From 3eb88b7d21d860b5d1af8fb5c9cc7c110a0d7848 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Mon, 25 Feb 2008 13:55:27 -0800
Subject: elminate use of sudo for iptables -L

Vyatta kernel allows non-root users to display iptables rules
as non-root user. This eliminates the use of sudo except for the
special case of clearing counters.
---
 templates/clear/firewall/name/node.tag/node.def                | 2 +-
 templates/show/firewall/node.def                               | 2 +-
 templates/show/firewall/node.tag/detail/node.def               | 2 +-
 templates/show/firewall/node.tag/detail/rule/node.tag/node.def | 3 ++-
 templates/show/firewall/node.tag/node.def                      | 4 ++--
 templates/show/firewall/node.tag/rule/node.tag/node.def        | 2 +-
 templates/show/firewall/node.tag/statistics/node.def           | 2 +-
 7 files changed, 9 insertions(+), 8 deletions(-)

(limited to 'templates')

diff --git a/templates/clear/firewall/name/node.tag/node.def b/templates/clear/firewall/name/node.tag/node.def
index 6a61828..4d67bc1 100644
--- a/templates/clear/firewall/name/node.tag/node.def
+++ b/templates/clear/firewall/name/node.tag/node.def
@@ -1,2 +1,2 @@
 help: Clear firewall rules for a given chain
-allowed: sudo ${vyatta_bindir}/sudo-users/iptables --list -n | /bin/grep ^Chain | /usr/bin/awk '{ print $2 }'
\ No newline at end of file
+allowed:  /sbin/iptables --list -n | /bin/grep ^Chain | /usr/bin/awk '{ print $2 }'
diff --git a/templates/show/firewall/node.def b/templates/show/firewall/node.def
index c27582d..376c8e3 100644
--- a/templates/show/firewall/node.def
+++ b/templates/show/firewall/node.def
@@ -1,3 +1,3 @@
 help: Show firewall information
-run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-firewall.pl -all /opt/vyatta/share/xsl/show_firewall.xsl
+run: ${vyatta_bindir}/vyatta-show-firewall.pl -all /opt/vyatta/share/xsl/show_firewall.xsl
 
diff --git a/templates/show/firewall/node.tag/detail/node.def b/templates/show/firewall/node.tag/detail/node.def
index f5295dd..b3b65b6 100644
--- a/templates/show/firewall/node.tag/detail/node.def
+++ b/templates/show/firewall/node.tag/detail/node.def
@@ -1,3 +1,3 @@
 help: Show firewall rules (detail output)
-run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-firewall.pl $3 /opt/vyatta/share/xsl/show_firewall_detail.xsl
+run: ${vyatta_bindir}/vyatta-show-firewall.pl $3 /opt/vyatta/share/xsl/show_firewall_detail.xsl
 
diff --git a/templates/show/firewall/node.tag/detail/rule/node.tag/node.def b/templates/show/firewall/node.tag/detail/rule/node.tag/node.def
index f3af458..8456577 100644
--- a/templates/show/firewall/node.tag/detail/rule/node.tag/node.def
+++ b/templates/show/firewall/node.tag/detail/rule/node.tag/node.def
@@ -1,4 +1,5 @@
 help: Show detailed information about one firewall rule
 allowed: echo -n "<NUMBER>"
-run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-firewall.pl $3 /opt/vyatta/share/xsl/show_firewall_detail.xsl $6
+run: ${vyatta_bindir}/vyatta-show-firewall.pl $3 /opt/vyatta/share/xsl/show_firewall_detail.xsl $6
+
 
diff --git a/templates/show/firewall/node.tag/node.def b/templates/show/firewall/node.tag/node.def
index 134ad7d..74ce3cf 100644
--- a/templates/show/firewall/node.tag/node.def
+++ b/templates/show/firewall/node.tag/node.def
@@ -1,4 +1,4 @@
 help: Show firewall rules for given chain
-allowed: sudo ${vyatta_bindir}/sudo-users/iptables --list -n | /bin/grep ^Chain | /usr/bin/awk '{ print $2 }'
-run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-firewall.pl $3 /opt/vyatta/share/xsl/show_firewall.xsl
+allowed: /sbin/iptables --list -n | /bin/grep ^Chain | /usr/bin/awk '{ print $2 }'
+run: ${vyatta_bindir}/vyatta-show-firewall.pl $3 /opt/vyatta/share/xsl/show_firewall.xsl
 
diff --git a/templates/show/firewall/node.tag/rule/node.tag/node.def b/templates/show/firewall/node.tag/rule/node.tag/node.def
index cf252ed..1bf5b47 100644
--- a/templates/show/firewall/node.tag/rule/node.tag/node.def
+++ b/templates/show/firewall/node.tag/rule/node.tag/node.def
@@ -1,4 +1,4 @@
 help: Show firewall rules (summary output)
 allowed: echo -n "<NUMBER>"
-run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-firewall.pl $3 /opt/vyatta/share/xsl/show_firewall.xsl $5
+run: ${vyatta_bindir}/vyatta-show-firewall.pl $3 /opt/vyatta/share/xsl/show_firewall.xsl $5
 
diff --git a/templates/show/firewall/node.tag/statistics/node.def b/templates/show/firewall/node.tag/statistics/node.def
index fcbdddc..1897e12 100644
--- a/templates/show/firewall/node.tag/statistics/node.def
+++ b/templates/show/firewall/node.tag/statistics/node.def
@@ -1,3 +1,3 @@
 help: Show firewall counter information
-run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-firewall.pl $3 /opt/vyatta/share/xsl/show_firewall_statistics.xsl
+run: ${vyatta_bindir}/vyatta-show-firewall.pl $3 /opt/vyatta/share/xsl/show_firewall_statistics.xsl
 
-- 
cgit v1.2.3