From owner-freebsd-security  Fri Aug  6  4:22: 1 1999
Delivered-To: freebsd-security@freebsd.org
Received: from poboxer.pobox.com (ferg5200-1-45.cpinternet.com [208.149.16.45])
	by hub.freebsd.org (Postfix) with ESMTP id AD05E14D09
	for <freebsd-security@FreeBSD.ORG>; Fri,  6 Aug 1999 04:21:46 -0700 (PDT)
	(envelope-from alk@poboxer.pobox.com)
Received: (from alk@localhost)
	by poboxer.pobox.com (8.9.3/8.9.1) id GAA28477;
	Fri, 6 Aug 1999 06:21:17 -0500 (CDT)
	(envelope-from alk)
From: Anthony Kimball <alk@pobox.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Fri,  6 Aug 1999 06:21:17 -0500 (CDT)
X-Face: \h9Jg:Cuivl4S*UP-)gO.6O=T]]@ncM*tn4zG);)lk#4|lqEx=*talx?.<li^!8ecK]}3L-
	6`ZQW3}kxy*5]B<KA"&iBl58"/$W-0PP`B7c%'XczR)8T0VN47L`rQlu8qBIX4TJ|v'D%:k7GO%v4A
	Os>Gk,dMQU2)ptPC17cpBzm(l'M|H8BUF1&]dDCxZ.c~Wy6-j,^V1E(NtX$FpkkdnJixsJHE95JlhO
	5\M3jh'YiO7KPCn0~W`Ro44_TB@&JuuqRqgPL'0/{):7rU-%.*@/>q?1&Ed
Reply-To: alk@pobox.com
To: brian@FreeBSD.org.uk
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: group bits 
References: <14249.52685.50332.808817@avalon.east>
	<199908060803.JAA00845@keep.lan.Awfulhak.org>
X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs  Lucid
Message-ID: <14250.50016.61650.779505@avalon.east>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Quoth Brian Somers on Fri, 6 August:
: If you want to allow users to modify their own ppp configuration, you 
: should do this by including the line
: 
:   !include ~/.ppp.conf
: 
: in ppp.conf.  This means that users can modify their own profiles 
: without screwing around with other peoples.

That's a very nice functionality which I had completely overlooked.
Thank you for pointing it out.  But it does quite completely miss the
point of my interest, which is in the meaning of the group bits.

: ppp.conf should always be owned by root and mode 600, 400 or 0.

In what sense of "should"?  I want those persons responsible for
administering ppp to be able to do so, although they may not have root
access.  I can do this by saying !include /etc/ppp/ppp.conf.shared in
/etc/ppp/ppp.conf, and making /etc/ppp/ppp.conf.shared group writable
by group ppp, from your description.  I have to ask, therefore, what
purpose does it serve to require that ppp.conf should not be group
writable?  It seems to frustrate the purpose of that bit.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message