Date: Fri, 6 Aug 1999 06:21:17 -0500 (CDT) From: Anthony Kimball <alk@pobox.com> To: brian@FreeBSD.org.uk Cc: freebsd-security@FreeBSD.ORG Subject: Re: group bits Message-ID: <14250.50016.61650.779505@avalon.east> References: <14249.52685.50332.808817@avalon.east> <199908060803.JAA00845@keep.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoth Brian Somers on Fri, 6 August: : If you want to allow users to modify their own ppp configuration, you : should do this by including the line : : !include ~/.ppp.conf : : in ppp.conf. This means that users can modify their own profiles : without screwing around with other peoples. That's a very nice functionality which I had completely overlooked. Thank you for pointing it out. But it does quite completely miss the point of my interest, which is in the meaning of the group bits. : ppp.conf should always be owned by root and mode 600, 400 or 0. In what sense of "should"? I want those persons responsible for administering ppp to be able to do so, although they may not have root access. I can do this by saying !include /etc/ppp/ppp.conf.shared in /etc/ppp/ppp.conf, and making /etc/ppp/ppp.conf.shared group writable by group ppp, from your description. I have to ask, therefore, what purpose does it serve to require that ppp.conf should not be group writable? It seems to frustrate the purpose of that bit. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14250.50016.61650.779505>