[SuSE Linux] Permissions
Hello, I'm a long-time Linux user, but extremely new to SuSE. I'm having a bit of a problem that I'm not sure how to solve cleanly. I'd like my normal users to be able to start a PPP connection to my ISP. In order to do that, I added the users to the dialout group (per a set of instructions that I read somewhere -- Users' Manual maybe?). They are still unable to start PPP, being given an error reading: /etc/suseppp/generic.options: access denied Now, if I change the permissions on /etc/suseppp/generic.* to 660, all is fine. Unfortunately, anytime SuSEconfig runs, it resets the perms on that file. I've grep'ed through the /etc/permissions* stuff, but didn't see anything in those to point out where the permissions are being reset from. Anyone have an idea? Finally, am I going about this incorrectly? Is there something I should be using instead? Thanks for the help! -- Steve Philp sphilp@ameritech.net "The Internet is like crack for smart people" --Arsenio Hall - To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
Steve Philp <sphilp@ameritech.net> writes:
Now, if I change the permissions on /etc/suseppp/generic.* to 660, all is fine. Unfortunately, anytime SuSEconfig runs, it resets the perms on that file.
Add a couple of lines of /etc/permissions.local like these: /etc/suseppp/generic.options root.dialout 660 /etcsuseppp/generic.chat root.dialout 660 Then add "local" to the permissions line in /etc/rc.config. PERMISSION_SECURITY="secure local" You can edit the file manually or go into Yast. If you edit the file manually, be sure to run SuSEConfig after. -- Bud Rogers <budr@sirinet.net> <A HREF="http://www.sirinet.net/~budr/zamm.html"><A HREF="http://www.sirinet.net/~budr/zamm.html</A">http://www.sirinet.net/~budr/zamm.html</A</A>> formerly <budr@tanet.net> - To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
On Sun, Sep 06, 1998 at 05:46:19AM -0500, Bud Rogers wrote:
Steve Philp <sphilp@ameritech.net> writes:
Now, if I change the permissions on /etc/suseppp/generic.* to 660, all is fine. Unfortunately, anytime SuSEconfig runs, it resets the perms on that file.
Add a couple of lines of /etc/permissions.local like these:
/etc/suseppp/generic.options root.dialout 660 /etcsuseppp/generic.chat root.dialout 660
Then add "local" to the permissions line in /etc/rc.config.
PERMISSION_SECURITY="secure local"
You can edit the file manually or go into Yast. If you edit the file manually, be sure to run SuSEConfig after.
Okay, another question. I received another reply to the original message saying that I should edit /sbin/conf.d/SuSEconfig.ppp and modify the perms there. Is one method better than the other? (I'd imagine that editing the /etc/permissions.local would be better the /sbin/conf.d one would get overwritten if/when I install a newer suseppp package?) Thanks for the help! -- Steve Philp sphilp@ameritech.net "The Internet is like crack for smart people" --Arsenio Hall - To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
Steve Philp <sphilp@ameritech.net> writes:
Okay, another question. I received another reply to the original message saying that I should edit /sbin/conf.d/SuSEconfig.ppp and modify the perms there.
Is one method better than the other? (I'd imagine that editing the /etc/permissions.local would be better the /sbin/conf.d one would get overwritten if/when I install a newer suseppp package?)
Well, there is usually more than one way to do what you want with Linux, but /etc/permissions.* is apparently the mechanism intended to work with SuSEConfig. If you read the comments in /etc/rc.config right above the CHECK_PERMISSIONS and PERMISSION_SECURITY sections, it explains a little about it. -- Bud Rogers <budr@sirinet.net> <A HREF="http://www.sirinet.net/~budr/zamm.html"><A HREF="http://www.sirinet.net/~budr/zamm.html</A">http://www.sirinet.net/~budr/zamm.html</A</A>> formerly <budr@tanet.net> - To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
Hi, On Sun, 6 Sep 1998, Steve Philp wrote:
I'm a long-time Linux user, but extremely new to SuSE. I'm having a bit of a problem that I'm not sure how to solve cleanly.
I'd like my normal users to be able to start a PPP connection to my ISP. In order to do that, I added the users to the dialout group (per a set of instructions that I read somewhere -- Users' Manual maybe?). They are still unable to start PPP, being given an error reading:
/etc/suseppp/generic.options: access denied
Now, if I change the permissions on /etc/suseppp/generic.* to 660, all is fine. Unfortunately, anytime SuSEconfig runs, it resets the perms on that file.
I've grep'ed through the /etc/permissions* stuff, but didn't see anything in those to point out where the permissions are being reset from. Anyone have an idea?
Finally, am I going about this incorrectly? Is there something I should be using instead?
All you should need to do is to add the user to the group "dialout". This should be mentioned in the manual somewhere. There is no need to fiddle with the permissions. LenZ ------------------------------------------------------------------ Lenz Grimmer S.u.S.E. GmbH <A HREF="mailto:grimmer@suse.de">mailto:grimmer@suse.de</A> Gebhardtstrasse 2 <A HREF="http://www.suse.de"><A HREF="http://www.suse.de</A">http://www.suse.de</A</A>> 90762 Fuerth, Germany - To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
On Mon, Sep 07, 1998 at 09:47:13AM +0200, Lenz Grimmer wrote:
Hi,
On Sun, 6 Sep 1998, Steve Philp wrote:
I'm a long-time Linux user, but extremely new to SuSE. I'm having a bit of a problem that I'm not sure how to solve cleanly.
I'd like my normal users to be able to start a PPP connection to my ISP. In order to do that, I added the users to the dialout group (per a set of instructions that I read somewhere -- Users' Manual maybe?). They are still unable to start PPP, being given an error reading:
/etc/suseppp/generic.options: access denied
Now, if I change the permissions on /etc/suseppp/generic.* to 660, all is fine. Unfortunately, anytime SuSEconfig runs, it resets the perms on that file.
I've grep'ed through the /etc/permissions* stuff, but didn't see anything in those to point out where the permissions are being reset from. Anyone have an idea?
Finally, am I going about this incorrectly? Is there something I should be using instead?
All you should need to do is to add the user to the group "dialout". This should be mentioned in the manual somewhere.
There is no need to fiddle with the permissions.
The normal users are both added to the dialout group in /etc/group and /etc/gshadow. That doesn't seem to solve it. The problem is that /etc/suseppp/generic.options and /etc/suseppp/generic.chat are both installed with 600 permissions. So, if I'm tracking the permissions correctly, it doesn't matter what group they're in, since no group is allowed to read the files. -- Steve Philp sphilp@ameritech.net "The Internet is like crack for smart people" --Arsenio Hall - To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
On Sun, 06 Sep 1998, you wrote:
Hello, I'd like my normal users to be able to start a PPP connection to my ISP. In order to do that, I added the users to the dialout group (per a set of instructions that I read somewhere -- Users' Manual maybe?). They are still unable to start PPP, being given an error reading:
/etc/suseppp/generic.options: access denied
add the users you want to have access to the modem to the group 'dialout' that's it mc - To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
On Mon, Sep 07, 1998 at 02:15:19PM -0600, Michael Clark wrote:
On Sun, 06 Sep 1998, you wrote:
Hello, I'd like my normal users to be able to start a PPP connection to my ISP. In order to do that, I added the users to the dialout group (per a set of instructions that I read somewhere -- Users' Manual maybe?). They are still unable to start PPP, being given an error reading:
/etc/suseppp/generic.options: access denied
add the users you want to have access to the modem to the group 'dialout'
that's it
I'd sure love to think so! Unfortunately, it doesn't seem to work here. I used YaST to add my two normal users to the dialout group. Attempting to run /etc/suseppp/scripts/ppp-on as one of these users yields the error message above. After changing the permissions on /etc/suseppp/generic.* to 660, everything works fine. Also, users who are NOT part of the dialout group still do not have privileges to start PPP after the change. I'd REALLY like to believe that something became hosed on this installation within the past couple of days. As it is, it just looks like the permissions that /sbin/conf.d/SuSEconfig.ppp sets are incorrect. Here's the permissions that are currently in effect (these work): /usr/sbin/pppd: -rwsr-xr-- 1 root dialout 83952 Aug 4 17:33 pppd /etc/suseppp: -rw-r--r-- 1 root root 122 Feb 27 1998 chat-secrets drwxr-xr-x 2 root root 1024 Sep 4 00:51 diald -rw-rw---- 1 root dialout 110 Sep 4 00:53 generic.chat -rw-rw---- 1 root dialout 249 Sep 4 00:53 generic.options drwxr-xr-x 2 root root 1024 Sep 4 00:51 rc drwxr-xr-x 2 root root 1024 Sep 7 18:19 scripts /etc/suseppp/rc: total 2 -rw-r--r-- 1 root root 1308 May 5 07:44 suseppp.rc.config /etc/suseppp/scripts: total 2 -rwxr-xr-x 1 root root 487 Feb 19 1998 ppp-down -rwxr-xr-x 1 root root 314 Sep 7 18:18 ppp-up If I change the permissions on generic.* to their default 600, it does not work. Whether the users are in the dialout group doesn't have any effect. -- Steve Philp sphilp@ameritech.net "The Internet is like crack for smart people" --Arsenio Hall - To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
participants (4)
-
budr@sirinet.net -
grimmer@suse.de -
mclark@csi.coloradosystems.com -
sphilp@ameritech.net