Because PPP needs to set up networking devices, change the kernel
routing table and so forth, it requires root privileges to do this.
If users other than root are to set up PPP connections, the pppd
program should be setuid root :-
-rwsr-xr-x 1 root root 95225 Jul 11 00:27 /usr/sbin/pppd |
If /usr/sbin/pppd is not set up this way, then as root issue
the command:-
What this does is make pppd run with root privileges even if the
binary is run by an ordinary user. This allows a normal user to run pppd
with the necessary privileges to set up the network interfaces and the
kernel routing table.
Programs that run 'set uid root' are potential security holes and you
should be extremely cautious about making programs 'suid root'. A number
of programs (including pppd) have been carefully written to minimise the
danger of running suid root, so you should be safe with this one, (but no
guarantees).
Depending on how you want your system to operate - specifically if you
want ANY user on your system to be able to initiate a PPP link, you should
make your ppp-on/off scripts world read/execute. (This is probably fine if
your PC is used ONLY by you).
However, if you do NOT want just anyone to be able to start up a PPP
connection (for example, your children have accounts on your Linux PC
and you do not want them hooking into the Internet without your
supervision), you will need to establish a PPP group (as root, edit
/etc/group) and :-
Make pppd suid root, owned by user root and group PPP, with the 'other'
permissions on this file empty. It should then look like:-
-rwsr-x--- 1 root PPP 95225 Jul 11 00:27 /usr/sbin/pppd |
Make the ppp-on/off scripts owned by user root and group PPP.
Make the ppp-on/off scripts read/executable by group PPP.
-rwxr-x--- 1 root PPP 587 Mar 14 1995 /usr/sbin/ppp-on
-rwxr-x--- 1 root PPP 631 Mar 14 1995 /usr/sbin/ppp-off |
Make the other access rights for ppp-on/off nill.
add the users who will be firing up PPP to the PPP group in /etc/group.
Even if you do this, ordinary users will STILL not be able to shut down
the link under software control! Running the ppp-off script
requires root privileges. However, any user can just turn off the modem
(or disconnect the telephone line from an internal modem).
An alternative (and better method) to this set up is to use the
sudo program. This offers superior security and will allow you to
set things up so that any (authorised) user can activate/deactivate the
link using the scripts. Using sudo will allow an authorised user to
activate/deactivate the PPP link cleanly and securely.
Free eBook: 
