From owner-freebsd-hackers  Sat Sep 20 16:09:08 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id QAA01449
          for hackers-outgoing; Sat, 20 Sep 1997 16:09:08 -0700 (PDT)
Received: from lsd.relcom.eu.net (ache@lsd.relcom.eu.net [193.124.23.23])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id QAA01441;
          Sat, 20 Sep 1997 16:08:58 -0700 (PDT)
Received: (from ache@localhost)
	by lsd.relcom.eu.net (8.8.7/8.8.7) id DAA00702;
	Sun, 21 Sep 1997 03:08:41 +0400 (MSD)
Date: Sun, 21 Sep 1997 03:08:39 +0400 (MSD)
From: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru>
X-Sender: ache@lsd.relcom.eu.net
To: Eivind Eklund <perhaps@yes.no>
cc: hackers@FreeBSD.ORG, brian@awfulhak.org, brian@FreeBSD.ORG
Subject: Re: ppp restrictions 
In-Reply-To: <199709202102.XAA18140@bitbox.follo.net>
Message-ID: <Pine.BSF.3.96.970921030542.613A-100000@lsd.relcom.eu.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Sat, 20 Sep 1997, Eivind Eklund wrote:

> I like the present model.  It allow you to be as strict (or not) as
> you want, but default to a secure value.  "Principle of least

It is not allows to run ppp from "network" group, only from root, so it
not does what I want.

> surprise" indicate that users shouldn't be able to change routes; them
> doing that is more surprising than not being able to run PPP (which is
> easy enough to fix)

Normal users already can't change routes, we talk about "network" group
users which may do this from my point of view.

-- 
Andrey A. Chernov
<ache@null.net>
http://www.nagual.pp.ru/~ache/