Darxus on Mon, 13 Mar 2000 10:37:45 -0500 (EST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Sucess! 

On Mon, 13 Mar 2000, Luis Baars wrote:

> # chgrp modem pppd <enter>
> # chmod 4750 pppd <enter>

You'll probably also need to 

# chgrp modem <whatever /dev/modem is simlinked to>
# chmod g+rw <whatever /dev/modem is simlinked to>

I believe I tried setting this up so non-root users could start ppp, and
failed.  But it was a long time ago.  And Mouse had his sun box set up to
do that... eons ago.. it has to be doable.

Oh... wait... I think pppd needs to be run as root.

http://www.linuxdoc.org/HOWTO/PPP-HOWTO-6.html#ss6.6
6.6 PPP and root Privileges 
As establishing a PPP link between you Linux computer and another PPP
server requires manipulation of network devices (the PPP interface is a
network interface) and the kernel routing table, pppd requires root
privileges. 

Yup...

So forget what both of us just said.  So if you want to run pppd as a non
root user, you'll need to run it suid root.  This should work.. let me
know (based on redhat manpages):

chown root /usr/sbin/pppd  # dunno who else it'd be owned by, but make sure
chmod u+s /usr/sbin/pppd   # so that it executes suid root
groupadd modem             # create group modem
chgrp modem /usr/sbin/pppd # change group ownership of pppd
chmod o-x /usr/sbin/pppd   # remove execute rights for non user/group
usermod john -G modem      # add user john to group modem

I still think it's better to just run pppd as root :)

> I hate having to su to root everytime I want to start something like pppd.  
> This should give you the flexibility of running a root program without 
> creating a big huge security hole.

That's why I leave root logged in on vt1, so I can just alt-f1.
__________________________________________________________________
PGP fingerprint = 03 5B 9B A0 16 33 91 2F  A5 77 BC EE 43 71 98 D4
            darxus@op.net / http://www.op.net/~darxus
                           Chaos reigns.



______________________________________________________________________
Philadelphia Linux Users Group       -       http://plug.nothinbut.net
Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce
General Discussion   -   http://lists.nothinbut.net/mail/listinfo/plug