From owner-freebsd-hackers  Sat Sep 20 17:13:32 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id RAA03765
          for hackers-outgoing; Sat, 20 Sep 1997 17:13:32 -0700 (PDT)
Received: from bitbox.follo.net (bitbox.follo.net [194.198.43.36])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id RAA03760
          for <hackers@FreeBSD.ORG>; Sat, 20 Sep 1997 17:13:29 -0700 (PDT)
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.6/8.8.6) id CAA18604;
	Sun, 21 Sep 1997 02:13:07 +0200 (MET DST)
Message-ID: <19970921021307.02893@bitbox.follo.net>
Date: Sun, 21 Sep 1997 02:13:07 +0200
From: Eivind Eklund <perhaps@yes.no>
To: ????????????? <ache@nagual.pp.ru>
Cc: hackers@FreeBSD.ORG, brian@awfulhak.org
Subject: Re: ppp restrictions
References: <199709202102.XAA18140@bitbox.follo.net> <Pine.BSF.3.96.970921030542.613A-100000@lsd.relcom.eu.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.69e
In-Reply-To: <Pine.BSF.3.96.970921030542.613A-100000@lsd.relcom.eu.net>; from ????????????? on Sun, Sep 21, 1997 at 03:08:39AM +0400
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Sun, Sep 21, 1997 at 03:08:39AM +0400, ????????????? wrote:
> On Sat, 20 Sep 1997, Eivind Eklund wrote:
> 
> > I like the present model.  It allow you to be as strict (or not) as
> > you want, but default to a secure value.  "Principle of least
> 
> It is not allows to run ppp from "network" group, only from root, so it
> not does what I want.

Eh?  Isn't it still setuid(), so network can do it? My understanding (I've
not actually looked more at this, since I don't run PPP at the moment) was
ppp owner root, group network, permissions 4550.  Thats at least what looks
reasonable; otherwise, you need root to use the program and can drop group
network entirely.

Eivind.