[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ppp: invocation by users? and pppd dies - reports SIGHUP - why?

Philip Tuckey writes ("ppp: invocation by users? and pppd dies - reports SIGHUP - why?"):
> [...]          As I understand
> it, I can do this by chmod-ing the pppd binary to be suid, with root as
> the owner. For further security, I can create a group ppp, chown pppd to
> root.ppp, give only the group execute access to pppd, and add the relevant
> users to the group ppp. Finally, as the binary is in /usr/sbin, there is
> an aesthetic question about whether the users should include this in their
> path, or if I should make a link from /usr/local/bin/pppd (or something)
> to /usr/sbin/pppd. (I know diald exists, but I wanted to get a simple 
> solution working first.)

There is a problem with you simply changing the permissions on your
binary - they will get reset next time you install the package.

If this is a generally useful change then it should be made in the PPP
package (obviously).

If not, and in any case in the meantime, I think the best solution is
for you to create a setuid C wrapper.  `sudo' may provide facilities
to allow you to do this properly.

If `sudo' solves the problem more generally then perhaps the Debian
package should document this, and/or offer to modify sudo's
configuration in an appropriate and secure manner (this is something
that we're more likely to get right, I think, than arbitrary


Reply to: