LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Debian (http://www.linuxquestions.org/questions/debian-26/)
-   -   Running KPPP as Root = Bad Idea? (http://www.linuxquestions.org/questions/debian-26/running-kppp-as-root-%3D-bad-idea-152057/)

Hawklad 02-29-2004 11:26 PM

Running KPPP as Root = Bad Idea?
 
...I'm thinking the answer is "Yes."

Problem is, I can't seem to get it to recognize my modem as a regular user.

I just did a Knoppix hard-drive install to get an up-to-date Debian system at home. I configured and loaded the correct modules for my winmodem (HSP Micromodem 56). Now everything works great as long as I login as root and run KPPP from there.

As a regular user, I can't even run KPPP. So, I chmod'ed it to 777 and was able to bring it up. But, it won't recognize the modem ("Unable to locate modem"). Once I switch to root and restart KPPP, its fine again. I don't think connecting to the internet as root is such a good idea though...

I'm thinking there's a simple solution to this. I just don't know what it is, and googling has not helped out yet.

Any advice?

ilikejam 03-01-2004 12:40 AM

The problem (I think) is that pppd and maybe other programs used by kppp cannot be run as a normal user (for security reasons).

Try doing
$ su - -c kppp

while you're logged on as a normal user, that loads root's configuration, so that kppp inherits root permission and has /usr/sbin etc. in the PATH.

Dave

basix 03-01-2004 03:16 AM

Yes, you cant run KPPP as the normal user. You will have to run it as root =(. But there is a work around it. If you are using KDE then when you try launching KPPP it will say you require root permissions to run this program and ask for the root password. All you need to do is provide it with the root password and it will launch the program and then you will be able to connect to the internet.

Hawklad 03-01-2004 11:47 PM

Thanks for the replies. I tried the su - -c kppp trick, but got "kppp: cannot connect to X server"

Am I missing something? Or, maybe more importantly, do I care? Does dialing out as root expose my machine to swarming hordes of evil internet hackers?

vectordrake 03-02-2004 12:25 AM

adduser hawklad -G ppp (or use your distro's 'everything tool to get a user config tool)

ilikejam 03-02-2004 12:58 AM

No, dialling out as root isn't a problem (well, not really).

Surfing the web while logged on as root, however is not very clever.

It's strange that you can't do su - -c kppp though.........

Dave

TheBman 03-02-2004 04:36 PM

check and ensure that your normal user is a member of "dip" and "dialout" groups. You are obviously using KDE, so open user manager, click on the normal user name, then edit, then groups, and ensure you are a member of both groups. Save the file. then try kppp as normal user.

IvanJ 03-02-2004 05:33 PM

Or sudo kppp

kseskisator 09-23-2004 07:57 PM

indeed...
 
...running kppp as root is a bad idea.

The reason why sudo kppp and su - -c kppp don't work on debian, is that for security reasons each user must authenticate him/herself to the Xserver before launching windows on another user's X session. You can do that with the xauth command.

xauth list $DISPLAY as the user with the X session,
xauth add $DISPLAY <auth_cookies> as the other user.

However this is neither elegant nor practical.

Debian users will usually insist that it is far better to avoid kppp and use pppd directly as root (which is not insecure):
su -
pppd call provider

...or to use the pon / poff scripts.

If you do need however to use kppp as a user, you can do the following that worked for me:
- Add your user to the 'dip' group, so that you can use kppp
- Add your user to the 'dialout' group, so that you can access the serial ports
- Edit /etc/ppp/options and put 'privgroup dip' at the end of the file, so that you can use privileged pppd options (like noauth)
- Start kppp, find the pppd options button, and add 'noauth'.

It is not very secure (the group dip can be exploited) but it is far better than running kppp as root. Also, it is logical that Knoppix behaves much like Debian, since it is derived from it.

Good luck!


All times are GMT -5. The time now is 03:19 PM.