Set up sudo to alllow Apache / PHP to execute iptables commands

Posted on 2007-08-01
Last Modified: 2013-12-16
I need to run iptables commands by using PHP's 'system' function.  Currently no errors are returned when I try to do this, but I don't believe the command is being run either.  When I run the command on the console as root, it works, when trying to run it from PHP, it doesn't.

If I run 'whoami' from PHP it returns 'www-data'.  I tried to set up sudo so www-data can run iptables, but that's where I got lost...
Question by:FWeston
    LVL 16

    Expert Comment


    What is the exit status when you run the iptables command from PHP?? to display the exit status echo $?
    LVL 3

    Accepted Solution

    you will have to make PHP to use sudo. (If this is not possible define an alias or something else). A possible line could be
    www-data    ALL=NOPASSWD:   /sbin/iptables
    (editable with visudo) A comprehensive guide is available at
    LVL 43

    Expert Comment

    And after You configure sudo, don't forget to run from php
    /usr/bin/sudo /sbin/iptables more options

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
    Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now