Allow non-root to run many 'show' commands

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/lib.cli-std

@@ -47,11 +47,10 @@ get_config() {
 	fi
     fi
 
-    if [ "$(id -u)" -eq 0 ]; then
-	config=$(find_file ${PRODUCT}.conf)
-    else
-	[ -n "$g_shorewalldir" ] || fatal_error "Ordinary users may not $COMMAND the $CONFDIR/$PRODUCT configuration"
+    if [ -n "$g_shorewalldir" ]; then
 	config="$g_shorewalldir/$PRODUCT.conf"
+    else
+	config=$(find_file ${PRODUCT}.conf)
     fi
 
     if [ -f $config ]; then
@@ -363,6 +362,17 @@ get_config() {
     [ -f $lib ] && . $lib
 }
 
+#
+# Ensure that the effective UID is 0 or that we are dealing with a private configuration
+#
+ensure_root() {
+    if [ $(id -u) -ne 0 ]; then
+	if [ -z "$g_shorewalldir" -o "$g_shorewalldir" = $CONFDIR/$PRODUCT ]; then
+	    startup_error "Ordinary users may not $COMMAND the $CONFDIR/$PRODUCT configuration"
+	fi
+    fi
+}
+
 #
 # Determine if there are config files newer than the passed object
 #
@@ -413,11 +423,7 @@ compiler() {
 
     pc=${LIBEXECDIR}/shorewall/compiler.pl
 
-    if [ $(id -u) -ne 0 ]; then
-	if [ -z "$g_shorewalldir" -o "$g_shorewalldir" = $CONFDIR/$PRODUCT ]; then
-	    startup_error "Ordinary users may not $COMMAND the $CONFDIR/$PRODUCT configuration"
-	fi
-    fi
+    ensure_root
     #
     # We've now set g_shorewalldir so recalculate CONFIG_PATH
     #
@@ -1741,6 +1747,7 @@ compiler_command() {
 	    compile_command $@
 	    ;;
 	refresh)
+	    only_root
 	    get_config Yes Yes
 	    shift
 	    refresh_command $@
@@ -1762,11 +1769,13 @@ compiler_command() {
 	    export_command $@
 	    ;;
 	try)
+	    only_root
 	    get_config Yes
 	    shift
 	    try_command $@
 	    ;;
 	safe-reload|safe-restart|safe-start)
+	    only_root
 	    get_config Yes
 	    shift
 	    safe_commands $@