How to check UFW status without sudo (or being root)? [duplicate]





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







3
















This question already has an answer here:




  • How do I run specific sudo commands without a password?

    2 answers




I'm running some scripts to check the UFW status and would like to run sudo ufw status without having to do sudo. I was hoping to find a firewall or ufw group to add myself to, but I didn't find any.



How can I allow any user X to do the ufw status without being root or asking for sudo password?




UPDATE:



I wanted to try to add my own file to /etc/sudoers.d/, but was lazy so decided to copy one already existing, like this:



sudo cp /etc/sudoers.d/mintupdate /etc/sudoers.d/firewall_status


Don't do That! You will not be able to do sudo or login again. I had to do a boot recovery. Instead use:



sudo visudo -f /etc/sudoers.d/ufwstatus


Now just follow the accepted answer below.






sudo firewall ufw







share|improve this question















marked as duplicate by vidarlo, Charles Green, karel, Fabby, Warren Hill Feb 11 at 15:35


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.



















  • Would it be an option to run sudo ufw ... without password? I doubt that running firewall things without root privilege will work.

    – Thomas
    Feb 10 at 14:17











  • No, that would open a huge security hole.

    – not2qubit
    Feb 10 at 14:37











  • What would be the difference between to allow a group using ufw without and with sudo?

    – Thomas
    Feb 10 at 14:40











  • Well it depend on what you mean. If you mean to just chmod 777, then I'd rather say no, as any user could disable the FW. I'm looking for a proper solution to add people to groups or add specific users/execs to some sudoers list.

    – not2qubit
    Feb 10 at 14:53











  • One doesn't need sudo - simply service ufw status

    – waltinator
    Feb 10 at 15:28


















3
















This question already has an answer here:




  • How do I run specific sudo commands without a password?

    2 answers




I'm running some scripts to check the UFW status and would like to run sudo ufw status without having to do sudo. I was hoping to find a firewall or ufw group to add myself to, but I didn't find any.



How can I allow any user X to do the ufw status without being root or asking for sudo password?




UPDATE:



I wanted to try to add my own file to /etc/sudoers.d/, but was lazy so decided to copy one already existing, like this:



sudo cp /etc/sudoers.d/mintupdate /etc/sudoers.d/firewall_status


Don't do That! You will not be able to do sudo or login again. I had to do a boot recovery. Instead use:



sudo visudo -f /etc/sudoers.d/ufwstatus


Now just follow the accepted answer below.






sudo firewall ufw







share|improve this question















marked as duplicate by vidarlo, Charles Green, karel, Fabby, Warren Hill Feb 11 at 15:35


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.



















  • Would it be an option to run sudo ufw ... without password? I doubt that running firewall things without root privilege will work.

    – Thomas
    Feb 10 at 14:17











  • No, that would open a huge security hole.

    – not2qubit
    Feb 10 at 14:37











  • What would be the difference between to allow a group using ufw without and with sudo?

    – Thomas
    Feb 10 at 14:40











  • Well it depend on what you mean. If you mean to just chmod 777, then I'd rather say no, as any user could disable the FW. I'm looking for a proper solution to add people to groups or add specific users/execs to some sudoers list.

    – not2qubit
    Feb 10 at 14:53











  • One doesn't need sudo - simply service ufw status

    – waltinator
    Feb 10 at 15:28














3












3








3









This question already has an answer here:




  • How do I run specific sudo commands without a password?

    2 answers




I'm running some scripts to check the UFW status and would like to run sudo ufw status without having to do sudo. I was hoping to find a firewall or ufw group to add myself to, but I didn't find any.



How can I allow any user X to do the ufw status without being root or asking for sudo password?




UPDATE:



I wanted to try to add my own file to /etc/sudoers.d/, but was lazy so decided to copy one already existing, like this:



sudo cp /etc/sudoers.d/mintupdate /etc/sudoers.d/firewall_status


Don't do That! You will not be able to do sudo or login again. I had to do a boot recovery. Instead use:



sudo visudo -f /etc/sudoers.d/ufwstatus


Now just follow the accepted answer below.






sudo firewall ufw







share|improve this question

















This question already has an answer here:




  • How do I run specific sudo commands without a password?

    2 answers




I'm running some scripts to check the UFW status and would like to run sudo ufw status without having to do sudo. I was hoping to find a firewall or ufw group to add myself to, but I didn't find any.



How can I allow any user X to do the ufw status without being root or asking for sudo password?




UPDATE:



I wanted to try to add my own file to /etc/sudoers.d/, but was lazy so decided to copy one already existing, like this:



sudo cp /etc/sudoers.d/mintupdate /etc/sudoers.d/firewall_status


Don't do That! You will not be able to do sudo or login again. I had to do a boot recovery. Instead use:



sudo visudo -f /etc/sudoers.d/ufwstatus


Now just follow the accepted answer below.





This question already has an answer here:




  • How do I run specific sudo commands without a password?

    2 answers







sudo firewall ufw




sudo firewall ufw






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 10 at 21:53







not2qubit

















asked Feb 10 at 13:30









not2qubitnot2qubit

292210




292210




marked as duplicate by vidarlo, Charles Green, karel, Fabby, Warren Hill Feb 11 at 15:35


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.









marked as duplicate by vidarlo, Charles Green, karel, Fabby, Warren Hill Feb 11 at 15:35


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.















  • Would it be an option to run sudo ufw ... without password? I doubt that running firewall things without root privilege will work.

    – Thomas
    Feb 10 at 14:17











  • No, that would open a huge security hole.

    – not2qubit
    Feb 10 at 14:37











  • What would be the difference between to allow a group using ufw without and with sudo?

    – Thomas
    Feb 10 at 14:40











  • Well it depend on what you mean. If you mean to just chmod 777, then I'd rather say no, as any user could disable the FW. I'm looking for a proper solution to add people to groups or add specific users/execs to some sudoers list.

    – not2qubit
    Feb 10 at 14:53











  • One doesn't need sudo - simply service ufw status

    – waltinator
    Feb 10 at 15:28



















  • Would it be an option to run sudo ufw ... without password? I doubt that running firewall things without root privilege will work.

    – Thomas
    Feb 10 at 14:17











  • No, that would open a huge security hole.

    – not2qubit
    Feb 10 at 14:37











  • What would be the difference between to allow a group using ufw without and with sudo?

    – Thomas
    Feb 10 at 14:40











  • Well it depend on what you mean. If you mean to just chmod 777, then I'd rather say no, as any user could disable the FW. I'm looking for a proper solution to add people to groups or add specific users/execs to some sudoers list.

    – not2qubit
    Feb 10 at 14:53











  • One doesn't need sudo - simply service ufw status

    – waltinator
    Feb 10 at 15:28

















Would it be an option to run sudo ufw ... without password? I doubt that running firewall things without root privilege will work.

– Thomas
Feb 10 at 14:17





Would it be an option to run sudo ufw ... without password? I doubt that running firewall things without root privilege will work.

– Thomas
Feb 10 at 14:17













No, that would open a huge security hole.

– not2qubit
Feb 10 at 14:37





No, that would open a huge security hole.

– not2qubit
Feb 10 at 14:37













What would be the difference between to allow a group using ufw without and with sudo?

– Thomas
Feb 10 at 14:40





What would be the difference between to allow a group using ufw without and with sudo?

– Thomas
Feb 10 at 14:40













Well it depend on what you mean. If you mean to just chmod 777, then I'd rather say no, as any user could disable the FW. I'm looking for a proper solution to add people to groups or add specific users/execs to some sudoers list.

– not2qubit
Feb 10 at 14:53





Well it depend on what you mean. If you mean to just chmod 777, then I'd rather say no, as any user could disable the FW. I'm looking for a proper solution to add people to groups or add specific users/execs to some sudoers list.

– not2qubit
Feb 10 at 14:53













One doesn't need sudo - simply service ufw status

– waltinator
Feb 10 at 15:28





One doesn't need sudo - simply service ufw status

– waltinator
Feb 10 at 15:28










1 Answer
1






active

oldest

votes


















2














Here's an /etc/sudoers.d/ file that works for me:



$ sudo cat /etc/sudoers.d/ufwstatus

Cmnd_Alias      UFWSTATUS = /usr/sbin/ufw status



%ufwstatus      ALL=NOPASSWD: UFWSTATUS


Then add the new "ufwstatus" group (here added as a system group):



sudo groupadd -r ufwstatus


Your otherwise non-privileged user must be added to the ufwstatus group e.g.



sudo gpasswd --add testuser ufwstatus


In order for the change to take effect, the user needs to log in again:



su - testuser


Then



testuser@xenial-vm:~$ sudo ufw status

Status: active



To                         Action      From

--                         ------      ----

22/tcp                     ALLOW       192.168.1.0/24

3389/tcp                   ALLOW       192.168.1.0/24

111                        ALLOW       192.168.1.0/24

2049                       ALLOW       192.168.1.0/24


but other ufw commands are disallowed (even slight variants, such as status --verbose):



testuser@xenial-vm:~$ sudo ufw status --verbose

Sorry, user testuser is not allowed to execute '/usr/sbin/ufw status --verbose' as root on xenial-vm.



testuser@xenial-vm:~$ sudo ufw disable

Sorry, user testuser is not allowed to execute '/usr/sbin/ufw disable' as root on xenial-vm.





share|improve this answer


























  • Thank you! Exactly what I was looking for. This solved my problem with the small differences that: (1) su - testuser didn't work, so I needed to reboot in order for the new group and sudoers policy to take place. (2) Funny and contrary to logic, sudo ufw enable/disable and sudo ufw status verbose now also works without password.

    – not2qubit
    Feb 10 at 21:45













  • Nice answer - and avoids the "too much permission" problem!

    – Charles Green
    Feb 10 at 22:27











  • @CharlesGreen thanks - although I'm concerned by the OP's comment above asserting that it does allow passwordless ufw enable/disable: I don't believe it should

    – steeldriver
    Feb 10 at 22:31











  • I hadn't noticed that - I would have to try this in my VM

    – Charles Green
    Feb 10 at 22:33











  • BTW. I am running this on Mint 19.1 (Xfce), if that matters.

    – not2qubit
    Feb 10 at 22:37


















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









2














Here's an /etc/sudoers.d/ file that works for me:



$ sudo cat /etc/sudoers.d/ufwstatus

Cmnd_Alias      UFWSTATUS = /usr/sbin/ufw status



%ufwstatus      ALL=NOPASSWD: UFWSTATUS


Then add the new "ufwstatus" group (here added as a system group):



sudo groupadd -r ufwstatus


Your otherwise non-privileged user must be added to the ufwstatus group e.g.



sudo gpasswd --add testuser ufwstatus


In order for the change to take effect, the user needs to log in again:



su - testuser


Then



testuser@xenial-vm:~$ sudo ufw status

Status: active



To                         Action      From

--                         ------      ----

22/tcp                     ALLOW       192.168.1.0/24

3389/tcp                   ALLOW       192.168.1.0/24

111                        ALLOW       192.168.1.0/24

2049                       ALLOW       192.168.1.0/24


but other ufw commands are disallowed (even slight variants, such as status --verbose):



testuser@xenial-vm:~$ sudo ufw status --verbose

Sorry, user testuser is not allowed to execute '/usr/sbin/ufw status --verbose' as root on xenial-vm.



testuser@xenial-vm:~$ sudo ufw disable

Sorry, user testuser is not allowed to execute '/usr/sbin/ufw disable' as root on xenial-vm.





share|improve this answer


























  • Thank you! Exactly what I was looking for. This solved my problem with the small differences that: (1) su - testuser didn't work, so I needed to reboot in order for the new group and sudoers policy to take place. (2) Funny and contrary to logic, sudo ufw enable/disable and sudo ufw status verbose now also works without password.

    – not2qubit
    Feb 10 at 21:45













  • Nice answer - and avoids the "too much permission" problem!

    – Charles Green
    Feb 10 at 22:27











  • @CharlesGreen thanks - although I'm concerned by the OP's comment above asserting that it does allow passwordless ufw enable/disable: I don't believe it should

    – steeldriver
    Feb 10 at 22:31











  • I hadn't noticed that - I would have to try this in my VM

    – Charles Green
    Feb 10 at 22:33











  • BTW. I am running this on Mint 19.1 (Xfce), if that matters.

    – not2qubit
    Feb 10 at 22:37
















2














Here's an /etc/sudoers.d/ file that works for me:



$ sudo cat /etc/sudoers.d/ufwstatus

Cmnd_Alias      UFWSTATUS = /usr/sbin/ufw status



%ufwstatus      ALL=NOPASSWD: UFWSTATUS


Then add the new "ufwstatus" group (here added as a system group):



sudo groupadd -r ufwstatus


Your otherwise non-privileged user must be added to the ufwstatus group e.g.



sudo gpasswd --add testuser ufwstatus


In order for the change to take effect, the user needs to log in again:



su - testuser


Then



testuser@xenial-vm:~$ sudo ufw status

Status: active



To                         Action      From

--                         ------      ----

22/tcp                     ALLOW       192.168.1.0/24

3389/tcp                   ALLOW       192.168.1.0/24

111                        ALLOW       192.168.1.0/24

2049                       ALLOW       192.168.1.0/24


but other ufw commands are disallowed (even slight variants, such as status --verbose):



testuser@xenial-vm:~$ sudo ufw status --verbose

Sorry, user testuser is not allowed to execute '/usr/sbin/ufw status --verbose' as root on xenial-vm.



testuser@xenial-vm:~$ sudo ufw disable

Sorry, user testuser is not allowed to execute '/usr/sbin/ufw disable' as root on xenial-vm.





share|improve this answer


























  • Thank you! Exactly what I was looking for. This solved my problem with the small differences that: (1) su - testuser didn't work, so I needed to reboot in order for the new group and sudoers policy to take place. (2) Funny and contrary to logic, sudo ufw enable/disable and sudo ufw status verbose now also works without password.

    – not2qubit
    Feb 10 at 21:45













  • Nice answer - and avoids the "too much permission" problem!

    – Charles Green
    Feb 10 at 22:27











  • @CharlesGreen thanks - although I'm concerned by the OP's comment above asserting that it does allow passwordless ufw enable/disable: I don't believe it should

    – steeldriver
    Feb 10 at 22:31











  • I hadn't noticed that - I would have to try this in my VM

    – Charles Green
    Feb 10 at 22:33











  • BTW. I am running this on Mint 19.1 (Xfce), if that matters.

    – not2qubit
    Feb 10 at 22:37














2












2








2







Here's an /etc/sudoers.d/ file that works for me:



$ sudo cat /etc/sudoers.d/ufwstatus

Cmnd_Alias      UFWSTATUS = /usr/sbin/ufw status



%ufwstatus      ALL=NOPASSWD: UFWSTATUS


Then add the new "ufwstatus" group (here added as a system group):



sudo groupadd -r ufwstatus


Your otherwise non-privileged user must be added to the ufwstatus group e.g.



sudo gpasswd --add testuser ufwstatus


In order for the change to take effect, the user needs to log in again:



su - testuser


Then



testuser@xenial-vm:~$ sudo ufw status

Status: active



To                         Action      From

--                         ------      ----

22/tcp                     ALLOW       192.168.1.0/24

3389/tcp                   ALLOW       192.168.1.0/24

111                        ALLOW       192.168.1.0/24

2049                       ALLOW       192.168.1.0/24


but other ufw commands are disallowed (even slight variants, such as status --verbose):



testuser@xenial-vm:~$ sudo ufw status --verbose

Sorry, user testuser is not allowed to execute '/usr/sbin/ufw status --verbose' as root on xenial-vm.



testuser@xenial-vm:~$ sudo ufw disable

Sorry, user testuser is not allowed to execute '/usr/sbin/ufw disable' as root on xenial-vm.





share|improve this answer















Here's an /etc/sudoers.d/ file that works for me:



$ sudo cat /etc/sudoers.d/ufwstatus

Cmnd_Alias      UFWSTATUS = /usr/sbin/ufw status



%ufwstatus      ALL=NOPASSWD: UFWSTATUS


Then add the new "ufwstatus" group (here added as a system group):



sudo groupadd -r ufwstatus


Your otherwise non-privileged user must be added to the ufwstatus group e.g.



sudo gpasswd --add testuser ufwstatus


In order for the change to take effect, the user needs to log in again:



su - testuser


Then



testuser@xenial-vm:~$ sudo ufw status

Status: active



To                         Action      From

--                         ------      ----

22/tcp                     ALLOW       192.168.1.0/24

3389/tcp                   ALLOW       192.168.1.0/24

111                        ALLOW       192.168.1.0/24

2049                       ALLOW       192.168.1.0/24


but other ufw commands are disallowed (even slight variants, such as status --verbose):



testuser@xenial-vm:~$ sudo ufw status --verbose

Sorry, user testuser is not allowed to execute '/usr/sbin/ufw status --verbose' as root on xenial-vm.



testuser@xenial-vm:~$ sudo ufw disable

Sorry, user testuser is not allowed to execute '/usr/sbin/ufw disable' as root on xenial-vm.






share|improve this answer














share|improve this answer



share|improve this answer








edited Feb 10 at 21:54









not2qubit

292210




292210










answered Feb 10 at 19:19









steeldriversteeldriver

70.7k11115187




70.7k11115187













  • Thank you! Exactly what I was looking for. This solved my problem with the small differences that: (1) su - testuser didn't work, so I needed to reboot in order for the new group and sudoers policy to take place. (2) Funny and contrary to logic, sudo ufw enable/disable and sudo ufw status verbose now also works without password.

    – not2qubit
    Feb 10 at 21:45













  • Nice answer - and avoids the "too much permission" problem!

    – Charles Green
    Feb 10 at 22:27











  • @CharlesGreen thanks - although I'm concerned by the OP's comment above asserting that it does allow passwordless ufw enable/disable: I don't believe it should

    – steeldriver
    Feb 10 at 22:31











  • I hadn't noticed that - I would have to try this in my VM

    – Charles Green
    Feb 10 at 22:33











  • BTW. I am running this on Mint 19.1 (Xfce), if that matters.

    – not2qubit
    Feb 10 at 22:37



















  • Thank you! Exactly what I was looking for. This solved my problem with the small differences that: (1) su - testuser didn't work, so I needed to reboot in order for the new group and sudoers policy to take place. (2) Funny and contrary to logic, sudo ufw enable/disable and sudo ufw status verbose now also works without password.

    – not2qubit
    Feb 10 at 21:45













  • Nice answer - and avoids the "too much permission" problem!

    – Charles Green
    Feb 10 at 22:27











  • @CharlesGreen thanks - although I'm concerned by the OP's comment above asserting that it does allow passwordless ufw enable/disable: I don't believe it should

    – steeldriver
    Feb 10 at 22:31











  • I hadn't noticed that - I would have to try this in my VM

    – Charles Green
    Feb 10 at 22:33











  • BTW. I am running this on Mint 19.1 (Xfce), if that matters.

    – not2qubit
    Feb 10 at 22:37

















Thank you! Exactly what I was looking for. This solved my problem with the small differences that: (1) su - testuser didn't work, so I needed to reboot in order for the new group and sudoers policy to take place. (2) Funny and contrary to logic, sudo ufw enable/disable and sudo ufw status verbose now also works without password.

– not2qubit
Feb 10 at 21:45







Thank you! Exactly what I was looking for. This solved my problem with the small differences that: (1) su - testuser didn't work, so I needed to reboot in order for the new group and sudoers policy to take place. (2) Funny and contrary to logic, sudo ufw enable/disable and sudo ufw status verbose now also works without password.

– not2qubit
Feb 10 at 21:45















Nice answer - and avoids the "too much permission" problem!

– Charles Green
Feb 10 at 22:27





Nice answer - and avoids the "too much permission" problem!

– Charles Green
Feb 10 at 22:27













@CharlesGreen thanks - although I'm concerned by the OP's comment above asserting that it does allow passwordless ufw enable/disable: I don't believe it should

– steeldriver
Feb 10 at 22:31





@CharlesGreen thanks - although I'm concerned by the OP's comment above asserting that it does allow passwordless ufw enable/disable: I don't believe it should

– steeldriver
Feb 10 at 22:31













I hadn't noticed that - I would have to try this in my VM

– Charles Green
Feb 10 at 22:33





I hadn't noticed that - I would have to try this in my VM

– Charles Green
Feb 10 at 22:33













BTW. I am running this on Mint 19.1 (Xfce), if that matters.

– not2qubit
Feb 10 at 22:37





BTW. I am running this on Mint 19.1 (Xfce), if that matters.

– not2qubit
Feb 10 at 22:37



-

Popular posts from this blog

Human spaceflight

Image
Human spaceflight From Wikipedia, the free encyclopedia Jump to navigation Jump to search "Space traveler" redirects here. For other uses, see Space traveler (disambiguation). @media all and (max-width:720px){.mw-parser-output .tmulti>.thumbinner{width:100%!important;max-width:none!important}.mw-parser-output .tmulti .tsingle{float:none!important;max-width:none!important;width:100%!important;text-align:center}} Apollo 11 crewmember Buzz Aldrin on the Moon, 1969 International Space Station crewmember Tracy Caldwell Dyson views the Earth, 2010 Space Shuttle Discovery heads into space with a crew aboard, STS-121 in 2006 Inside a space suit on the Canadarm, 1993 Human spaceflight (also referred to as crewed spaceflight or manned spaceflight ) is space travel with a crew or passengers aboard the spacecraft. Spacecraft carrying people may be operated directly, by human crew, or it may be e
Read more

Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

Image
0 1 What exactly does the error message beginning with E: mean? I assume it has to do with the file structure on Ubuntu-on-Windows, but what exactly? The following package was automatically installed and is no longer required: os-prober Use 'apt-get autoremove' to remove it. The following extra packages will be installed: libxslt1.1 The following NEW packages will be installed: libxslt1.1 xmlstarlet 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 435 kB of archives. After this operation, 1023 kB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu/ trusty/main libxslt1.1 amd64 1.1.28-2build1 [145 kB] Get:2 http://archive.ubuntu.com/ubuntu/ trusty/universe xmlstarlet amd64 1.5.0-1 [290 kB]
Read more

File:DeusFollowingSea.jpg

Image
File:DeusFollowingSea.jpg From Wikipedia, the free encyclopedia Jump to navigation Jump to search File File history File usage No higher resolution available. DeusFollowingSea.jpg ‎ (238 × 211 pixels, file size: 12 KB, MIME type: image/jpeg ) Summary [ edit ] Media data and Non-free use rationale Description Cover art of the Deus CD Following Sea Author or copyright owner Deus Source (WP:NFCC#4) rocksucker.co.uk Date of publication 2012 Use in article (WP:NFCC#7) Following Sea Purpose of use in article (WP:NFCC#8) to serve as the primary means of visual identification at the top of the article dedicated to the work in question. Not replaceable with free media because (WP:NFCC#1) n.a. Minimal use (WP:NFCC#3) Low res image used in infobox of the article on the album Respect for commercial opportunities (WP:NFCC#2) n.a. Fair use Fair use of co
Read more