Viktor Rosenfeld writes: > In the standard Debian (slink) install, the groups "dip" and "dialout" > are created. dialout is used for dialout-devices (eg /dev/ttyS*, > /dev/isdn*, ...) while dip is used for a couple of pppd files > (/etc/ppp/*, /usr/sbin/pppd, ...).
Under the Debian system (it is the one recommended by the upstream maintainers) those who can use the serial ports do not necessarily have permission to run pppd or read the ppp files, and vice-versa. > And a side note: Wasn't it possible to configure pppd not to be setuid > root? It should be possible, but it doesn't necessarily improve security. /etc/peers/provider is hard-coded into pppd as a place where pppd can get files containing 'privileged' options when run setuid root by a non-privileged user. Setuid root also makes it possible for the secrets files to be readable only by root, and for pppd to use the serial ports without the user having access to them. Pppd drops root privileges as soon as it doesn't need them. -- John Hasler [EMAIL PROTECTED] (John Hasler) Dancing Horse Hill Elmwood, WI
