> This would only be used in a simple family environment, anyway. Yes, it's not much use otherwise.
> As a > gateway, only root (su/sudo) should take the connection up and down. Nonsense, sorry. If I put a box in the flat (or the office), all the mates should be able to use the internet when they want to, without needing my intervention. These features would appear to be desirable: * support for any number of ISPs * different people can initiate a connection to the ISP of their choice * the routing table needs to be modified after dial-up (general case: after any new connection), needless to say this is a root-only operation * pppd can modify the routing table if it's so configured, BUT it needs root access to do so * making pppd suid root isn't necessarily desirable * making kppp suid root it out of the question (making any GUI program suid root is out of the question) * ISP passwords should only be readable by those who own the respective contract with the ISP * ability to not store any passwords on the system and to require them being entered when the connection is initiated * the root password is not shared (and you don't want to fluff with sudo) * demand-dialling (with + without ISP selection) * suitable access permissions for devices are obviously required, and any kind of free-for-everyone is not acceptable Think of these two scenarious (any variation possible): 1) You want to set up a number of ISPs and let anyone use them, but not share their passwords with anyone else 2) You want to put a box in the lounge and let your flatmates use their own ISPs (and pay for them) I asked how Mdk does this because I'm interested to see how they solved it. All the above is possible with SuSE out of the box, and it only requires a doofus score to set it up. Here are some details: The guts for the dialup are a new daemon (smpppd) which sits there listening for requests to dial up to any of the providers or interfaces in the list. There's a command line client (cinternet) to talk with the daemon, and a KDE client (kinternet) which conveniently docks in the panel. Clicking on the panel icon starts the dialling, right-clicking brings up a menu with everything from provider selection to config. New providers can be added (but this requires root). If the provider password isn't stored on the system, it's asked then. Implementing this as daemon encapsulates the root compromise risk and controls precisely how pppd is run. No need for suid root of pppd. Access to devices is controlled by resmgr, which essentially chowns devices to the user logged in ON THE CONSOLE (text or graphics). These changes are reverted on logout. Fine-control via config file, for anything from modem and printer to multimedia devices like scanner, cd + burner. I haven't looked closely at exactly what else it does, but it's also a library and cdrecord is linked against it (dunno what that does, but I bet it does away with the need for a suid cdrecord). I would guess that SuSE wouldn't have paid their programmers to make this (GPL) software if kppp had done the trick. Anyone able to say how Mdk (and other distros) do this? Volker -- Volker Kuhlmann is possibly list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
