[Openstack-operators] Horizon execute iptables shell fails by python
shashi dahal
shashi.eu at gmail.com
Thu Jun 12 12:25:34 UTC 2014
Actually, my earlier suggestion of the suid will be a bit overkill for
this.
what you can do in the cmd part is insert the port and some other
information(timestamp) to some database .. mysql/sqlite etc .. so that you
also have a record of it .. and then run a python/shell cron or process
that watches the database and runs the iptables command for you.
Cheers,
Shashi
On Thu, Jun 12, 2014 at 12:59 PM, 苌智 <changzhi1990 at gmail.com> wrote:
> I want to Horizon execute iptables shell. But Only root user can execute
> iptables command . What should I do if I want to execute the code by user
> apache rather than root? This is command to execute iptables command.
> Could someone give me some advice? Thanks a lot!
>
> import subprocess
> def check_output(*popenargs, **kwargs):
> if 'stdout' in kwargs:
> raise ValueError('stdout argument not allowed, it will be overridden.')
> process = subprocess.Popen(stdout=subprocess.PIPE, *popenargs, **kwargs)
> output, unused_err = process.communicate()
> retcode = process.poll()
> if retcode:
> cmd = kwargs.get("args")
> if cmd is None:
> cmd = popenargs[0]
> raise subprocess.CalledProcessError(retcode, cmd)
> return output
>
> def accept_port(port):
> try:
> cmd = r"iptables -A INPUT -p tcp --dport {0} -j ACCEPT && iptables -A OUTPUT -p tcp --sport {0} -j ACCEPT".format(port)
> output = check_output(cmd, shell=True)
> return True
> except Exception:
> return False
> if __name__ == "__main__":
> accept_port(1234)
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
--
Cheers,
Sashi Dahal
http://shashi.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20140612/75c4bab1/attachment.html>
More information about the OpenStack-operators
mailing list