miércoles, agosto 03, 2011

linux routing

Habilitar a cualquiera para poder modificar las rutas:

if you did the following as root:
setcap cap_net_admin=+eip /sbin/route

anyone that could run the route command could do routing changes. so a possibility is to make /sbin/route mode 0550 and a special routing group and have the process be run by a user in that routing group.

No hay comentarios.: