Complete.Org: Mailing Lists: Archives: discussion: January 2000:
[aclug-L] Re: sound, modem under RedHat 6.0 		Home

[aclug-L] Re: sound, modem under RedHat 6.0

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: aclug-L@xxxxxxxxxxxx
Subject: [aclug-L] Re: sound, modem under RedHat 6.0
From: "Jeffrey L. Hansen" <jlhansen@xxxxxxxxxxx>
Date: Mon, 10 Jan 2000 06:30:45 -0600 (CST)
Reply-to: aclug-L@xxxxxxxxxxxx 
Thanks for the ideas.  Indeed, when I first started trying to solve the
problem, I made my user a member of all defined groups as well as issuing
all of the permissions I could find.  The idea was to make it work by
brute force and then, one-by-one, remove the concessions until if broke
and then put the last removal back.  Anyway, it still gorks and I'm
getting greyer and balder.

Take it easy,
jeff


On Sun, 9 Jan 2000, Nate Bargmann wrote:

> On Sun, Jan 09, 2000 at 08:51:56PM -0600, root wrote:
> > 2) Root's internet connection works fine, but when I created the user
> > account for me it won't start the modem with kpppd.  It wants the "SUID"
> > bit set.  Assuming that it wants the superuser to give its blessing
> > before an internet connection is made, I set my account to the root
> > group and gave it all the privileges I could find in the configuration
> > dialog.  Any ideas what I forgot to try?
> 
> Not ever having setup RH, I'm not familiar with their permissions model.
> I will say that in moving from Slack to Debian, I like the Debian way.
> I too was tired of doing the su to root each time I wanted to bring the
> 'Net connection up or or worse yet staying logged in as root during the
> connection (a definite risk), so I took advantage of the many groups
> Debian sets up by default.
> 
> Although owned by root, the modem is a member of the dailout group
> and the ppp files are a member of the dip group.  Armed with this
> information it was a simple matter to add myself as a member of those
> groups and I now have the ability to start and stop the 'Net connection
> without the su headache.  Better yet the initial security model
> is still in place and I don't see what I've done to be a major
> security risk as this is a stand-alone machine and about all a
> cracker could do would be to shut down my link, unless, of course,
> there is some hole in any of the programs...
> 
> I'm no security expert, but it seems as though distributions should 
> do a better job of documenting their security philosophy so that 
> users could make the best decision.  Fortunately, just before I 
> made the changes to my machine I had skimmed the philosophy of 
> Debian and that helped me to come up with the solution
> above.  The solution above would likely as not had failed on my
> Slackware '96 machine.
> 
> - Nate >>
> 
> -- 
> 
>  Packet   | N0NB @ WF0A.#SCKS.KS.USA.NOAM       | "None can love freedom
>  Internet | ka0rny@xxxxxxxxxx                   | heartily, but good
>  Location | Wichita, Kansas USA EM17hs          | men; the rest love not
>    Wichita area exams; ham radio; Linux info @  | freedom, but license."
>              http://www.qsl.net/n0nb/           | -- John Milton
>
[Prev in Thread] Current Thread [Next in Thread]