Re: Access Problem with pppd
On 2010-01-26 at 13:34:33 -0500, Hans-J Ullrich wrote: > Hi all, > > I am looking for a líttle understanding problem. Maybe someone can advice me. > > On my EEEPC I am running an application called "umtsmon" (this is for gprs- > access). Umtsmom is a single binary located in /usr/bin. > > When I start it, it is started, and when I want to connect to the internet it > starts a modem connection by using pppd. > > This is fine working, when I am starting it as user "root". (I use "sux" to > become root from a normal user). > > When I start umtsmon as normal user, pppd is not allowed to be used by this > user. This is ok, I want only users in a special group use pppd. > > So far so well, but I dop not understand this: When set the binary > with rwsr-x--- (root:dialout), then umtsmon should start with the rights of > root and should be also allowed to start pppd! But i does clearly NOT! I get > the maesage: pppd is not allowed to start, only root is allowed to start it. > > What do I do wrong? Where do I think wrong? > > BTW: maybe someone wants to adopt umtsmon and create a package. It is open- > source / GPL and it is really great tool (This only remarked besides) > > Thank you for any help! I am having trouble with your English; so I'm not really sure what you are asking; but once you add a user to a group it does not really have the privileges of that group until *all* instances of that user have logged out. For example, suppose that user "fred" is logged in: $ groups fred $ su Password: [enter root password] # adduser fred dialout Adding user `fred' to group `dialout' ... Adding user fred to group dialout Done. # exit $ groups fred Notice that the groups command still does not list "dialout" as one of fred's groups. That's because fred logged in *before* he was added to the group. fred must logout and login again before he actually has the privileges of the dialout group. And it is not sufficient for fred to simply logout of that one session. He must logout of all sessions simultaneously. If he started the X server, that means that the X server must be restarted too. Issue the "groups" command. If you don't see dialout as one of the groups listed, then you didn't logout of *all* of fred's sessions. Of course, one way to make sure that all sessions are eliminated is to reboot the server. That should do it! -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Access Problem with pppd
On Tuesday 26 January 2010 13:30:41 Hans-J. Ullrich wrote: > Am Dienstag, 26. Januar 2010 schrieb lego_12...@rambler.ru: > > On Tue, Jan 26, 2010 at 07:34:33PM +0100, Hans-J. Ullrich wrote: > > > So far so well, but I dop not understand this: When set the binary > > > with rwsr-x--- (root:dialout), then umtsmon should start with the > > > rights of root and should be also allowed to start pppd! But i does > > > clearly NOT! I get the maesage: pppd is not allowed to start, only root > > > is allowed to start it. > > > > > > What do I do wrong? Where do I think wrong? IIRC, having the stick bit set on a binary only allows the setuid() call to succeed, it does not automatically force the elevated permissions on the binary. So, it's likely that utmsmom doesn't have support for getting elevated permissions. > > Excuse me, what about sudo? > > Two things: First, I do not want to use sudo (this is Ubuntu-style, and I > hate Ubuntu!) sudo predates Ubuntu by some years, if not decades. sudo is meant to be a more flexible su, which seems to be exactly what you need. > and sudo is not the way I want it to do for some reasons. Could you please elaborate? If you have specific, technical doubts about using sudo as a solution, I'd be willing to investigate other avenues. Failing that, adding something like: %dialout = NOPASSWD: NOSETENV: /usr/bin/umtsmom to your /etc/sudoers should be fine. Depending on how umtsmom works, it might be possible and valuable to add "NOEXEC:" as an additional Tag_Spec. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ signature.asc Description: This is a digitally signed message part.
Re: Access Problem with pppd
Am Dienstag, 26. Januar 2010 schrieb Alex Samad: > > may your user part of dialout. Only root and dialout are allowed to > execute this bin see rwsr-x--- if it was rwsr-xr-x every one would be > allowed to > That is exactly my profile and what I wanted to do: Sadly it did not work, and I dunno why. Meanwhile I foud a bugreport on it in the debian forums, where my problem is mentioned exactly. Thanks for the response anyway. Greetings Hans -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Access Problem with pppd
On Tue, 26 Jan 2010 20:30:41 +0100, Hans-J. Ullrich wrote: (...) > A solution is already available: As I am already root on the system, I > just start it as root. :) Sorry for the noise but... that seems far from "a solution" :-P Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Access Problem with pppd
Am Dienstag, 26. Januar 2010 schrieb lego_12...@rambler.ru: > On Tue, Jan 26, 2010 at 07:34:33PM +0100, Hans-J. Ullrich wrote: > > Hi all, > > > > I am looking for a l?ttle understanding problem. Maybe someone can advice > > me. > > > > On my EEEPC I am running an application called "umtsmon" (this is for > > gprs- access). Umtsmom is a single binary located in /usr/bin. > > > > When I start it, it is started, and when I want to connect to the > > internet it starts a modem connection by using pppd. > > > > This is fine working, when I am starting it as user "root". (I use "sux" > > to become root from a normal user). > > > > When I start umtsmon as normal user, pppd is not allowed to be used by > > this user. This is ok, I want only users in a special group use pppd. > > > > So far so well, but I dop not understand this: When set the binary > > with rwsr-x--- (root:dialout), then umtsmon should start with the rights > > of root and should be also allowed to start pppd! But i does clearly NOT! > > I get the maesage: pppd is not allowed to start, only root is allowed to > > start it. > > > > What do I do wrong? Where do I think wrong? > > > > BTW: maybe someone wants to adopt umtsmon and create a package. It is > > open- source / GPL and it is really great tool (This only remarked > > besides) > > > > Thank you for any help! > > > > > > Best regards > > > > Hans > > Excuse me, what about sudo? > Two things: First, I do not want to use sudo (this is Ubuntu-style, and I hate Ubuntu!) and sudo is not the way I want it to do for some reasons. Second, it is much more important for me, to understand what happens, rather than get a solution. A solution is already available: As I am already root on the system, I just start it as root. :) Greets Hans -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Access Problem with pppd
On Tue, Jan 26, 2010 at 10:24:14PM +0300, lego_12...@rambler.ru wrote: > On Tue, Jan 26, 2010 at 07:34:33PM +0100, Hans-J. Ullrich wrote: > > Hi all, > > > > I am looking for a l?ttle understanding problem. Maybe someone can advice > > me. > > > > On my EEEPC I am running an application called "umtsmon" (this is for gprs- > > access). Umtsmom is a single binary located in /usr/bin. > > > > When I start it, it is started, and when I want to connect to the internet > > it > > starts a modem connection by using pppd. > > > > This is fine working, when I am starting it as user "root". (I use "sux" to > > become root from a normal user). > > > > When I start umtsmon as normal user, pppd is not allowed to be used by this > > user. This is ok, I want only users in a special group use pppd. > > > > So far so well, but I dop not understand this: When set the binary > > with rwsr-x--- (root:dialout), then umtsmon should start with the rights of may your user part of dialout. Only root and dialout are allowed to execute this bin see rwsr-x--- if it was rwsr-xr-x every one would be allowed to > > root and should be also allowed to start pppd! But i does clearly NOT! I > > get > > the maesage: pppd is not allowed to start, only root is allowed to start it. > > > > What do I do wrong? Where do I think wrong? > > > > BTW: maybe someone wants to adopt umtsmon and create a package. It is open- > > source / GPL and it is really great tool (This only remarked besides) > > > > Thank you for any help! > > > > > > Best regards > > > > Hans > > Excuse me, what about sudo? > > -- "Security is the essential roadblock to achieving the road map to peace." - George W. Bush 07/25/2003 Washington, DC signature.asc Description: Digital signature
Re: Access Problem with pppd
On Tue, Jan 26, 2010 at 07:34:33PM +0100, Hans-J. Ullrich wrote: > Hi all, > > I am looking for a l?ttle understanding problem. Maybe someone can advice me. > > On my EEEPC I am running an application called "umtsmon" (this is for gprs- > access). Umtsmom is a single binary located in /usr/bin. > > When I start it, it is started, and when I want to connect to the internet it > starts a modem connection by using pppd. > > This is fine working, when I am starting it as user "root". (I use "sux" to > become root from a normal user). > > When I start umtsmon as normal user, pppd is not allowed to be used by this > user. This is ok, I want only users in a special group use pppd. > > So far so well, but I dop not understand this: When set the binary > with rwsr-x--- (root:dialout), then umtsmon should start with the rights of > root and should be also allowed to start pppd! But i does clearly NOT! I get > the maesage: pppd is not allowed to start, only root is allowed to start it. > > What do I do wrong? Where do I think wrong? > > BTW: maybe someone wants to adopt umtsmon and create a package. It is open- > source / GPL and it is really great tool (This only remarked besides) > > Thank you for any help! > > > Best regards > > Hans Excuse me, what about sudo? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org