pon/poff not as root, like this?

24 Apr 1997 00:14:13 -0000 

     Running pon/poff as root is quite straightforward, otherwise...

     On my Linux box with Debian 1.2.4 I created a pppusers group, I let
user nbern (born as member of group users) be a member of it (and also a
member of dialout, which is the group of /dev/ttyS1), and I set the
following files as belonging to the pppusers group: 

     /etc/ppp.chatscript     with r-- permission for the group
     /etc/ppp.options_out
     /etc/ppp/options
         (no pap and no chap is currently used, the whole login sequence
         is done by chat... my previous ISP had pap but that is not
         crypted either [and this provider is much more efficient for the
         rest than our national monopolyst]) 
     
     /usr/sbin/pppd          with r-x permission for the group
     /etc/ppp/ip-up          
     /etc/ppp/ip-down         

     /etc/connect-errors     with rw- permission for the group
     /var/log/ppp.log        <- It seems to make no difference


     I could go up to this point, where I was stuck:

Apr 22 11:04:41 nick pppd[2036]: pppd 2.2.0 started by nbern, uid 1000
Apr 22 11:05:01 nick pppd[2036]: Serial connection established.
Apr 22 11:05:02 nick pppd[2036]: ioctl(PPPIOCGUNIT): Operation not permitted
Apr 22 11:05:02 nick pppd[2036]: ioctl(PPPIOCGDEBUG): Operation not permitted
Apr 22 11:05:02 nick pppd[2036]: Exit.


     I could run pon as nbern only after typing this as root:
     -------------> chmod u+s /usr/sbin/pppd <---------------

     Notice, no difference with g+s or g-s (g+s alone does not work). 
     But I _have_ to give pppd to the pppusers group, otherwise I get this
complain again:
     /usr/bin/pon: /usr/sbin/pppd: Permission denied


     Here I am.
     IS ALL THIS CORRECT OR AM I MISSING SOME SECURITY ISSUE?


     I'll be away since tomorrow Thursday 24th and won't be able to read
incoming messages until Monday 28th, so please don't think I'm not polite
if I don't answer immediately. 
     Anyway, thank you in advance.
 

     Nicola Bernardelli <[EMAIL PROTECTED]>
---------------------------------------------------------------------------
     Please use <[EMAIL PROTECTED]> for messages from any kind of
robot, such as mailing lists. From that address no autoresponse
messages will return even when I'm not at home.
---------------------------------------------------------------------------



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Reply via email to