From dc3a6c41106df19151b7abc4e16547a7c34a6d1a Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 4 Feb 2007 17:47:55 +0000 Subject: [PATCH] Mention shorewall.conf security in the Shorewall Lite documentation git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5361 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/CompiledPrograms.xml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml index c472dfe30..20d3533c4 100644 --- a/docs/CompiledPrograms.xml +++ b/docs/CompiledPrograms.xml @@ -115,7 +115,7 @@ The shorewall-lite call command allows you to to call interactively any Shorewall function that you can - call in an extension script. + call in an extension script. @@ -212,6 +212,21 @@ network. You need not configure Shorewall there and you may totally disable startup of Shorewall in your init scripts. For ease of reference, we call this system the 'administrative system'. + + + If you want to be able to allow non-root users to manage + remote filewall systems, then the file + /etc/shorewall/shorewall.conf must be readable + by all users on the administrative system. Not all packages secure + the file that way and you may have to change the file permissions + yourself. /sbin/shorewall uses the SHOREWALL_SHELL setting from + /etc/shorewall/shorewall.conf to determine the + shell to use when compiling programs and it uses the VERBOSITY + setting for determining how much output the compiler generates. All + other settings are taken from the shorewall.conf + file in the remote systems export + directory (see below). +