Re: Must pppd be run by root?
I think `net' would be a good group name for this.
Rob Browning writes:
>>>>>> "C" == Craig Sanders <cas@taz.net.au> writes:
>
>C> I suppose that would do the job, but what if a sysadmin wants to
>C> allow users to dial in using ppp, but NOT allow them to dialout
>C> with minicom or send faxes?
>
>C> I'm absolutely certain that I wouldn't want to add users to a
>C> dialout group just to let them dial in with a ppp account.
>
>If you're going to do something, ppp/slip seem sufficiently different
>to warrant their own group. Something like
>transient-network-connection (but shorter :> ).
>
>I'm still not sure that ppp will really work properly when run by
>someone other than root (unless it's suid root) if you want to use the
>"default" option that makes the routing changes automatically when the
>connection goes up and down. Even if you handle the routing outside
>the call to pppd, you'll still have to do the routing as root, so I
>don't see what trying to get pppd to be runnable by non-root users
>buys you.
>
>I still think that sudo's the best solution, but I probably just don't
>understand the situation well enough.
>
>--
>Rob
>
>
Reply to: