[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: um-ppp installation
From: |
Philippe Brochard |
Subject: |
Re: um-ppp installation |
Date: |
Fri, 23 Nov 2001 10:28:29 +0100 (CET) |
On 22-Nov-2001 Niels Möller wrote:
> philippe brochard <phil.brochard@free.fr> writes:
>
>> but I think it's a good thing if we can run it with an unprivileged user.
>
> I'm not sure if there's any sensible way to delegate control over just
> some parts of the networking (e.g different network interfaces), but
> until someone comes up with a good model for that, it should be
> possible to delegate control over all networkish things by changing
> the owner of /servers/socket/2, and adding that uid to users or
> processes you want to be able to control the networking.
>
> Some questions (which is why I'm adding bug-hurd to the recipients):
>
> 1. Has anybody thought about partial delegation of networking? Does
> that make sense at all?
>
> 2. Is the group of /servers/socket/2 relevant, or should it be? To me, it
> seems cleaner to add network admins to a special group than using a
> special network-admin uid.
>
> 3. Is there a reasonable way to give a user additional uid:s
> automatically at login?
>
> (On second thought, you probably have to change the owner and
> permission on some other nodes as well, to make sure that pfinet gets
> access to ethernet hardware and stuff. And then one should probably
> think a little about what a "privileged (< 1024) port means when
> pfinet doesn't run as root. This seems a little harier than I'd
> like).
>
> Regards,
> /Niels
I think just that I don't want to become root to start ppp,
but all the users don't have to start ppp, maybe just some
on a specific group.
Regards,
--
Philippe Brochard <hocwp@free.fr>
http://hocwp.free.fr