There's no reason to restrict unprivileged users from opening
the /dev/net/tun device node -- to do anything exciting requires
CAP_NET_ADMIN or a persistent device which is owned by the user in
question anyway. And if it _isn't_ openable by unprivileged users, then
giving ownership of devices to those users is a fairly pointless
exercise.
Signed-Off-By: David Woodhouse <[EMAIL PROTECTED]>
diff --git a/Documentation/networking/tuntap.txt
b/Documentation/networking/tuntap.txt
index 76750fb..9d696f2 100644
--- a/Documentation/networking/tuntap.txt
+++ b/Documentation/networking/tuntap.txt
@@ -39,10 +39,13 @@ Copyright (C) 1999-2000 Maxim Krasnyansk
mknod /dev/net/tun c 10 200
Set permissions:
- e.g. chmod 0700 /dev/net/tun
- if you want the device only accessible by root. Giving regular users the
- right to assign network devices is NOT a good idea. Users could assign
- bogus network interfaces to trick firewalls or administrators.
+ e.g. chmod 0666 /dev/net/tun
+ There's no harm in allowing the device to be accessible by non-root users,
+ since CAP_NET_ADMIN is required for creating network devices or for
+ connecting to network devices which aren't owned by the user in question.
+ If you want to create persistent devices and give ownership of them to
+ unprivileged users, then you need the /dev/net/tun device to be usable by
+ those users.
Driver module autoloading
--
dwmw2
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
