Can anyone help me find out what is going on here? I have some rules set up tracking packet counts. When I run the following script as root:
#!/bin/bash
iptables -t mangle -xnvL
I get the output I expect:
//snip
233203 199929802 MARK //blah blah blah
//snip
However, I want to run this as part of cacti, which runs as apache. Now apache can't run iptables, which is why I have the script. I set it up as SUID root:
-rwsr-sr-x 1 root root 37 May 14 23:06 iptables_packet_report.sh
But then I get this output:
server # sudo -u apache ./iptables_packet_report.sh
iptables v1.4.2: can't initialize iptables table `mangle': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Obviously my kernel is fine, and the fact that I'm running it as non-root is messing something up, but I don't understand why. I did double check the SUID with [the demonstration](http://en.wikipedia.org/wiki/Setuid#Demonstration and confirmed it was working.
server # sudo -u apache ./printid
Real UID = 81
Effective UID = 0
Real GID = 81
Effective GID = 0
My end goal is to get the output of iptables -t mangle -xnvL while running as apache so I can use cacti to graph it all nicely.