Quoting Nico De Ranter ([EMAIL PROTECTED]): > On Wed, Mar 14, 2001 at 01:48:53PM +0000, David Wright wrote: > > Quoting Nico De Ranter ([EMAIL PROTECTED]): > > > > > I'm installing a little ppp server for a special project. The ppp daemon > > > needs to be started by a non-root user. I've added the user to the dialout > > > group however the default permission are: > > > > > > crw-r----- 1 root dialout 4, 64 Nov 30 16:23 /dev/ttyS0 > > > > > > in stead of > > > > > > crw-rw---- 1 root dialout 4, 64 Nov 30 16:23 /dev/ttyS0 > > > > > > > > > I tried chmod but the next time I reboot the permissions are reset to > > > crw-r----- again. How can I switch off this behaviour? Having the user > > > log in as root is really not an option. > > > > The first solution is to use pppconfig, pon and poff. Non-root users > > need to be in the group dip. Remember that a session only acquires its > > group permissions when you login. > > > > If you insist on using wvdial to set up your modem (BTW it is a good > > idea to say which packages you are using when asking for help; I'm > > just guessing you use wvdial because you're hitting the same bugs as > > other people do.), you might be able to just copy the modem scripts > > written by wvdial into your pppconfig. > > > > I get the impression that most people who use wvdial have root access > > and correct the permissions themselves. (Bug #85709.) > > These tools are all very nice if you're a homeuser wanting to use a modem to > dialin. However there are lots of other things you can do with ppp. I'm not > intrested in using any of these programs I just need that special user to be > able to use bare bones pppd.
pon is not a tool but a wrapper. Here it is: #!/bin/sh exec /usr/sbin/pppd call ${1:-provider} So does that special user (or their program) have access to a shell for passing in the call parameter? If not, you can use /etc/ppp/options or ~/.ppprc to acheive the same ends. This *is* bare bones pppd. > Anyway, I added a S99zfixttyS script to /etc/rc2.d that will revert the > permissions > to a more useable value. pppd is suid. It does not require any fiddling of permissions in order to run. I assumed you were using wvdial because its users are the ones who run into permissions problems, as it seems to rely on having g+w permissions on the serial port. pppd does not. In view of this, I'll repeat, dialout is the wrong group for your user to use ppp; the correct group is dip (whether or not you're using pppconfig/pon/poff - perhaps that wasn't made clear the first time). However, if you require those permissions on the serial port for some other purpose, you just have to let pppd restore them when it finishes. (This is where wvdial falls down - it kills pppd before the restoration is complete.) man pppd tells you exactly how to stop pppd, viz. SIGINT, SIGTERM These signals cause pppd to terminate the link (by closing LCP), restore the serial device settings, ^^^^^^^^^^^^^^^^^^^^^^^^^^ and exit. SIGHUP This signal causes pppd to terminate the link, restore the serial device settings, and close the ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ serial device. If the persist or demand option has been specified, pppd will try to reopen the serial device and start another connection (after the holdoff period). Otherwise pppd will exit. If this signal is received during the holdoff period, it causes pppd to end the holdoff period immedi- ately. poff is just a script to do this for you. It would be simple to incorporate its actions into a program if that's what your special user is running. > I would however like it very much if the Debian > installation would offer a "skip-the-paranoid-stuff" button. Having good > security by default might be heaven for regular homeusers but it's hell for > anybody trying to do special development on Linux. Sorry, no can do. A quick analogy: if you go to sea in a seaworthy boat, you can sink it by opening the scuttles. If you try to put to sea in a sieve, no amount of patching will make it seaworthy. With always-on connections, "homeusers" no longer has any meaning in connection with security. Cheers, -- Email: [EMAIL PROTECTED] Tel: +44 1908 653 739 Fax: +44 1908 655 151 Snail: David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA Disclaimer: These addresses are only for reaching me, and do not signify official stationery. Views expressed here are either my own or plagiarised.