FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 01-26-2010, 05:34 PM
"Hans-J. Ullrich"
 
Default Access Problem with pppd

Hi all,

I am looking for a líttle understanding problem. Maybe someone can advice me.

On my EEEPC I am running an application called "umtsmon" (this is for gprs-
access). Umtsmom is a single binary located in /usr/bin.

When I start it, it is started, and when I want to connect to the internet it
starts a modem connection by using pppd.

This is fine working, when I am starting it as user "root". (I use "sux" to
become root from a normal user).

When I start umtsmon as normal user, pppd is not allowed to be used by this
user. This is ok, I want only users in a special group use pppd.

So far so well, but I dop not understand this: When set the binary
with rwsr-x--- (root:dialout), then umtsmon should start with the rights of
root and should be also allowed to start pppd! But i does clearly NOT! I get
the maesage: pppd is not allowed to start, only root is allowed to start it.

What do I do wrong? Where do I think wrong?

BTW: maybe someone wants to adopt umtsmon and create a package. It is open-
source / GPL and it is really great tool (This only remarked besides)

Thank you for any help!


Best regards

Hans



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-26-2010, 06:24 PM
 
Default Access Problem with pppd

On Tue, Jan 26, 2010 at 07:34:33PM +0100, Hans-J. Ullrich wrote:
> Hi all,
>
> I am looking for a l?ttle understanding problem. Maybe someone can advice me.
>
> On my EEEPC I am running an application called "umtsmon" (this is for gprs-
> access). Umtsmom is a single binary located in /usr/bin.
>
> When I start it, it is started, and when I want to connect to the internet it
> starts a modem connection by using pppd.
>
> This is fine working, when I am starting it as user "root". (I use "sux" to
> become root from a normal user).
>
> When I start umtsmon as normal user, pppd is not allowed to be used by this
> user. This is ok, I want only users in a special group use pppd.
>
> So far so well, but I dop not understand this: When set the binary
> with rwsr-x--- (root:dialout), then umtsmon should start with the rights of
> root and should be also allowed to start pppd! But i does clearly NOT! I get
> the maesage: pppd is not allowed to start, only root is allowed to start it.
>
> What do I do wrong? Where do I think wrong?
>
> BTW: maybe someone wants to adopt umtsmon and create a package. It is open-
> source / GPL and it is really great tool (This only remarked besides)
>
> Thank you for any help!
>
>
> Best regards
>
> Hans

Excuse me, what about sudo?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-26-2010, 06:30 PM
"Hans-J. Ullrich"
 
Default Access Problem with pppd

Am Dienstag, 26. Januar 2010 schrieb lego_12239@rambler.ru:
> On Tue, Jan 26, 2010 at 07:34:33PM +0100, Hans-J. Ullrich wrote:
> > Hi all,
> >
> > I am looking for a l?ttle understanding problem. Maybe someone can advice
> > me.
> >
> > On my EEEPC I am running an application called "umtsmon" (this is for
> > gprs- access). Umtsmom is a single binary located in /usr/bin.
> >
> > When I start it, it is started, and when I want to connect to the
> > internet it starts a modem connection by using pppd.
> >
> > This is fine working, when I am starting it as user "root". (I use "sux"
> > to become root from a normal user).
> >
> > When I start umtsmon as normal user, pppd is not allowed to be used by
> > this user. This is ok, I want only users in a special group use pppd.
> >
> > So far so well, but I dop not understand this: When set the binary
> > with rwsr-x--- (root:dialout), then umtsmon should start with the rights
> > of root and should be also allowed to start pppd! But i does clearly NOT!
> > I get the maesage: pppd is not allowed to start, only root is allowed to
> > start it.
> >
> > What do I do wrong? Where do I think wrong?
> >
> > BTW: maybe someone wants to adopt umtsmon and create a package. It is
> > open- source / GPL and it is really great tool (This only remarked
> > besides)
> >
> > Thank you for any help!
> >
> >
> > Best regards
> >
> > Hans
>
> Excuse me, what about sudo?
>
Two things: First, I do not want to use sudo (this is Ubuntu-style, and I hate
Ubuntu!) and sudo is not the way I want it to do for some reasons. Second, it
is much more important for me, to understand what happens, rather than get a
solution.

A solution is already available: As I am already root on the system, I just
start it as root.

Greets

Hans



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-26-2010, 06:42 PM
Alex Samad
 
Default Access Problem with pppd

On Tue, Jan 26, 2010 at 10:24:14PM +0300, lego_12239@rambler.ru wrote:
> On Tue, Jan 26, 2010 at 07:34:33PM +0100, Hans-J. Ullrich wrote:
> > Hi all,
> >
> > I am looking for a l?ttle understanding problem. Maybe someone can advice me.
> >
> > On my EEEPC I am running an application called "umtsmon" (this is for gprs-
> > access). Umtsmom is a single binary located in /usr/bin.
> >
> > When I start it, it is started, and when I want to connect to the internet it
> > starts a modem connection by using pppd.
> >
> > This is fine working, when I am starting it as user "root". (I use "sux" to
> > become root from a normal user).
> >
> > When I start umtsmon as normal user, pppd is not allowed to be used by this
> > user. This is ok, I want only users in a special group use pppd.
> >
> > So far so well, but I dop not understand this: When set the binary
> > with rwsr-x--- (root:dialout), then umtsmon should start with the rights of

may your user part of dialout. Only root and dialout are allowed to
execute this bin see rwsr-x--- if it was rwsr-xr-x every one would be
allowed to

> > root and should be also allowed to start pppd! But i does clearly NOT! I get
> > the maesage: pppd is not allowed to start, only root is allowed to start it.
> >
> > What do I do wrong? Where do I think wrong?
> >
> > BTW: maybe someone wants to adopt umtsmon and create a package. It is open-
> > source / GPL and it is really great tool (This only remarked besides)
> >
> > Thank you for any help!
> >
> >
> > Best regards
> >
> > Hans
>
> Excuse me, what about sudo?
>
>

--
"Security is the essential roadblock to achieving the road map to peace."

- George W. Bush
07/25/2003
Washington, DC
 
Old 01-26-2010, 06:52 PM
Camaleón
 
Default Access Problem with pppd

On Tue, 26 Jan 2010 20:30:41 +0100, Hans-J. Ullrich wrote:

(...)

> A solution is already available: As I am already root on the system, I
> just start it as root.

Sorry for the noise but... that seems far from "a solution" :-P

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-26-2010, 06:54 PM
"Hans-J. Ullrich"
 
Default Access Problem with pppd

Am Dienstag, 26. Januar 2010 schrieb Alex Samad:

>
> may your user part of dialout. Only root and dialout are allowed to
> execute this bin see rwsr-x--- if it was rwsr-xr-x every one would be
> allowed to
>
That is exactly my profile and what I wanted to do: Sadly it did not work, and
I dunno why. Meanwhile I foud a bugreport on it in the debian forums, where my
problem is mentioned exactly.

Thanks for the response anyway.

Greetings

Hans


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-26-2010, 07:15 PM
"Boyd Stephen Smith Jr."
 
Default Access Problem with pppd

On Tuesday 26 January 2010 13:30:41 Hans-J. Ullrich wrote:
> Am Dienstag, 26. Januar 2010 schrieb lego_12239@rambler.ru:
> > On Tue, Jan 26, 2010 at 07:34:33PM +0100, Hans-J. Ullrich wrote:
> > > So far so well, but I dop not understand this: When set the binary
> > > with rwsr-x--- (root:dialout), then umtsmon should start with the
> > > rights of root and should be also allowed to start pppd! But i does
> > > clearly NOT! I get the maesage: pppd is not allowed to start, only root
> > > is allowed to start it.
> > >
> > > What do I do wrong? Where do I think wrong?

IIRC, having the stick bit set on a binary only allows the setuid() call to
succeed, it does not automatically force the elevated permissions on the
binary. So, it's likely that utmsmom doesn't have support for getting
elevated permissions.

> > Excuse me, what about sudo?
>
> Two things: First, I do not want to use sudo (this is Ubuntu-style, and I
> hate Ubuntu!)

sudo predates Ubuntu by some years, if not decades. sudo is meant to be a
more flexible su, which seems to be exactly what you need.

> and sudo is not the way I want it to do for some reasons.

Could you please elaborate? If you have specific, technical doubts about
using sudo as a solution, I'd be willing to investigate other avenues.

Failing that, adding something like:
%dialout = NOPASSWD: NOSETENV: /usr/bin/umtsmom
to your /etc/sudoers should be fine.

Depending on how umtsmom works, it might be possible and valuable to add
"NOEXEC:" as an additional Tag_Spec.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
bss@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
 
Old 01-26-2010, 08:08 PM
Stephen Powell
 
Default Access Problem with pppd

On 2010-01-26 at 13:34:33 -0500, Hans-J Ullrich wrote:
> Hi all,
>
> I am looking for a líttle understanding problem. Maybe someone can advice me.
>
> On my EEEPC I am running an application called "umtsmon" (this is for gprs-
> access). Umtsmom is a single binary located in /usr/bin.
>
> When I start it, it is started, and when I want to connect to the internet it
> starts a modem connection by using pppd.
>
> This is fine working, when I am starting it as user "root". (I use "sux" to
> become root from a normal user).
>
> When I start umtsmon as normal user, pppd is not allowed to be used by this
> user. This is ok, I want only users in a special group use pppd.
>
> So far so well, but I dop not understand this: When set the binary
> with rwsr-x--- (root:dialout), then umtsmon should start with the rights of
> root and should be also allowed to start pppd! But i does clearly NOT! I get
> the maesage: pppd is not allowed to start, only root is allowed to start it.
>
> What do I do wrong? Where do I think wrong?
>
> BTW: maybe someone wants to adopt umtsmon and create a package. It is open-
> source / GPL and it is really great tool (This only remarked besides)
>
> Thank you for any help!

I am having trouble with your English; so I'm not really sure what you are
asking; but once you add a user to a group it does not really have the
privileges of that group until *all* instances of that user have logged
out. For example, suppose that user "fred" is logged in:

$ groups
fred
$ su
Password: [enter root password]
# adduser fred dialout
Adding user `fred' to group `dialout' ...
Adding user fred to group dialout
Done.
# exit
$ groups
fred

Notice that the groups command still does not list "dialout" as one
of fred's groups. That's because fred logged in *before* he was
added to the group. fred must logout and login again before he
actually has the privileges of the dialout group. And it is not
sufficient for fred to simply logout of that one session. He
must logout of all sessions simultaneously. If he started the
X server, that means that the X server must be restarted too.
Issue the "groups" command. If you don't see dialout as one of
the groups listed, then you didn't logout of *all* of fred's
sessions. Of course, one way to make sure that all sessions are
eliminated is to reboot the server. That should do it!


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 07:12 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org