LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-16-2001, 08:30 AM   #1
aethereal
Member
 
Registered: Dec 2000
Location: Seattle
Distribution: Red Hat 8.0
Posts: 41

Rep: Reputation: 15
Question How to stop prompt for root passwd when dialing with kppp?


Hi,

I'm using RH 7.2 with KDE (primarily).

Each time I dial-up using "Internet Dialer" (which appears to simply execute kppp), I am prompted for my root password.

But why?

I have checked the permissions on ALL instances of kppp on my machine, and they all appear to be executable by u, g, and o. So, as a regular user, why can't I execute kppp without being prompted for my root password?

Can somebody please explain?

Thank you very much,
Ben
 
Old 12-16-2001, 06:12 PM   #2
Dayewalker
LQ Newbie
 
Registered: Nov 2001
Location: Texas
Distribution: Redhat 7.2
Posts: 23

Rep: Reputation: 15
Another easy way to connect to the internet if you're using dial up is to open a shell prompt, su to root, then go to /etc/sysconfig/network-scripts/ and then type ./ifup-ppp ifcfg-ppp0 to connect. Then if you wanna disconnect, you just go back to the same place and type ./ifdown-ppp ifcfg-ppp0

May not be the easiest way but I like it better than using the internet dialer.
 
Old 12-17-2001, 04:37 AM   #3
aethereal
Member
 
Registered: Dec 2000
Location: Seattle
Distribution: Red Hat 8.0
Posts: 41

Original Poster
Rep: Reputation: 15
Question

No offense, but...
Why in the world would you want to connect that way?

That has got to be the longest, slowest, most needlessly complex method possible, don't you think? I see no benefit whatsoever to using that method.

Connecting to the Internet should be no more complicated than a double-click, under any circumstances, imo.
 
Old 12-17-2001, 05:11 AM   #4
bluecadet
Member
 
Registered: Oct 2001
Distribution: MD81 RH71
Posts: 555

Rep: Reputation: 30
yeah, that is a bit drawn out and geeky i think. it's by no means the MOST drawn out, beleive me!

You'll possibly be able to get around that by setting suid on the kppp app, or if the problem is just coming from the refering link, then make sure that's suid too, and of course owned by root.

chmod a+s /usr/bin/kppp
(if that's where it is).

or if you can run kppp direcctly, without a password, just create a link to that in your menu.
 
Old 12-17-2001, 06:58 AM   #5
aethereal
Member
 
Registered: Dec 2000
Location: Seattle
Distribution: Red Hat 8.0
Posts: 41

Original Poster
Rep: Reputation: 15
Thanks a lot for your help, but believe it or not, playing around with suids did not solve this problem.

In checking through the KDE documentation on kppp, I noticed that permissions seem to be a big deal.

The documentation indicates:

"kppp has the SUID bit on? What about security?

It's virtually impossible to write a dialler without the SUID bit that is both safe and easy to use for inexperienced users. kppp addresses the security issues with the following strategy.

Immediately after the program starts, kppp forks.

The master process, which handles all the GUI stuff such as user interaction, drops the SUID state after the fork, and runs with normal user privileges.

The slave process keeps its privileges, and is responsible for all actions that need root privileges. To keep this part safe, no KDE or Qt library calls are used here, just simple library calls. The source code for this process is short (around 500 lines) and well documented, so it's easy for you to check it for security holes.

Master and slave processes communicate with standard UNIX® IPC.

Special thanks to Harri Porten for writing this excellent piece of code. It was thought to be impossible, but he managed it within a week."

So, I may simply have to ask the kde mailing list about what to do. This does not appear to be a trivial issue. : )

Thanks again for your help.

Ben
 
Old 12-17-2001, 09:26 AM   #6
YaHu
LQ Newbie
 
Registered: Jun 2001
Location: SF Bay Area
Distribution: Debian (right now)
Posts: 24

Rep: Reputation: 15
kppp

I've never tried this, and don't intend to, but doesn't the kppp dialog box that asks for your password have an option of "remember this"? My understanding was that if you checked this box, then it would store the password in the configuration file (insecure!). At this point, it might still ask for you password, but all you'd need to do would be hit enter an extra time.

OTOH, this feels less secute. That's another place that an intruder program could check for authorizations. So I don't intend to even try using it.
 
Old 12-17-2001, 09:57 AM   #7
bluecadet
Member
 
Registered: Oct 2001
Distribution: MD81 RH71
Posts: 555

Rep: Reputation: 30
if you can't get it going, you might prefer to use wvdial and kwvdial if you need a gui for it. it's so much easier to use than kppp. when it goes wrong, you can find out why....
 
Old 12-17-2001, 03:10 PM   #8
aethereal
Member
 
Registered: Dec 2000
Location: Seattle
Distribution: Red Hat 8.0
Posts: 41

Original Poster
Rep: Reputation: 15
Thanks for your help, guys.

To YaHu: No, there is no "remember my password" box when prompted for root password. (That's probably a good thing. : ) )

To bluecadet: This really isn't such a big problem. (I'm just prompted for a password every time.) I was just curious about "getting to the bottom of it." As I mentioned earlier, I'm sure somebody at KDE will have some ideas.

Thanks again for your help!
Ben
 
Old 12-17-2001, 05:08 PM   #9
mark33andathird
LQ Newbie
 
Registered: Dec 2001
Posts: 6

Rep: Reputation: 0
Just to be sure this isn't a suid problem why don't you do a ls -l /usr/bin/kppp and post it?
 
Old 12-17-2001, 05:40 PM   #10
DavidPhillips
LQ Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163

Rep: Reputation: 58
the thing is it is in /usr/sbin/

not /usr/bin

/usr/bin/kppp is linked through console helper which brings up the password prompt.
 
Old 12-18-2001, 01:56 AM   #11
aethereal
Member
 
Registered: Dec 2000
Location: Seattle
Distribution: Red Hat 8.0
Posts: 41

Original Poster
Rep: Reputation: 15
You guys rock. You're so persistent, and that's a great trait to have when working with Linux, I think. : )

OK, here's the output from ls -l /usr/sbin/kppp:
-rwsr-sr-x 1 root root 475084 Sep 9 14:46 kppp

(That is following my previous chmod a+s kppp. (I've also tried variously changing ownership, permissions, and setting UID for the executable, the desktop icon, etc.))

Thanks,
Ben
 
Old 12-19-2001, 04:40 PM   #12
el_felipe
Member
 
Registered: Dec 2001
Location: Sicily (Italy)
Distribution: DEBIAN! - (also used: Red Hat, Mandrake, Slackware, SuSE, BestLinux, EasyLinux, muLinux...)
Posts: 92

Rep: Reputation: 15
aeth,

you already have the answer above (by DavidPhillips): I had the same problem, it isn't KDE, just RedHat.

You haveto edit the menu item and/or the desktop icon and make 'em point to /usr/sbin instead of /usr/bin

try it, that easy!

el felipe
 
Old 12-19-2001, 11:48 PM   #13
aethereal
Member
 
Registered: Dec 2000
Location: Seattle
Distribution: Red Hat 8.0
Posts: 41

Original Poster
Rep: Reputation: 15
el filipe (and DavidPhillips),

Thank you!

Your suggestion did indeed solve this problem perfectly!

(I love this forum!)

In checking just now:
I notice that /usr/bin/kppp is actually a symbolic link to consolehelper (which I would guess eventually calls kppp [consolehelper itself perhaps requires root passwd to do this]), while /usr/sbin/kppp is the actual executable.

Cool! Mystery solved.

Thanks again for your help!

Ben : )
 
Old 04-16-2002, 08:31 AM   #14
GeeTee
LQ Newbie
 
Registered: Apr 2002
Distribution: Attempt @ RH7.2
Posts: 17

Rep: Reputation: 0
Hi all,

Too continue the thread....
I have done the above and can now get kppp to execute from a user account with out prompting for the root password - good!

However none of my dialup accounts are listed and when trying to connect I get the error message that a modem lock file could not be created.

What to do???

Regards
GeeTee
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
kppp not dialing out pen^2 Linux - Software 1 04-30-2005 08:39 AM
how to stop automatic system dialing shams Mandriva 0 06-03-2004 10:25 AM
Problem dialing into ISP with KPPP computerfundi Linux - Newbie 25 05-18-2004 06:58 AM
kppp dialing into a NT Ras callback server MrBiggZ Linux - Software 1 02-10-2004 06:00 PM
root login incorrect ,then passwd root,but error sunnycn Linux - Security 6 05-20-2002 10:54 AM


All times are GMT -5. The time now is 08:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration