|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] permissions and setuid
|
On Sat, Jun 02, 2001 at 07:16:19PM -0400, timo wrote:
> I see that what I had in mind certainly didn't consider security
> and simply isn't possible with a simple shell script.
An alternative solution would be to create a special group of users
allowed to start PPPoE, set the ownership of your pppoe executable to
user root and group pppoe (or whatever you call it), make it setuid and
executable by owner and group only.
An example:
-rwsr-xr-- 1 root pppoe 279299 Jun 2 17:08 pppoe*
Then you can just add the users who you wish to be able to bring up the
connection to the pppoe group (in /etc/group).
I haven't messed with PPPoE, so I don't know the name of the executable
or anything like that, so I'm making it up as I go along here. But
you'd use a series of commands similar to the following:
root@localhost:~# vigr #Add a "pppoe" group, and make the desired users
members of this group
root@localhost:~# chown root.pppoe /usr/sbin/pppoe
root@localhost:~# chmod 4551 /usr/sbin/pppoe
It will not be executable by anyone except members of the "pppoe" group,
and will run as root.
--
Bill Jonas * bill@billjonas.com * http://www.billjonas.com/
"As we enjoy great advantages from the inventions of others, we should
be glad of an opportunity to serve others by any invention of ours; and
this we should do freely and generously." -- Benjamin Franklin
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|