile.am | 5 | ||||
| -rwxr-xr-x | scripts/vyatta-show-nat.pl | 2 | ||||
| -rw-r--r-- | templates-op/clear/nat/counters/node.def | 2 | ||||
| -rw-r--r-- | templates-op/show/nat/rules/node.def | 2 | ||||
| -rw-r--r-- | templates-op/show/nat/statistics/node.def | 2 |
5 files changed, 7 insertions, 6 deletions
diff --git a/Makefile.am b/Makefile.am index 231fdca..70f85c2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,8 +6,9 @@ bin_sudo_usersdir = $(bindir)/sudo-users curverdir = $(sysconfdir)/config-migrate/current sbin_SCRIPTS = scripts/vyatta-update-nat.pl -bin_sudo_users_SCRIPTS = scripts/vyatta-show-nat.pl -bin_sudo_users_SCRIPTS += scripts/vyatta-clear-nat +sbin_SCRIPTS += scripts/vyatta-show-nat.pl + +bin_sudo_users_SCRIPTS = scripts/vyatta-clear-nat share_perl5_DATA = scripts/VyattaNatRule.pm curver_DATA = cfg-version/nat@2 diff --git a/scripts/vyatta-show-nat.pl b/scripts/vyatta-show-nat.pl index 9d2b4ff..d4d381c 100755 --- a/scripts/vyatta-show-nat.pl +++ b/scripts/vyatta-show-nat.pl @@ -19,7 +19,7 @@ my %stats = ( source => [ ], destination => [ ], ); -open(STATS, "iptables -t nat -L -vn |") or exit 1; +open(STATS, "/sbin/iptables -t nat -L -vn |") or exit 1; my $skey = ""; while (<STATS>) { if (m/^Chain PREROUTING/) { diff --git a/templates-op/clear/nat/counters/node.def b/templates-op/clear/nat/counters/node.def index a887962..acd6adb 100644 --- a/templates-op/clear/nat/counters/node.def +++ b/templates-op/clear/nat/counters/node.def @@ -1,2 +1,2 @@ help: Clear NAT counters -run: sudo ${vyatta_bindir}/sudo-users/iptables -Z -t nat +run: sudo /sbin/iptables -Z -t nat diff --git a/templates-op/show/nat/rules/node.def b/templates-op/show/nat/rules/node.def index 772e1b0..76e05eb 100644 --- a/templates-op/show/nat/rules/node.def +++ b/templates-op/show/nat/rules/node.def @@ -1,3 +1,3 @@ help: Show configured NAT rule set -run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-nat.pl \ +run: /opt/vyatta/sbin/vyatta-show-nat.pl \ ${vyatta_datadir}/xsl/show_nat_rules.xsl diff --git a/templates-op/show/nat/statistics/node.def b/templates-op/show/nat/statistics/node.def index b4fe23f..ae66e85 100644 --- a/templates-op/show/nat/statistics/node.def +++ b/templates-op/show/nat/statistics/node.def @@ -1,3 +1,3 @@ help: Show statistics for configured NAT rules -run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-nat.pl \ +run: /opt/vyatta/sbin/vyatta-show-nat.pl \ ${vyatta_datadir}/xsl/show_nat_statistics.xsl |