Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 1 Sep 1999 18:13:45 +0100
From:      Mark Ovens <mark@ukug.uk.freebsd.org>
To:        Tony <tbrock@mail.phoenix.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: user PPP only works for root
Message-ID:  <19990901181345.C283@marder-1>
In-Reply-To: <99090108294601.00334@fdho-w5.fdnet.com>; from Tony on Wed, Sep 01, 1999 at 08:23:41AM -0500
References:  <Pine.GSO.4.10.9908312325001.239-100000@echonyc.com> <99090108294601.00334@fdho-w5.fdnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Sep 01, 1999 at 08:23:41AM -0500, Tony wrote:
> On Tue, 31 Aug 1999, Ken Seggerman wrote:
> > I am running FreeBSD 3.1 on a Pentium 486 machine, and have the user ppp
> > that came with the release (PPP Version 2.0 - $Date: 1998/12/14 01:15:34)
> > 
> > It no longer says "User Process PPP. Writen by Toshiaru OHNO."
> > 
> > I have been using user ppp for some time now, but have only recently
> > tried to break the habit of doing everthing as root, but still have to su
> > to use ppp.
> > 
> > $ ppp
> > Working in interactive mode
> > Warning: No available tunnel devices found (Permission denied).
> > Warning: bundle_Create: No such file or directory
> 
> Changing system routes, redirecting devices and access to the tunnel device is
> not allowed by any user but root.  I'm curious about an suid root ppp myself
> but I think it opens glaring and ugly security holes of which I'm not educated
> about.  There is a way to "open" things up using sysctl but upon dynamically
> modifiying the kernel in this way you open huge gaping holes in security. 
> Maybe someone else could expand or correct me here?
> 

Add ``allow user <your_user_name>'' or ``allow user *'' for everyone
to /etc/ppp/ppp.conf and add <your_user_name> (and anyone elses)
to the group ``network'' then you can run ppp as a non-root user.

HTH

> Tony
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 

-- 
STATE-OF-THE-ART: Any computer you can't afford.
OBSOLETE: Any computer you own.
________________________________________________________________
      FreeBSD - The Power To Serve http://www.freebsd.org
      My Webpage http://ukug.uk.freebsd.org/~mark/
mailto:mark@ukug.uk.freebsd.org              http://www.radan.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990901181345.C283>