From owner-freebsd-questions Wed Sep 1 10:36:31 1999 Delivered-To: freebsd-questions@freebsd.org Received: from sand5.global.net.uk (sand5.global.net.uk [194.126.80.249]) by hub.freebsd.org (Postfix) with ESMTP id 6077315A41 for ; Wed, 1 Sep 1999 10:36:13 -0700 (PDT) (envelope-from mark@globalnet.co.uk) Received: from p7es11a07.client.global.net.uk ([195.147.235.127] helo=marder-1.) by sand5.global.net.uk with esmtp (Exim 2.05 #1) id 11MEHJ-0004Or-00; Wed, 1 Sep 1999 18:34:33 +0100 Received: (from mark@localhost) by marder-1. (8.9.2/8.8.8) id SAA00387; Wed, 1 Sep 1999 18:13:45 +0100 (BST) (envelope-from mark) Date: Wed, 1 Sep 1999 18:13:45 +0100 From: Mark Ovens To: Tony Cc: freebsd-questions@freebsd.org Subject: Re: user PPP only works for root Message-ID: <19990901181345.C283@marder-1> References: <99090108294601.00334@fdho-w5.fdnet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <99090108294601.00334@fdho-w5.fdnet.com>; from Tony on Wed, Sep 01, 1999 at 08:23:41AM -0500 Organization: Total lack of Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Sep 01, 1999 at 08:23:41AM -0500, Tony wrote: > On Tue, 31 Aug 1999, Ken Seggerman wrote: > > I am running FreeBSD 3.1 on a Pentium 486 machine, and have the user ppp > > that came with the release (PPP Version 2.0 - $Date: 1998/12/14 01:15:34) > > > > It no longer says "User Process PPP. Writen by Toshiaru OHNO." > > > > I have been using user ppp for some time now, but have only recently > > tried to break the habit of doing everthing as root, but still have to su > > to use ppp. > > > > $ ppp > > Working in interactive mode > > Warning: No available tunnel devices found (Permission denied). > > Warning: bundle_Create: No such file or directory > > Changing system routes, redirecting devices and access to the tunnel device is > not allowed by any user but root. I'm curious about an suid root ppp myself > but I think it opens glaring and ugly security holes of which I'm not educated > about. There is a way to "open" things up using sysctl but upon dynamically > modifiying the kernel in this way you open huge gaping holes in security. > Maybe someone else could expand or correct me here? > Add ``allow user '' or ``allow user *'' for everyone to /etc/ppp/ppp.conf and add (and anyone elses) to the group ``network'' then you can run ppp as a non-root user. HTH > Tony > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- STATE-OF-THE-ART: Any computer you can't afford. OBSOLETE: Any computer you own. ________________________________________________________________ FreeBSD - The Power To Serve http://www.freebsd.org My Webpage http://ukug.uk.freebsd.org/~mark/ mailto:mark@ukug.uk.freebsd.org http://www.radan.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message