|
Home > Archive > alt.os.linux > October 2002 > Privledge problems with KPPP under Linux 7.3
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Privledge problems with KPPP under Linux 7.3
|
|
| John McFee 2002-10-15, 6:24 pm |
|
I am running Linux 7.3 on a 400 Mhz Pentium II with a 56K modem. I configured
KPPP to dial up my internet provider and I can connect as root. If I am not
logged in as root, I need to provide the root password. My computer is for home
use, but the other family members know very little about Linux. Thus I do not
want to give them root password.
In reading the KPPP documentation, there are two ways to allow non-root users to
access KPPP. One is to set up a "dial-in" group, change the ownership of the
KPPP executable to that group and chnage permissions accordingly. They give a
very clear, easy to follow outline of what to do. I followed it to the letter
and it made no difference! The other method is to enter user names in a kppp
"permission" file that KPPP suposedly reads before launching. I did that and
that did not work either. In both cases, KPPP launches a widget asking for the
root password (as if I'd made no changes).
Has anyone had this problem and do they have a fix?
Thanks for any help.
John McFee
--
--
____________
Dr. John E. McFee | John.McFee@drdc-rddc.gc.ca
Head Threat Detection Group | www.suffield.drdc-rddc.gc.ca
Defence R&D Canada - Suffield | www.ccmat.gc.ca
| |
| don_pettengill@spamgilent.com 2002-10-15, 7:24 pm |
| John McFee <jmcfee@dres.dnd.ca> wrote:
: I am running Linux 7.3 on a 400 Mhz Pentium II with a 56K modem. I configured
: KPPP to dial up my internet provider and I can connect as root. If I am not
: logged in as root, I need to provide the root password. My computer is for home
: use, but the other family members know very little about Linux. Thus I do not
: want to give them root password.
: In reading the KPPP documentation, there are two ways to allow non-root users to
: access KPPP. One is to set up a "dial-in" group, change the ownership of the
: KPPP executable to that group and chnage permissions accordingly. They give a
: very clear, easy to follow outline of what to do. I followed it to the letter
: and it made no difference! The other method is to enter user names in a kppp
: "permission" file that KPPP suposedly reads before launching. I did that and
: that did not work either. In both cases, KPPP launches a widget asking for the
: root password (as if I'd made no changes).
: Has anyone had this problem and do they have a fix?
FWIW, from http://devel-home.kde.org/~kppp/faq.html:
How do I get rid of the password dialog (RedHat) ?
Red Hat chose to install kppp as a so-called consolehelper
application. This PAM based mechanism avoids a setuid root
installation. A quick and dirty solution to revert to the original
behaviour is to delete the link to consolehelper and make the real
binary setuid root. Open a terminal window, su to root and enter
the following commands:
rm /usr/bin/kppp
chmod u+s /usr/sbin/kppp
ln -s /usr/sbin/kppp /usr/bin/kppp
Please refer to the Handbook for the security aspect of this setup.
Don Pettengill
Agilent Laboratories
| |
| Paul Lutus 2002-10-15, 7:24 pm |
| John McFee wrote:
>
> I am running Linux 7.3 on a 400 Mhz Pentium II with a 56K modem. I
> configured KPPP to dial up my internet provider and I can connect as root.
> If I am not logged in as root, I need to provide the root password. My
> computer is for home use, but the other family members know very little
> about Linux. Thus I do not want to give them root password.
>
> In reading the KPPP documentation, there are two ways to allow non-root
> users to access KPPP. One is to set up a "dial-in" group, change the
> ownership of the KPPP executable to that group and chnage permissions
> accordingly. They give a very clear, easy to follow outline of what to do.
> I followed it to the letter and it made no difference! The other method is
> to enter user names in a kppp "permission" file that KPPP suposedly reads
> before launching. I did that and that did not work either. In both cases,
> KPPP launches a widget asking for the root password (as if I'd made no
> changes).
>
> Has anyone had this problem and do they have a fix?
Have you considered *not* using kppp? It isn't as though kppp is the only
tool in RH 7.3 to gain Internet access. There are plenty.
I have RH 8.0 now, so I cannot verify this with RH 7.3, but try:
# /usr/bin/neat-control
--
Paul Lutus
www.arachnoid.com
| |
| AthlonRob 2002-10-15, 7:24 pm |
| On Tue, 15 Oct 2002 23:03:24 GMT, John McFee <jmcfee@dres.dnd.ca> wrote:
>
> I am running Linux 7.3 on a 400 Mhz Pentium II with a 56K modem.
Really?
I would have thought a time traveller such as yourself would have a much
nicer system than a 400MHz PII... like maybe an AMD K59 or Intel Pentium
55...
(Hint: Linux is at version 2.4.19 in the stable tree and 2.5.42 in the
development tree... did you mean REDHAT 7.3?)
Rob :-)
| |
| Steven Lochner 2002-10-16, 12:24 am |
| John McFee wrote:
>
> I am running Linux 7.3 on a 400 Mhz Pentium II with a 56K modem. I
> configured KPPP to dial up my internet provider and I can connect as root.
> If I am not logged in as root, I need to provide the root password. My
> computer is for home use, but the other family members know very little
> about Linux. Thus I do not want to give them root password.
>
> In reading the KPPP documentation, there are two ways to allow non-root
> users to access KPPP. One is to set up a "dial-in" group, change the
> ownership of the KPPP executable to that group and chnage permissions
> accordingly. They give a very clear, easy to follow outline of what to do.
> I followed it to the letter and it made no difference! The other method is
> to enter user names in a kppp "permission" file that KPPP suposedly reads
> before launching. I did that and that did not work either. In both cases,
> KPPP launches a widget asking for the root password (as if I'd made no
> changes).
>
> Has anyone had this problem and do they have a fix?
>
> Thanks for any help.
>
> John McFee
To make KPPP available to normal users change line in /etc/pam.d/kppp
from: auth sufficient /lib/security/pam_rootok.so
to: auth sufficient /lib/security/pam_permit.so
Steven Lochner
| |
| John McFee 2002-10-17, 3:24 pm |
|
<ss8ioa.fqv.ln@dsl-gervais-88.web-ster.com>
Organization: Defence R&D Canada - Suffield
Keywords:
Gee, that would explain why I couldn't get the computer to respond by talking
into the mouse. (Big ooops. Yup, I meant Red Hat 7.3.)
John McFee
In article <ss8ioa.fqv.ln@dsl-gervais-88.web-ster.com>,
AthlonRob <athlonrob@nodomainhere.ext> writes:
|> On Tue, 15 Oct 2002 23:03:24 GMT, John McFee <jmcfee@dres.dnd.ca> wrote:
|> >
|> > I am running Linux 7.3 on a 400 Mhz Pentium II with a 56K modem.
|>
|> Really?
|>
|> I would have thought a time traveller such as yourself would have a much
|> nicer system than a 400MHz PII... like maybe an AMD K59 or Intel Pentium
|> 55...
|>
|> (Hint: Linux is at version 2.4.19 in the stable tree and 2.5.42 in the
|> development tree... did you mean REDHAT 7.3?)
|>
|> Rob :-)
--
--
____________
Dr. John E. McFee | John.McFee@drdc-rddc.gc.ca
Head Threat Detection Group | www.suffield.drdc-rddc.gc.ca
Defence R&D Canada - Suffield | www.ccmat.gc.ca
|
|
|
|
|