Greg, Please reread my original message and note where I mention the sudo utility. This utility allows you to grant ordinary users root privileges for certain very constrained operations. In your case, you can set it up so that ordinary users may run pppd as root, but you can restrict the command line options so that either no options are permitted or a certain subset are permitted. This is exactly what you want; you want users to be able to start the pppd daemon, but you don't want them engaging in mischief which involves running arbitrary connect scripts in "interesting" ways. In general, the sudo utility is much preferred over setting the setuid bits because it gives the adminstrator much more control as well as logging facilities. Kevin On Feb 2, 12:56pm, Furmanek, Greg wrote: > Subject: RE: pppd question > I know suid is a "Bad Idea"(tm) however I have > a need to execute pppd as a regular user. > Is there another way to do it??? > > -----Original Message----- > From: Kevin Buettner [mailto:kev@primenet.com] > Sent: Wednesday, February 02, 2000 10:42 AM > To: plug-discuss@lists.PLUG.phoenix.az.us > Subject: Re: pppd question > > > On Feb 2, 12:28pm, Furmanek, Greg wrote: > > > Setup/Background: > > I have set up pppd deamon to dial if the > > user who executes it is part of pppd group. > > I have changed premissions on > > pppd 755 root:pppd (-r-sr-xr-x) > > options 640 root:pppd > > chat_script 640 root:pppd > > > > Problem: > > The pppd is giving me following error: > > > > /usr/sbin/pppd: using the name option requires root privilage > > > > Does anyone have a quick fix for it??? > > Making pppd setuid root is really not a very good idea unless you > want to give everyone the ability to execute arbitrary scripts as > root. (See the connect, disconnect, pty, and welcome options.) > > If you really need to give ordinary users the power to execute > pppd (and I'm not convinced this is necessary), you should look > into using sudo. It will help close the security hole that you've > opened up as well as solve your problem. > > sudo may be found at > > http://www.courtesan.com/sudo/ > > Kevin > > -- > Kevin Buettner > kev@primenet.com, kevinb@redhat.com > > _______________________________________________ > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > _______________________________________________ > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >-- End of excerpt from Furmanek, Greg -- Kevin Buettner kev@primenet.com, kevinb@redhat.com