Hello, please excuse me if this has been discussed or even solved before, but I could not find it in the archives.
I'm in the process of migrating several gateways to shorewall-lite, keeping the configfiles on one central adminstrative machine, basically following the guide at http://www.shorewall.net/CompiledPrograms.html . As I understand it, the local /etc/shorewall directory on the administrative machine should not be used at all for the compilation. All that matters should the export directory for the host currently compiled. Because of that, I figured there should not be much reason to be root while compiling. (Deploying yes, but just preparing no, right?) I must have misunderstood something or nobody tried this before: % id -u 501 % cd ~/svn/admin/shorewall/hosts/tim % shorewall compile -e -C perl . firewall /sbin/shorewall: line 134: /etc/shorewall/params: Permission denied % shorewall version 4.0.5 This is shorewall-4.0.5 with the perl compiler, both from the shorewall rpm packages by Simon Matter. On a related note, I find installing /sbin/shorewall with permissions 0700 questionable - given that the code is publicly available to anybody through the web. Only makes it annoying for non-root users. Apart from that - we love shorewall over here, especially the shorewall-lite/perl-combination rocks! Many thanks for that, esp. Tom! regards, bkw ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
