[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Launching KPPP from desktop with root loses dsktop icons and wallpapers...

On February 5, 2005 15:57, Phillip Pi wrote:
> > > > I went to test the settings and KPPP connection. I got all the
> > > > way to connection, but I get disconnected immediately and get a
> > > > "Sorry - KDesktop error: "KDEInit could not launch
> > > > '/usr/bin/kppp'".
> > >
> > > Kppp needs to be SUID root, and in /etc/ppp/options you must change
> > > "auth" to "noauth" on about line 35.  IIRC those are the only
> > > things you need to change from the out-of-the-box setup, along with
> > > making sure that the user is a member of "dip" and "dialout".
> >
> > Note that this has changed in the 3.3.2 package - check the
> > README.Debian when it arrives in Sarge.
> Christopher, thanks for the warning. Do we assume that apt-get upgrade
> for KDE will show this change and readme? Is there a copy of this
> online so we can read it?

No, there is no NEWS.Debian, since if you do nothing kppp will continue to 
work as before. However, if you want to adapt to the new default setup, 
the README.Debian for the 3.3.2 package should have all the information 
you need. I've attached a copy to this message.

Note that membership in the dialout group shouldn't be necessary (IIRC) 
when kppp is SUID root, which with 3.3.2 it is by default. The basic real 
reason I made all these changes was to reduce the number of system-level 
changes a new user of kppp has to perform to get it to work.

Christopher Martin
kppp and execution of kppp

In order to actually use kppp you must first be a part of the "dip" group.
This is the standard for using ppp in general with Debian.  If you are not a
member of this group, you will not be able to run pppd or setup connections.

Furthermore, kppp requires that the ppp daemon be run with the "noauth"
option.  However, pppd's default setting, in /etc/ppp/options, is "auth",
and for security reasons it should remain so.  To work around this problem,
uncomment "noauth" in /etc/ppp/peers/kppp-options.  You should then be able
to connect.

Note that if "noauth" is uncommented, a setting of "noauth" in
/etc/ppp/options will conflict with kppp. Note also that uncommenting
"noauth" opens the possibility that other malicious members of the "dip"
group could now potentially abuse the ppp daemon with the "noauth" option.

Attachment: pgp9dlsRGZqYk.pgp
Description: PGP signature

Reply to: