Re: ppp: invocation by users? and pppd dies - reports SIGHUP - why?
Philip Tuckey writes ("ppp: invocation by users? and pppd dies - reports SIGHUP - why?"):
> [...] As I understand
> it, I can do this by chmod-ing the pppd binary to be suid, with root as
> the owner. For further security, I can create a group ppp, chown pppd to
> root.ppp, give only the group execute access to pppd, and add the relevant
> users to the group ppp. Finally, as the binary is in /usr/sbin, there is
> an aesthetic question about whether the users should include this in their
> path, or if I should make a link from /usr/local/bin/pppd (or something)
> to /usr/sbin/pppd. (I know diald exists, but I wanted to get a simple
> solution working first.)
There is a problem with you simply changing the permissions on your
binary - they will get reset next time you install the package.
If this is a generally useful change then it should be made in the PPP
package (obviously).
If not, and in any case in the meantime, I think the best solution is
for you to create a setuid C wrapper. `sudo' may provide facilities
to allow you to do this properly.
If `sudo' solves the problem more generally then perhaps the Debian
package should document this, and/or offer to modify sudo's
configuration in an appropriate and secure manner (this is something
that we're more likely to get right, I think, than arbitrary
sysadmins).
Ian.
Reply to: