Re: Rationale behind the groups "dip" and "dialout"

To: debian-user@lists.debian.org
Subject: Re: Rationale behind the groups "dip" and "dialout"
From: John Hasler <john@dhh.gt.org>
Date: 18 Feb 2000 21:09:09 -0600
Message-id: <[🔎] 873dqp6g8a.fsf@toncho.dhh.gt.org>
In-reply-to: Viktor Rosenfeld's message of "Sat, 19 Feb 2000 01:57:54 +0100"
References: <[🔎] 38ADEA92.BF99F74A@informatik.hu-berlin.de>

Viktor Rosenfeld writes:
> In the standard Debian (slink) install, the groups "dip" and "dialout"
> are created.  dialout is used for dialout-devices (eg /dev/ttyS*,
> /dev/isdn*, ...)  while dip is used for a couple of pppd files
> (/etc/ppp/*, /usr/sbin/pppd, ...).

Under the Debian system (it is the one recommended by the upstream
maintainers) those who can use the serial ports do not necessarily have
permission to run pppd or read the ppp files, and vice-versa.

> And a side note: Wasn't it possible to configure pppd not to be setuid
> root?

It should be possible, but it doesn't necessarily improve security.
/etc/peers/provider is hard-coded into pppd as a place where pppd can get
files containing 'privileged' options when run setuid root by a
non-privileged user.  Setuid root also makes it possible for the secrets
files to be readable only by root, and for pppd to use the serial ports
without the user having access to them.  Pppd drops root privileges as soon
as it doesn't need them.
-- 
John Hasler
john@dhh.gt.org (John Hasler)
Dancing Horse Hill
Elmwood, WI

Reply to:

Follow-Ups:
- Re: Rationale behind the groups "dip" and "dialout"
  - From: Viktor Rosenfeld <rosenfel@informatik.hu-berlin.de>

References:
- Rationale behind the groups "dip" and "dialout"
  - From: Viktor Rosenfeld <rosenfel@informatik.hu-berlin.de>

Prev by Date: Re: using power save and power down features
Next by Date: Re: spice (fwd)
Previous by thread: Rationale behind the groups "dip" and "dialout"
Next by thread: Re: Rationale behind the groups "dip" and "dialout"
Index(es):
- Date
- Thread