[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Must pppd be run by root?

I think `net' would be a good group name for this.

Rob Browning writes:
>>>>>> "C" == Craig Sanders <cas@taz.net.au> writes:
>C> I suppose that would do the job, but what if a sysadmin wants to
>C> allow users to dial in using ppp, but NOT allow them to dialout
>C> with minicom or send faxes?
>C> I'm absolutely certain that I wouldn't want to add users to a
>C> dialout group just to let them dial in with a ppp account.
>If you're going to do something, ppp/slip seem sufficiently different
>to warrant their own group.  Something like
>transient-network-connection (but shorter :> ).  
>I'm still not sure that ppp will really work properly when run by
>someone other than root (unless it's suid root) if you want to use the
>"default" option that makes the routing changes automatically when the
>connection goes up and down.  Even if you handle the routing outside
>the call to pppd, you'll still have to do the routing as root, so I
>don't see what trying to get pppd to be runnable by non-root users
>buys you.
>I still think that sudo's the best solution, but I probably just don't
>understand the situation well enough.

Reply to: