Re: pon/poff not as root, like this?

1997-04-24 Thread Nicola Bernardelli 
On 23 Apr 1997, James LewisMoss wrote:

>  Nicola>  I'll be away since tomorrow Thursday 24th and won't be
>  Nicola>  able to read
>  Nicola> incoming messages until Monday 28th, so please don't think
>  Nicola> I'm not polite if I don't answer immediately.
>  Nicola>  Anyway, thank you in advance.

 I'm here... damn... :-( food intoxication the doctors say... nice
pink spots this morning when I woke up, though nearly none in my face. 


> chown root.pppuser /usr/sbin/pppd
> chmod 4750 /usr/sbin/pppd

YES, I had included and then cut away these lines:

# ls -l /usr/sbin/ppp*
-rwsr-x---   1 root pppusers75944 Dec  7 23:54 /usr/sbin/pppd*
-rwxr-xr-x   1 root root 7796 Dec  7 23:54 /usr/sbin/pppstats*


 Ok, THANK YOU a lot Jim for "parsing" my actions, so I can say I have
it now.
 Nicola





--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

pon/poff not as root, like this?

1997-04-24 Thread Nicola Bernardelli 
 Running pon/poff as root is quite straightforward, otherwise...

 On my Linux box with Debian 1.2.4 I created a pppusers group, I let
user nbern (born as member of group users) be a member of it (and also a
member of dialout, which is the group of /dev/ttyS1), and I set the
following files as belonging to the pppusers group: 

 /etc/ppp.chatscript with r-- permission for the group
 /etc/ppp.options_out
 /etc/ppp/options
 (no pap and no chap is currently used, the whole login sequence
 is done by chat... my previous ISP had pap but that is not
 crypted either [and this provider is much more efficient for the
 rest than our national monopolyst]) 
 
 /usr/sbin/pppd  with r-x permission for the group
 /etc/ppp/ip-up  
 /etc/ppp/ip-down 

 /etc/connect-errors with rw- permission for the group
 /var/log/ppp.log<- It seems to make no difference


 I could go up to this point, where I was stuck:

Apr 22 11:04:41 nick pppd[2036]: pppd 2.2.0 started by nbern, uid 1000
Apr 22 11:05:01 nick pppd[2036]: Serial connection established.
Apr 22 11:05:02 nick pppd[2036]: ioctl(PPPIOCGUNIT): Operation not permitted
Apr 22 11:05:02 nick pppd[2036]: ioctl(PPPIOCGDEBUG): Operation not permitted
Apr 22 11:05:02 nick pppd[2036]: Exit.


 I could run pon as nbern only after typing this as root:
 -> chmod u+s /usr/sbin/pppd <---

 Notice, no difference with g+s or g-s (g+s alone does not work). 
 But I _have_ to give pppd to the pppusers group, otherwise I get this
complain again:
 /usr/bin/pon: /usr/sbin/pppd: Permission denied


 Here I am.
 IS ALL THIS CORRECT OR AM I MISSING SOME SECURITY ISSUE?


 I'll be away since tomorrow Thursday 24th and won't be able to read
incoming messages until Monday 28th, so please don't think I'm not polite
if I don't answer immediately. 
 Anyway, thank you in advance.
 

 Nicola Bernardelli <[EMAIL PROTECTED]>
---
 Please use <[EMAIL PROTECTED]> for messages from any kind of
robot, such as mailing lists. From that address no autoresponse
messages will return even when I'm not at home.
---



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .