From 3f063193874914d2a4c3d0a52d079bd81e0f4831 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 7 Mar 2008 10:27:20 -0800 Subject: fix non-root iptables usage in nat Bugfix: 2698 Align usage of sudoers /sbin/iptables in NAT to allow non-root user to run commands. --- Makefile.am | 5 +++-- scripts/vyatta-show-nat.pl | 2 +- templates-op/clear/nat/counters/node.def | 2 +- templates-op/show/nat/rules/node.def | 2 +- templates-op/show/nat/statistics/node.def | 2 +- 5 files changed, 7 insertions(+), 6 deletions(-) diff --git a/Makefile.am b/Makefile.am index 231fdca..70f85c2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,8 +6,9 @@ bin_sudo_usersdir = $(bindir)/sudo-users curverdir = $(sysconfdir)/config-migrate/current sbin_SCRIPTS = scripts/vyatta-update-nat.pl -bin_sudo_users_SCRIPTS = scripts/vyatta-show-nat.pl -bin_sudo_users_SCRIPTS += scripts/vyatta-clear-nat +sbin_SCRIPTS += scripts/vyatta-show-nat.pl + +bin_sudo_users_SCRIPTS = scripts/vyatta-clear-nat share_perl5_DATA = scripts/VyattaNatRule.pm curver_DATA = cfg-version/nat@2 diff --git a/scripts/vyatta-show-nat.pl b/scripts/vyatta-show-nat.pl index 9d2b4ff..d4d381c 100755 --- a/scripts/vyatta-show-nat.pl +++ b/scripts/vyatta-show-nat.pl @@ -19,7 +19,7 @@ my %stats = ( source => [ ], destination => [ ], ); -open(STATS, "iptables -t nat -L -vn |") or exit 1; +open(STATS, "/sbin/iptables -t nat -L -vn |") or exit 1; my $skey = ""; while () { if (m/^Chain PREROUTING/) { diff --git a/templates-op/clear/nat/counters/node.def b/templates-op/clear/nat/counters/node.def index a887962..acd6adb 100644 --- a/templates-op/clear/nat/counters/node.def +++ b/templates-op/clear/nat/counters/node.def @@ -1,2 +1,2 @@ help: Clear NAT counters -run: sudo ${vyatta_bindir}/sudo-users/iptables -Z -t nat +run: sudo /sbin/iptables -Z -t nat diff --git a/templates-op/show/nat/rules/node.def b/templates-op/show/nat/rules/node.def index 772e1b0..76e05eb 100644 --- a/templates-op/show/nat/rules/node.def +++ b/templates-op/show/nat/rules/node.def @@ -1,3 +1,3 @@ help: Show configured NAT rule set -run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-nat.pl \ +run: /opt/vyatta/sbin/vyatta-show-nat.pl \ ${vyatta_datadir}/xsl/show_nat_rules.xsl diff --git a/templates-op/show/nat/statistics/node.def b/templates-op/show/nat/statistics/node.def index b4fe23f..ae66e85 100644 --- a/templates-op/show/nat/statistics/node.def +++ b/templates-op/show/nat/statistics/node.def @@ -1,3 +1,3 @@ help: Show statistics for configured NAT rules -run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-nat.pl \ +run: /opt/vyatta/sbin/vyatta-show-nat.pl \ ${vyatta_datadir}/xsl/show_nat_statistics.xsl -- cgit v1.2.3