ppp-on is only root executable despite permissions
Carl Lowenstein
cdl at proxima.ucsd.edu
Fri Jul 21 10:22:10 PDT 2000
> Date: Fri, 21 Jul 2000 09:08:38 -0700
> From: "Michael O'Keefe" <mokeefe at qualcomm.com>
> Organization: Qualcomm Incorporated
> To: kplug-list at kernel-panic.org
> Subject: Re: ppp-on is only root executable despite permissions
>
> > there is yet another way: group permissions
> >
> > pick some group that seems approprite, i shall use ``dialout''
> >
> > # chgrp dialout `which pppd`
> > # chmod 4550 `which pppd`
> >
> > now edit /etc/groups to make sure that ralph is in group dialout, and
> > mike is not.
> >
> > mike cannot execute pppd, but ralph can - thanks to the non-world
> > executability of pppd, but since ralph can, and pppd is suid root, pppd
> > can do all the happy things it needs to.
> >
> > UNIX at its best
>
> And ppl say Unix doesn't have ACL's !!!
It's a very coarse-grained ACL. And I was wrong a couple of minutes ago,
4550 (set UID) is the correct thing. The program has root privileges,
but only root and members of group 'dialout' can execute it.
carl
More information about the KPLUG-List
mailing list