Complete.Org: Mailing Lists: Archives: discussion: January 2000:
[aclug-L] Re: sound, modem under RedHat 6.0 		Home

[aclug-L] Re: sound, modem under RedHat 6.0

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: aclug-L@xxxxxxxxxxxx
Subject: [aclug-L] Re: sound, modem under RedHat 6.0
From: Nate Bargmann <ka0rny@xxxxxxxxxx>
Date: Sun, 9 Jan 2000 21:22:20 -0600
Reply-to: aclug-L@xxxxxxxxxxxx 
On Sun, Jan 09, 2000 at 08:51:56PM -0600, root wrote:
> 2) Root's internet connection works fine, but when I created the user
> account for me it won't start the modem with kpppd.  It wants the "SUID"
> bit set.  Assuming that it wants the superuser to give its blessing
> before an internet connection is made, I set my account to the root
> group and gave it all the privileges I could find in the configuration
> dialog.  Any ideas what I forgot to try?

Not ever having setup RH, I'm not familiar with their permissions model.
I will say that in moving from Slack to Debian, I like the Debian way.
I too was tired of doing the su to root each time I wanted to bring the
'Net connection up or or worse yet staying logged in as root during the
connection (a definite risk), so I took advantage of the many groups
Debian sets up by default.

Although owned by root, the modem is a member of the dailout group
and the ppp files are a member of the dip group.  Armed with this
information it was a simple matter to add myself as a member of those
groups and I now have the ability to start and stop the 'Net connection
without the su headache.  Better yet the initial security model
is still in place and I don't see what I've done to be a major
security risk as this is a stand-alone machine and about all a
cracker could do would be to shut down my link, unless, of course,
there is some hole in any of the programs...

I'm no security expert, but it seems as though distributions should 
do a better job of documenting their security philosophy so that 
users could make the best decision.  Fortunately, just before I 
made the changes to my machine I had skimmed the philosophy of 
Debian and that helped me to come up with the solution
above.  The solution above would likely as not had failed on my
Slackware '96 machine.

- Nate >>

-- 

 Packet   | N0NB @ WF0A.#SCKS.KS.USA.NOAM       | "None can love freedom
 Internet | ka0rny@xxxxxxxxxx                   | heartily, but good
 Location | Wichita, Kansas USA EM17hs          | men; the rest love not
   Wichita area exams; ham radio; Linux info @  | freedom, but license."
             http://www.qsl.net/n0nb/           | -- John Milton
[Prev in Thread] Current Thread [Next in Thread]