Captive-Portal
view release on metacpan or search on metacpan
In order to use ipset and iptables from the unprivileged "wwwrun" user,
we at ulm university add file capabilities to these executables.
setcap "CAP_NET_ADMIN+pe" /usr/sbin/ipset
setcap "CAP_NET_RAW+pe CAP_NET_ADMIN+pe" /usr/sbin/iptables
in addition we allow execution only from the wwwrun user
chown wwwrun /usr/sbin/ipset /usr/sbin/iptables
chmod 500 /usr/sbin/ipset /usr/sbin/iptables
( run in 0.308 second using v1.01-cache-2.11-cpan-496ff517765 )