Hi Philip, > I would like to allow users to open the PPP link themselves as needed, > rather than doing it at boot time via /etc/init.d/ppp (or making them su > to root and running pppd). I would be grateful if anyone has an opinion > about the nicest way to do this under Debian. (Given that the binary is > under /usr/sbin, I guess users are not expected to use it, so I am > resigned to transgressing against Debian to some extent.) As I understand > it, I can do this by chmod-ing the pppd binary to be suid, with root as > the owner. For further security, I can create a group ppp, chown pppd to > root.ppp, give only the group execute access to pppd, and add the relevant > users to the group ppp. Finally, as the binary is in /usr/sbin, there is > an aesthetic question about whether the users should include this in their > path, or if I should make a link from /usr/local/bin/pppd (or something) > to /usr/sbin/pppd. (I know diald exists, but I wanted to get a simple > solution working first.)
Forget all that, by far the easiest (and IMHO best) way to do this is to use sudo to allow the *specific* users you want to start pppd. Here's the relevant lines from my /etc/sudoers file: Cmnd_Alias PPP=/usr/sbin/pppd,/usr/sbin/pppstats Cmnd_Alias KILL=/bin/kill Host_Alias THING=thing malc THING=PPP,KILL This lets the users start and kill the ppp daemon. You could fine-tune it a bit by writing as program or script to kill pppd only, and not anything else, but I'm not that paranoid about my users (yet ;-). Cheers, -- M a l c . . . | "We've checked, and it's definitely not a bug. ([EMAIL PROTECTED]) | It's fixed in the new release." -- Help line.
