Next Previous Table of Contents
This section is mainly for superusers (root), people with high security demands or simply technically interested people. It is not necessary to read this if you only use Linux at home for yourself (though you might learn something new when you read this)
A system administrator might want to restrict access to who is allowed to use kppp. There are two ways to accomplish this:
Create a new group (you might want to name it "dialout" or similar), put every user that should be allowed to use kppp into that group and type:
chown root.dialout /usr/local/kde/bin/kppp
chmod 4750 /usr/local/kde/bin/kppp
This assumes that KDE was installed in /usr/local/kde
and your new group is named "dialout".
Before doing anything, kppp checks if there is a file named
/etc/kppp.allow
. If such a file exists, ONLY users named
in this file are allowed to dial out. This file must be readable
by every user (of course NOT writable). Only login names are
recognised, thus you cannot use UIDīs in this file. Hereīs a
short example:
# /etc/kppp.allow
# comment lines like this are ignored,
# as well as empty lines
fred
karl
# I put myself in here :-)
mweilguni
In the example above only the users fred, karl and
mweilguni can use kppp to dial out, as well as every
user with a UID of 0. So you donīt need to put root in this
file.
Itīs virtually impossible to write a dialer without the SUID bit, that is both safe and easy to use for unexperienced users. kppp addresses the security issues with the following strategy:
Many thanks to Harri Porten for writing this excellent piece of code. I thought it was impossible - he made it within a week.
Next Previous Table of Contents