<div dir="ltr">I want to Horizon execute iptables shell. But Only root user can execute iptables command . <span style="color:rgb(0,0,0);font-family:Arial,'Liberation Sans','DejaVu Sans',sans-serif;font-size:14px;line-height:18px">What should I do if I want to execute the code by user </span><code style="margin:0px;padding:1px 5px;border:0px;font-size:14px;vertical-align:baseline;background-color:rgb(238,238,238);font-family:Consolas,Menlo,Monaco,'Lucida Console','Liberation Mono','DejaVu Sans Mono','Bitstream Vera Sans Mono','Courier New',monospace,serif;white-space:pre-wrap;color:rgb(0,0,0);line-height:18px">apache</code><span style="color:rgb(0,0,0);font-family:Arial,'Liberation Sans','DejaVu Sans',sans-serif;font-size:14px;line-height:18px"> rather than </span><code style="margin:0px;padding:1px 5px;border:0px;font-size:14px;vertical-align:baseline;background-color:rgb(238,238,238);font-family:Consolas,Menlo,Monaco,'Lucida Console','Liberation Mono','DejaVu Sans Mono','Bitstream Vera Sans Mono','Courier New',monospace,serif;white-space:pre-wrap;color:rgb(0,0,0);line-height:18px">root</code><span style="color:rgb(0,0,0);font-family:Arial,'Liberation Sans','DejaVu Sans',sans-serif;font-size:14px;line-height:18px">? This is command to execute iptables command. Could someone give me some advice? Thanks a lot!</span><div>
<pre class="" style="margin-top:0px;margin-bottom:10px;padding:5px;border:0px;font-size:14px;vertical-align:baseline;background-color:rgb(238,238,238);font-family:Consolas,Menlo,Monaco,'Lucida Console','Liberation Mono','DejaVu Sans Mono','Bitstream Vera Sans Mono','Courier New',monospace,serif;overflow:auto;width:auto;max-height:600px;word-wrap:normal;color:rgb(0,0,0);line-height:18px">
<code style="margin:0px;padding:0px;border:0px;vertical-align:baseline;font-family:Consolas,Menlo,Monaco,'Lucida Console','Liberation Mono','DejaVu Sans Mono','Bitstream Vera Sans Mono','Courier New',monospace,serif;white-space:inherit"><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">import</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> subprocess

</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">def</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> check_output</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">(*</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">popenargs</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">,</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">**</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">kwargs</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">):</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
    </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">if</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(128,0,0)">'stdout'</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">in</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> kwargs</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">:</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
        </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">raise</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(43,145,175)">ValueError</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">(</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(128,0,0)">'stdout argument not allowed, it will be overridden.'</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">)</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
    process </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">=</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> subprocess</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">.</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(43,145,175)">Popen</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">(</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">stdout</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">=</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">subprocess</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">.</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">PIPE</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">,</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">*</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">popenargs</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">,</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">**</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">kwargs</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">)</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
    output</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">,</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> unused_err </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">=</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> process</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">.</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">communicate</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">()</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
    retcode </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">=</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> process</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">.</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">poll</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">()</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
    </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">if</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> retcode</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">:</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
        cmd </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">=</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> kwargs</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">.</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">get</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">(</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(128,0,0)">"args"</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">)</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
        </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">if</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> cmd </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">is</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">None</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">:</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
            cmd </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">=</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> popenargs</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">[</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(128,0,0)">0</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">]</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
        </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">raise</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> subprocess</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">.</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(43,145,175)">CalledProcessError</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">(</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">retcode</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">,</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> cmd</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">)</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
    </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">return</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> output


</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">def</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> accept_port</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">(</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">port</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">):</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
    </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">try</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">:</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
        cmd </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">=</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> r</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(128,0,0)">"iptables -A INPUT -p tcp --dport {0} -j ACCEPT && iptables -A OUTPUT -p tcp --sport {0} -j ACCEPT"</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">.</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">format</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">(</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">port</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">)</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
        output </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">=</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> check_output</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">(</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">cmd</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">,</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> shell</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">=</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">True</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">)</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
        </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">return</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">True</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
    </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">except</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(43,145,175)">Exception</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">:</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
        </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">return</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">False</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">

</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(0,0,139)">if</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> __name__ </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">==</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent"> </span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(128,0,0)">"__main__"</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">:</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">
    accept_port</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent">(</span><span class="" style="margin:0px;padding:0px;border:0px;vertical-align:baseline;background-color:transparent;color:rgb(128,0,0)">1234)</span></code></pre>
</div></div>