A user does not require root authority to use the ipsec command,
but to avoid erroneous or malicious manipulations of files that are
used by the ipsec command, the administrator must
perform the following steps to require group access control. Group
access control is required for the following commands:
- To change filter sets in the stack on the local system (ipsec
-f default or reload), the ipsec command
creates or deletes a specific marker file that the stack accesses.
- To activate, delete, display, or refresh tunnels (any ipsec
-k or ipsec -y), the ipsec command
uses an AF_UNIX socket file to communicate with the IKE daemon.