[895] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] dip

daemon@ATHENA.MIT.EDU (Chris Woods)
Fri Jul 12 11:33:29 1996

Date: Thu, 11 Jul 1996 10:11:38 -0400 (EDT)
From: Chris Woods <cjwoods@paladin.com>
To: johnb@aztec.co.za
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199607101720.TAA06048@rbit.co.za>

-----BEGIN PGP SIGNED MESSAGE-----

John Betts writes:
 > forgive me if I am missing something here....
 > 
 > but, why would you want non-root users to make network connections and
 > make changes to routing tables?

Remember that many, many linux boxes are single-user machines, being
used as desktop PC's in offices or homes. We don't want to encourage
end-users to keep a root shell open, or to do something as root that
they really don't need to do. And I'm sure there are extenuating
circumstances in which there might be a valid reason to allow any of a
number of users to establish a dialup connection without having to
give them root access.

 > Do you _really_ want any 'ol luser on your system to dial out
 > and do funny things with your modem?

I believe dip provides a means by which you can specify which users
are allowed to use the service. I don't recall, honestly... it's been
a long, long time since I've used dip.

		-cjw

  "Beware that the most effective way for someone to decrypt your
    data may be with a rubber hose."  --Tatu Ylonen


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMeULkFBcQF9K4jiRAQHWZgP/cpRQva6dLv+lThMwC4NLjaZMvFuqmVMd
GOkQ9QUT0hvhujSVOD75ypY5dIkEVY3b/4hXH3BEHXG4ugVSI+Ls9a7Ry7pqzzW3
yI3E3g035Lvf3osLiTNlsU0Z802WZ9y5ozKzU2UwuzV63/aF7vY8T8+4I4fTkjiF
r95mej3ru0Q=
=EiXI
-----END PGP SIGNATURE-----

home help back first fref pref prev next nref lref last post