Re: Wvdial for not-root access. How?

To: Eric Zeller <falcon@ericzeller.com>, David Kanter <KANTERD@bcbsil.com>
Cc: debian-user@lists.debian.org
Subject: Re: Wvdial for not-root access. How?
From: Seth R Arnold <sarnold@willamette.edu>
Date: Wed, 15 Sep 1999 02:48:27 -0700
Message-id: <[🔎] 19990915024827.M913@willamette.edu>
Mail-followup-to: Eric Zeller <falcon@ericzeller.com>, David Kanter <KANTERD@bcbsil.com>, debian-user@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.3.96.990914221333.1283A-100000@myrouter.home.ericzeller.com>; from Eric Zeller on Tue, Sep 14, 1999 at 10:28:35PM -0700
References: <[🔎] s7dcc09f.048@GWSMTP> <[🔎] Pine.LNX.3.96.990914221333.1283A-100000@myrouter.home.ericzeller.com>

On Tue, Sep 14, 1999 at 10:28:35PM -0700, Eric Zeller wrote:
> 
> Here's my cheating way of allowing non-root users access to certain root
> programs.
> 
> put a line in /etc/passwd that says something like 
> 
> halt:<passwdhere>:0:0:halt:/sbin:/sbin/halt
> 
> The zero uid allows the login to be root, but instead of running a shell,
> it runs runs /sbin/halt and shuts down. (this particular line came from
> my wife's laptop).
> 
> I've been meaning to ask people if this opens a security hole that I
> haven't thought about, I guess this is as good as time as any.
> (actually can you send responses to ezeller@ericzeller.com as I can't
> afford to read 100 messages a day on this list, I'll try and keep up on
> the archives also).

Welllll.... if you have pop-based email (or imap based email) or web-based
applications that require login authenitcation, then you are basically
giving out access to root's toys. Not everything that gives access to the
machine goes through the process of running the shell.

Of course, if your security needs are small, it might not be that big a
deal.

> I also used to have similiar logins for ppp-up and ppp-down, but now that
> I have a working router/firewall with diald, I commented them out.
> 
> I guess I should also point out (security wise) that the laptop is mostly
> hooked up to the internet behind my firewall which does not have any of
> these lines in the passwd file. Occasionally it gets taken to work and is
> hooked up behind that firewall. So I'm a little lax on security for it.
> 
> 
> 
> Eric Zeller	A Happy Oacis Employee			ezeller@ericzeller.com
> http://www.ericzeller.com					
> "The Ships hung in the air in exactly the same way bricks don't" - HHGTTG
> 
> On Mon, 13 Sep 1999, David Kanter wrote:
> 
> > Wvdial only works with root access. Currently, I su root, and then type wvdial.
> > 
> > Is there a way so that I, when a non-root user, can start wvdial securely? I've read that suid will work, but is an insecure way of doing it. I want to do this the right way. Perhaps just su-ing root is the best?
> > 
> > Thanks,
> > Dave
> > 
> > 
> > -- 
> > Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
> > 
> > 
> 
> 
> -- 
> Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null

-- 
Seth Arnold | http://www.willamette.edu/~sarnold/
Hate spam? See http://maps.vix.com/rbl/ for help
Hi! I'm a .signature virus! Copy me into
your ~/.signature to help me spread!

Reply to:

References:
- Wvdial for not-root access. How?
  - From: "David Kanter" <KANTERD@bcbsil.com>
- Re: Wvdial for not-root access. How?
  - From: Eric Zeller <falcon@ericzeller.com>

Prev by Date: HELP: best way to open a cvs server??
Next by Date: Re: Fonts
Previous by thread: Re: Wvdial for not-root access. How?
Next by thread: Uninstalling gnome
Index(es):
- Date
- Thread