Re: PPP doesn't like anyone but root???

[Craig Sanders <cas@taz.net.au>]

On Mon, 12 May 1997, Francis Swasey wrote:

> Ok, I give up.  I've tried everything I can think of -- including reading 
> the instructions.  I still cannot get PPP to work for anyone other than root.
> 
> I have put my userid in the /etc/group file as a member of group dialout 
> and made sure that the modem device (/dev/ttyS0) is owned by group dialout.
> However, after the chat script finishes and the connection is made, I get 
> the following messages in /var/adm/ppp.log and everything dies!
> 
> pppd[300]: Serial connection established.
> pppd[300]: ioctl(PPPIOCGUNIT): Operation not permitted
> pppd[300]: ioctl(PPPIOCGDEBUG): Operation not permitted
> pppd[300]: Exit.
> 
> What trivial piece of the installation have I messed up this time? 

pppd should be setuid root ("chmod u+s /usr/sbin/pppd"), otherwise it
can't issue the proper ioctls to put the port in the correct state for
ppp. If you do this, remember to install the suid-manager package and
edit /etc/suid.conf so that the permissions arent lost next time you
upgrade ppp.

NOTE: doing making pppd setuid root is a potential security hole.

alternatively, write a wrapper shell script which calls pppd with the
appropriate parameters, and then configure sudo or super to allow
certain users/groups to run your shell script as root.

another option is to use diald to cause your system to connect to your
ISP automatically on demand - it will run as root, so there will be no
permissions problems.

The wrapper script is most useful when you have users dialing IN to your
system.  diald is better when your system needs to dial out to connect to
your ISP.


craig

--
craig sanders
networking consultant                  Available for casual or contract
temporary autonomous zone              system administration tasks.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .