On Sun, 1 Feb 1998, zentara wrote:

AS root you must 1. chmod 666 /etc/resolv.conf

Please don't! Just use YaST to set up your nameserver!

2. chmod 666 /dev/modem

Not needed. Just add the user to the "uucp" group and the "dialout" group.

3. chown root.root /usr/sbin/pppd

PLEASE please don't! It's already chown'ed and chmod'ed! The SuSE people did this one right (unlike Red Hat, sigh).

8. put the ezppp binary in each dialout users home directory and let them own it.

Err, just stick it into /usr/local/bin. The setup file(s) will still be stored into each dialout users' home directory. Or better yet, just download the "ezppp" rpm from ftp.redhat.com and let 'rpm' manage where it is installed.

Well this works great for me. I don't know what the security implications are of the chmod's and chown's.

The chmod's and chown's are NOT needed with SuSE. I dialout just fine using ezppp with the default permissions. Just add the user to the "dialout" and "uucp" groups. The chmod's and chown's are only needed with distributions (such as Red Hat) that don't have pppd already chown'ed, chgrp'ed, and chmod'ed with the proper permissions. The only exception might be the /etc/resolv.conf file. This is a security risk in some situations, but if you are dialing multiple ISP's, each of which has a different nameserver, you'll need to let ezppp patch resolv.conf. (If you don't know why world write access to resolv.conf is a security risk, think "rogue nameservers"). For a single-user system, though, world-write to resolv.conf isn't a real security risk.

I really barely know the basics of security.

Nice thing to do would be to get a book on the subject. Check the O'Reilley & Associates web site, they have a good one. There are also reasonable introductory chapters on security in the Red Hat manual (available online at www.redhat.com) and in the LDP Linux Configuration & Administration manual (available in your /usr/doc directory if you installed the Linux Documentation Project). There may also be one in the SuSE manual, but I'm still chugging my way through that one (it's rather dense reading). Eric Lee Green exec@softdisk.com Executive Consultants Systems Specialist Educational Administration Solutions You might be a redneck if you put on insect repellant prior to a date. -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e