Re: pppd / pon problem
On Tue, Jun 01, 1999 at 04:33:50PM -0500, John Hasler wrote
> Robert writes:
> > Is it [/etc/ppp being root.root] a bug?
>
> Yes. It should be root.dip .
>
> > Seems like the default for allowing a ppp dial out would be up to the
> > admin and not users?
>
> It is. The admin decides which users to put in the dip group.
>
Maybe things have changed since I installed PPP, but on my home system
/etc/ppp is owned root:root and has permissions 700. Users who are in the
dip group can use PPP, because pppd is owned root:dip and has permissions
4754 (suid root, executable by group).
Having /etc/ppp owned by root:dip and group readable is, in my opinion, bad.
Setting it up that way allows any user that you trust to use *any* PPP
account to read stuff in /etc/ppp, which may include stuff you don't want
them to see (like pap-secrets). On a single-user machine it's not so bad,
but unless things have changed since 2.2.5-3 it is unnecessary and
potentially dangerous.
John P.
--
huiac@camtech.net.au
john@huiac.apana.org.au
"Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark
Reply to: