How to stop prompt for root passwd when dialing with kppp?
Hi,
I'm using RH 7.2 with KDE (primarily). Each time I dial-up using "Internet Dialer" (which appears to simply execute kppp), I am prompted for my root password. But why? I have checked the permissions on ALL instances of kppp on my machine, and they all appear to be executable by u, g, and o. So, as a regular user, why can't I execute kppp without being prompted for my root password? Can somebody please explain? Thank you very much, Ben |
Another easy way to connect to the internet if you're using dial up is to open a shell prompt, su to root, then go to /etc/sysconfig/network-scripts/ and then type ./ifup-ppp ifcfg-ppp0 to connect. Then if you wanna disconnect, you just go back to the same place and type ./ifdown-ppp ifcfg-ppp0
May not be the easiest way but I like it better than using the internet dialer. :) |
No offense, but...
Why in the world would you want to connect that way? That has got to be the longest, slowest, most needlessly complex method possible, don't you think? I see no benefit whatsoever to using that method. Connecting to the Internet should be no more complicated than a double-click, under any circumstances, imo. |
yeah, that is a bit drawn out and geeky i think. it's by no means the MOST drawn out, beleive me!
You'll possibly be able to get around that by setting suid on the kppp app, or if the problem is just coming from the refering link, then make sure that's suid too, and of course owned by root. chmod a+s /usr/bin/kppp (if that's where it is). or if you can run kppp direcctly, without a password, just create a link to that in your menu. |
Thanks a lot for your help, but believe it or not, playing around with suids did not solve this problem.
In checking through the KDE documentation on kppp, I noticed that permissions seem to be a big deal. The documentation indicates: "kppp has the SUID bit on? What about security? It's virtually impossible to write a dialler without the SUID bit that is both safe and easy to use for inexperienced users. kppp addresses the security issues with the following strategy. Immediately after the program starts, kppp forks. The master process, which handles all the GUI stuff such as user interaction, drops the SUID state after the fork, and runs with normal user privileges. The slave process keeps its privileges, and is responsible for all actions that need root privileges. To keep this part safe, no KDE or Qt library calls are used here, just simple library calls. The source code for this process is short (around 500 lines) and well documented, so it's easy for you to check it for security holes. Master and slave processes communicate with standard UNIX® IPC. Special thanks to Harri Porten for writing this excellent piece of code. It was thought to be impossible, but he managed it within a week." So, I may simply have to ask the kde mailing list about what to do. This does not appear to be a trivial issue. : ) Thanks again for your help. Ben |
kppp
I've never tried this, and don't intend to, but doesn't the kppp dialog box that asks for your password have an option of "remember this"? My understanding was that if you checked this box, then it would store the password in the configuration file (insecure!). At this point, it might still ask for you password, but all you'd need to do would be hit enter an extra time.
OTOH, this feels less secute. That's another place that an intruder program could check for authorizations. So I don't intend to even try using it. |
if you can't get it going, you might prefer to use wvdial and kwvdial if you need a gui for it. it's so much easier to use than kppp. when it goes wrong, you can find out why....
|
Thanks for your help, guys.
To YaHu: No, there is no "remember my password" box when prompted for root password. (That's probably a good thing. : ) ) To bluecadet: This really isn't such a big problem. (I'm just prompted for a password every time.) I was just curious about "getting to the bottom of it." As I mentioned earlier, I'm sure somebody at KDE will have some ideas. Thanks again for your help! Ben |
Just to be sure this isn't a suid problem why don't you do a ls -l /usr/bin/kppp and post it?
|
the thing is it is in /usr/sbin/
not /usr/bin /usr/bin/kppp is linked through console helper which brings up the password prompt. |
You guys rock. You're so persistent, and that's a great trait to have when working with Linux, I think. : )
OK, here's the output from ls -l /usr/sbin/kppp: -rwsr-sr-x 1 root root 475084 Sep 9 14:46 kppp (That is following my previous chmod a+s kppp. (I've also tried variously changing ownership, permissions, and setting UID for the executable, the desktop icon, etc.)) Thanks, Ben |
aeth,
you already have the answer above (by DavidPhillips): I had the same problem, it isn't KDE, just RedHat. You haveto edit the menu item and/or the desktop icon and make 'em point to /usr/sbin instead of /usr/bin try it, that easy! el felipe |
el filipe (and DavidPhillips),
Thank you! Your suggestion did indeed solve this problem perfectly! (I love this forum!) In checking just now: I notice that /usr/bin/kppp is actually a symbolic link to consolehelper (which I would guess eventually calls kppp [consolehelper itself perhaps requires root passwd to do this]), while /usr/sbin/kppp is the actual executable. Cool! Mystery solved. Thanks again for your help! Ben : ) |
Hi all,
Too continue the thread.... I have done the above and can now get kppp to execute from a user account with out prompting for the root password - good! However none of my dialup accounts are listed and when trying to connect I get the error message that a modem lock file could not be created. What to do??? Regards GeeTee |
All times are GMT -5. The time now is 01:32 PM. |