> Well, that's how it is by default. Like most things Linux-y you have to > sort through a lot of chaff to find out about the 'dip' group and the > 'dialout' group.
What's dip for? > So, I shall amend step 2 to Set SUID bit on /usr/sbin/pppd (chmod +s > /usr/sbin/pppd), and I shall undo the SUID on /usr/bin/kppp. > > Do you think that will be better? Yes. Better to run only pppd as root than kppp as well (if kppp is suid root, it will in turn run pppd as root too). <plug> I still prefer the SuSE setup though: nothing needs to be suid, no user has access to the modem device (group dialout has become obsolete) and therefore can't minicom to the modem and do something expensive, any user can dial up, and any user can select from any of the configured ISPs. The ISP's passwords can only be seen by root. </plug> pppd needs to run as root pretty much whatever you set up, because you have about these jobs to do: * modify /etc/resolv.conf * modify the routing table * create a new network interface * run the ifup/ifdown scripts, to do dynamic dns, direwall rules, etc Not all of these need, or are, necessarily done by pppd but all need root. Restrict the users which have read/execute access to a suid pppd. Volker -- Volker Kuhlmann is possibly list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
