From owner-freebsd-ports  Tue Feb 19  8:22:57 2002
Delivered-To: freebsd-ports@freebsd.org
Received: from server11.safepages.com (server11.safepages.com [216.127.146.25])
	by hub.freebsd.org (Postfix) with ESMTP id 7F92E37B436
	for <ports@freebsd.org>; Tue, 19 Feb 2002 08:22:08 -0800 (PST)
Received: from hermes.surfbest.net (reston-gnap-ip-216007-212.dynamic.ziplink.net [216.8.7.212])
	by server11.safepages.com (Postfix) with ESMTP
	id 38CBE14F3CA; Tue, 19 Feb 2002 16:22:03 +0000 (GMT)
Received: from surfbest.net (localhost.surfbest.net [127.0.0.1])
	by hermes.surfbest.net (8.11.6/8.11.6) with ESMTP id g1JGKbv27378;
	Tue, 19 Feb 2002 11:20:38 -0500 (EST)
	(envelope-from kstailey@surfbest.net)
Message-ID: <3C727B55.10801@surfbest.net>
Date: Tue, 19 Feb 2002 11:20:37 -0500
From: Ken Stailey <kstailey@surfbest.net>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.7) Gecko/20011222
X-Accept-Language: en-us
MIME-Version: 1.0
To: Alan Eldridge <alane@geeksrus.net>
Cc: klh@panix.com, FreeBSD ports list <ports@freebsd.org>
Subject: Re: klh10 and its port submissions
References: <3C6FC9EF.9040900@surfbest.net> <3C703170.5040502@surfbest.net> <200202180001.g1I01Og20036@wwweasel.geeksrus.net> <3C726171.8050603@surfbest.net> <20020219152538.GB17665@wwweasel.geeksrus.net> <3C727732.10003@surfbest.net> <20020219161105.GA19555@wwweasel.geeksrus.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org

Alan Eldridge wrote:

>On Tue, Feb 19, 2002 at 11:02:58AM -0500, Ken Stailey wrote:
>
>>Alan Eldridge wrote:
>>
>>>Suggest group "wheel" instead. IE you must be able to su to root (at least
>>>in principle) in order to run it.
>>>
>>But Alan:
>>
>>kstailey@hermes$ ls -l /usr/sbin/ppp
>>-r-sr-xr--  1 root  network  307808 Jan 26 08:14 /usr/sbin/ppp
>>
>
>I guess I'm looking at it from the perspective of a *user* running it.
>Network is a daemon account.
>
We are not talking about the network account but the network group.  It 
makes a big difference.

> Wheel is the group you have to be in to su
>to root. And since it's a potentially dangerous program, it seemed logical
>to me to need to be in the "trusted" group to be able to run it.
>
ppp uses ID0 wrappers around system calls to limit its use of root 
privledges.  We can't go there now because klh-10 uses popen(3).  I 
expect to fix that someday.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message