1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • Re: sudo fails to save IPTables rules

    From Dan Purgert@21:1/5 to Timothy M Butterworth on Tue Dec 24 02:50:01 2024
    On Dec 23, 2024, Timothy M Butterworth wrote:
    sudo fails with a permission denied error.
    tmb@hp-debian:~$ sudo /usr/sbin/iptables-save > /etc/iptables/rules.v4
    bash: /etc/iptables/rules.v4: Permission denied

    "sudo" only modifies "iptables-save", and not the redirect (it happens
    as your user, *before* the invocation of sudo, as I recall).


    You'll need something like this, so that rules.v4 is opened as root
    rather than your user:
    sudo /usr/sbin/iptables-save | sudo tee /etc/iptables/rules.v4




    --
    |_|O|_|
    |_|_|O| Github: https://github.com/dpurgert
    |O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmdqEtcACgkQbWVw5Uzn KGDipQ/+MC+5CyVL46+WXLp0YFUesFIM/JRAI/CDRuBLET9jT2KjKqlj3auhKr2d B5/DbxonU13aTS/xCg/Hhg5WBYlQuVIdf127W3d8xQNoMUKgkQjNXdIbukyPfdsN RV/vIEJpx1MKaLfMANwfu6qk73ArSxu+pAtDEndman9aP2qCG0B1CjU4n2R2okAW qgc8Qt+ZNm6D3rod61blN8w0TtITyOK34aBlzrZ8sDx89KbvAc+IBCEXgBSNLvUz /5V9CqsAX0MPIuS3zWDw2YuYGrFcUx9wpz9dp5TeRG/oPsqFyRERGsNV29HYb5AB ie2yBztM1SpVrliq9HHOSb3wvEl5NGyxyvmkr77EJgbjQPKaIS8qxnVOOjai4l2+ eAdsZCaPa+Wj8JZAe3unyyTIBpvrLlWPQz+B3YhGn+DLD2BywGiM7JfhIqFJYFYU hhivXGXHXLWAfrFU0RXjmtuvSUnzMr5chfYlfjBOZ0LgN4Jifp2PUmhkmEFmnbr6 VxbX6BxuONF7JsMhFaYNzn+Vp7AZ8A8ZKZonTWFmaX0VgHoY6//tojlQrggYvBmm mzJyQC9GHjXk8t/VbdZNPaNQs7UP5PMruIz3bhko6RXa5Fp8M7jG2zM5sxtmfRNj 11CQqBD3UTbgCr60FHzvdHhB2YqsR8hhGJdHpQc/7wmgocKwSgc=
    =GIFR
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Us
  • From Greg Wooledge@21:1/5 to Dan Purgert on Tue Dec 24 03:10:01 2024
    On Mon, Dec 23, 2024 at 20:48:12 -0500, Dan Purgert wrote:
    On Dec 23, 2024, Timothy M Butterworth wrote:
    sudo fails with a permission denied error.
    tmb@hp-debian:~$ sudo /usr/sbin/iptables-save > /etc/iptables/rules.v4 bash: /etc/iptables/rules.v4: Permission denied

    "sudo" only modifies "iptables-save", and not the redirect (it happens
    as your user, *before* the invocation of sudo, as I recall).

    Correct. Redirects are done by the shell, not by the command the shell executes. The command inherits the redirection.

    You'll need something like this, so that rules.v4 is opened as root
    rather than your user:
    sudo /usr/sbin/iptables-save | sudo tee /etc/iptables/rules.v4

    Or:

    sudo sh -c '/usr/sbin/iptables-save > /etc/iptables/rules.v4'

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Carles Pina i Estany@21:1/5 to Greg Wooledge on Tue Dec 24 07:02:42 2024
    Hi,

    On 23 Dec 2024 at 20:56:14, Greg Wooledge wrote:
    On Mon, Dec 23, 2024 at 20:48:12 -0500, Dan Purgert wrote:
    On Dec 23, 2024, Timothy M Butterworth wrote:
    sudo fails with a permission denied error.
    tmb@hp-debian:~$ sudo /usr/sbin/iptables-save > /etc/iptables/rules.v4 bash: /etc/iptables/rules.v4: Permission denied

    "sudo" only modifies "iptables-save", and not the redirect (it happens
    as your user, *before* the invocation of sudo, as I recall).

    Correct. Redirects are done by the shell, not by the command the shell executes. The command inherits the redirection.

    You'll need something like this, so that rules.v4 is opened as root
    rather than your user:
    sudo /usr/sbin/iptables-save | sudo tee /etc/iptables/rules.v4

    Or:

    sudo sh -c '/usr/sbin/iptables-save > /etc/iptables/rules.v4'

    or, in this particular case (untested, just from reading "man
    iptables-save"):

    sudo /usr/sbin/iptables-save -f /etc/iptables/rules.v4

    --
    Carles Pina i Estany
    https://carles.pina.cat | carles@pina.cat | cpina@debian.org

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEth6/Zob9uGYomaJ+qAKIT2ClX4EFAmdqXJIACgkQqAKIT2Cl X4GzvxAAw0jzmu2Uk0xYT1tzZ/lwdFzISlIoj8QRDZWcN99eoF5WXEvfLGUnnVyY Yy6C/otk+2fITskJB7CcZaS3+rC3eyw93VqS3Jeiy3M4Vmt4wnh4XRDkVCrhL7Mv rTxj6B2YJ0pruI9b3uKqRtDSybebqFMxqPrMb3FYhQ5Mqc7o6ByIuNi4iKP926bv y5c1t45VwhuSwBuUfnTh0sOiZDhUv4Ha0//PuJjBoVujWLX2eZ659CX8Y2Q3QQal oMU5ru2I+2IVCzqGo1LL+gzXDAIA1MOeBe3rDECvy2AQcg88okEnDmSJhbsq+A+u V+ttKdIGvaABI9eJvU3GXquGkWovDtrzcIwRIpJkfhAmEMR1N4SgaJE9Z/NyvV5B DsiYEeecmTfuZsJlxjGMT/ANTTzxQ2QvRjzEyg/zR/vnrJwqjWx7FHuhpXpCZMS0 1KJgFreDTf7zuP8lu5EQ9/iramjBRjlRKCT5ZvnJepwaExtW1EzwtX47Q+S6TRFh F1WOsrgkr/1M0kn5DeQ3rH+PmvEX3/DW1sVKkf5RZBkX2OtCw3C4qzdFq3r7HMbh lV5OnmNHG9g1v21t8z/DmCnxgsD8eVZVrbH6N53WYoVRJhLcaShn5g0gml66tk8H 4uYa9Gmp6MxW70ycDFHQtCKKcQZ8lNpMKmM3i+n91mtZUL3Vn28=
    =S+6s
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)