1

I have been following this iptables guide online and came across a problem where I tried to give myself execute permissions to a file that is owned by root and stored in root's home folder. Here is the online document as a reference: iptables guide

It says:

Make sure you can execute the script

$ chmod +x /root/fw.stop

And then:

You can run the script

$ /root/fw.stop

When I entered the command "chmod +x /root/fw.stop", I received an error "chmod: cannot access `/root/fw.stop': Permission denied".

Obviously, if I want to run the script, I can do so by simply typing "sudo /root/fw.stop", but I'm trying to learn; did the writer of the guide just make a mistake with his syntax that he listed, or am I doing something wrong?

I tried "sudo bash -c "chmod +x /root/fw.stop"" and then tried to run the script again as myself with the command "/root/fw.stop" but I received the error "bash: /root/fw.stop: Permission denied".

Improve this question
1
  • 1
    Your question was very unclear because it didn't include the $ prompt, which is what I assume you were referring to. I have added it.
    – Mikel
    Commented Mar 28, 2011 at 10:45

4 Answers 4

Reset to default
2

The author made a number of mistakes.

  1. The script should be created, chmod'd and executed as root.
  2. The script is missing the shebang to tell it what interpreter to use.

This is what you should be doing:

As root (sudo -s) create the file /root/fw.stop:

$ sudo -s
Enter foo's password:
# nano -w /root/fw.stop

Then enter the following script (note the change in the first line):

#!/bin/sh
echo "Stopping firewall and allowing everyone..."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Then you can chmod it (still as root):

# chmod +x /root/fw.stop

Then you can run it (yes, still as root):

# /root/fw.stop

If you want to run it as anyone other than root then you should use sudo (sudo /root/fw.stop). The setuid bit is possible but a serious security hole as it would allow anyone to run the script.

Improve this answer
1

I've read author article and found these:

$chmod +x /root/fw.stop

You can run the script

$/root/fw.stop

Author had some mistakes here, let see the command prompt, $ should be #, or iptables must be run as root, also same with fw.stop.

Improve this answer
1

Yes, where it says:

$ chmod +x /root/fw.stop
$ /root/fw.stop

the author should have written

# chmod +x /root/fw.stop
# /root/fw.stop

because the rest of the document uses # to mean a command that should be run as root and $ to mean a command that should be run as a user, and those commands would not work as a non-root user.

The first would not work because the user will not be allowed to change permissions on the file owned by root.

The second would not work because

  1. the user will not be allowed to access the script because the user does not have +x permission on /root
  2. the script will run iptables, and only root is allowed to run iptables
Improve this answer
0

I'd guess these funny errors about permission denied are because you're not root when you try to "chmod +x".

Does "sudo -s" help ?

HTH,

JR

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .