From owner-freebsd-hackers Sun Feb 15 20:22:07 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA21317 for freebsd-hackers-outgoing; Sun, 15 Feb 1998 20:22:07 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from top.monad.net (root@top.monad.net [204.97.16.3]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA21212 for ; Sun, 15 Feb 1998 20:20:28 -0800 (PST) (envelope-from vdk@chaosphere.com) Received: from logrus.chaosphere.com (logrus.top.monad.net [206.231.108.252]) by top.monad.net (8.8.8/What) with SMTP id XAA16964 for ; Sun, 15 Feb 1998 23:20:15 -0500 (EST) Date: Sun, 15 Feb 1998 23:21:58 -0500 (EST) From: Obi Wan Oblivion To: hackers@FreeBSD.ORG Subject: IIJPPP & The Root User Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Howdy, Any reason why I shouldn't modify IIJPPP Version 1.2 (built on 9/23/97) to allow uids other than zero to dialout? I share my physical system with a few people who want access to the net, but I really don't want to dish out the root password to them. I'm looking to keep the security, but add some flexibility. For instance: < if(getuid() != 0) > if((getuid() != 0) || (getgid() != 68)) This way, you'd need to be either root, or a member of group dialer in order to use user process ppp in anything other than -direct. Any thoughts? Am I using a shotgun to kill a mouse, or am I unwittingly leaving a gaping security hole? Thanks! -Jeff "In Christianity neither morality nor religion come into contact with reality at any point." -- Friedrich Nietzsche To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message