November 2007
Beginner
642 pages
15h 43m
English
Content preview from Linux Networking Cookbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
18.3. Configuring Dial-Up Permissions for Nonroot Users
Problem
You want your users to have dial-up privileges, but so far in this chapter, only the root user can use dial-up. How do you make dial-up available to nonprivileged users?
Solution
This takes a bit of tweaking permissions on a number of files:
| /etc/ppp/chap-secrets |
| /etc/ppp/pap-secrets |
| /dev/ttyS* |
| /usr/sbin/pppd |
| /var/lock |
Some Linux distributions come with the dialout group for dial-up users. Others use dip or uucp. Make /etc/ppp/chap-secrets, /etc/ppp/pap-secrets, and /dev/ttyS* owned by the dialout group (or dip,or uucp, it doesn't matter as long as they are all in the same group):
# chown root:dialout /dev/ttyS3 /etc/ppp/chap-secrets \
/etc/ppp/pap-secretsNext, put your authorized users in the same group these files belong to:
dialout:x:20:alrac,foobear,fredfoo
Make sure that /etc/ppp/chap-secrets and /etc/ppp/pap-secrets are readable and writable only by the owner and group owner:
# chmod 0660 /etc/ppp/chap-secrets /etc/ppp/pap-secretsNext, check the /var/lock directory. It should be wide open to the world, and the sticky bit set:
$ ls -ld /var/lock
drwxrwxrwt 3 root root 4096 14. Okt 07:37 /var/lockIf it isn't, make it so:
# chmod 1777 /var/lockpppd needs to be suid, as this shows:
$ ls -l /usr/sbin/pppd
-rwsr-xr--1 root dip 232536 Dec 30 2004 /usr/sbin/pppdIf it isn't, make it so:
# chmod 4754 /usr/sbin/pppdDiscussion
If the group owner of any file is root, do not add users to the root group! Change the group owner to dialout ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.