On Thu, 10 Feb 2005 13:05, you wrote: > > I am using Debian 3.0 r4, and kppp won't work for a 'normal' user, only > > root. > > Bad setup.
Well, that's how it is by default. Like most things Linux-y you have to sort through a lot of chaff to find out about the 'dip' group and the 'dialout' group. > > 2) Set SUID bit on /usr/bin/kppp (chmod +s /usr/bin/kppp) > > > > It works, but Googling brings up conflicting reports on the goodness of > > this approach. Any comments? > > Never have any GUI programs (ie those linked against any of the X11 > libraries) suid root. These libraries are too complex and your chance of > running a security hole goes through the roof. > > I don't know anything about kppp (other than that I don't need it), but > is there any other program in your distro which can kickstart the > dialling? Alternatively, set up demand dialling, the combination of > wvdial and pppd is quite good for that. Further Googling indicates that pppd should be suid root. Currently, it looks like this: $ ls -al /usr/sbin/pppd -rwsr-xr-- 1 root dip 230604 Dec 11 2001 /usr/sbin/pppd And according to the kdefaq (section 10.1) http://sunsite.bilkent.edu.tr/pub/linux/www.kde.org/faq/kdefaq.txt "Now if you still encounter problems, here's what might help you solve them: + o make sure pppd has the SETUID bit on, i.e. do a chmod +s pppd." So, I shall amend step 2 to Set SUID bit on /usr/sbin/pppd (chmod +s /usr/sbin/pppd), and I shall undo the SUID on /usr/bin/kppp. Do you think that will be better? Thanks, Andy
