Results 1 to 3 of 3

Thread: kppp - why do I have to run it as root from Fedora/RedHat?

  1. #1

    kppp - why do I have to run it as root from Fedora/RedHat?

    Okay, Folks,

    I've tried a few things to see if I can figure out why kppp is requesting the root password on my Fedora system (did the same darn thing on RH 7.2, and on 9.0, and I'm gettin' tired of it).

    I've created a group called kpppusers, added my normal account to that group, and set permissions on several files related to kppp to 4755. Still, every time I call up kppp I am asked for the root password. Hell, I even added an /etc/kppp.allow file and it doesn't seem to do anything.

    Strangely, while Mandrake 9.2 seemed to want to change my sound card setup back to something that didn't work, it got the kppp thing right, so I know it can be done. I have to wonder why Red Hat does this.

    Any help will be appreciated.

    Later On,

  2. #2

    Re:kppp - why do I have to run it as root from Fedora/RedHat?

    What's the permissions on your modem?

  3. #3

    Re:kppp - why do I have to run it as root from Fedora/RedHat?

    [quote author=countach44 link=board=4;threadid=8759;start=0#msg79155 date=1077835531]
    What's the permissions on your modem?

    Uh... ownerships and permissions as follows on /dev/modem:

    owner = root, group = kpppusers, permissions = 4740

    which I don't figure is a big problem (I don't use uucp) but here's the whole story (yup - I got it figured out...). (Don't forget that some of this is in the first post I made...)

    Checked out the kppp FAQ at:
    and found out that there was a "fix" for this (but keep reading after I post it, because it was incomplete...) From my system notes (yeah, I keep a notebook- can't remember sh!t otherwise... ) I'll quote the following:

    Okay... I've been round and round with this one... a lot of changes to permissions. Let me step back and document where everything is so far, because I'm tantalizingly close to getting this to work... I'll probably find out that there are tons of security holes to this approach after I get it figured out...

    1.) executed a fix I found in the kppp FAQ:

    1.) su to a root shell. (Open a terminal window, type in su, then give root's password when prompted...)

    2.) delete the symlink to consolehelper by:
    rm /usr/bin/kppp

    3.) alter permissions on /usr/sbin/kppp (the actual kppp binary) as follows:
    chmod u+s /usr/sbin/kppp (I think this actually sets kppp suid root)

    4.) create a new symlink as follows:
    ln -s /usr/sbin/kppp /usr/bin/kppp

    Apparently, Red Hat had some concerns about running kppp as suid root? So they set up kppp to run as a consolehelper app under PAM to avoid this? So now, instead of being able to add users to a kpppusers group or some such, every user that needs access to the kppp connection needs to also have the root password? I don't think so. But before I turn this into a rant, let's get on with the rest of the solution, because if you just go this far, the next time you start kppp it will start, but will be unable to create a lock file on /dev/modem!

    So... what to do? Here's what. (Bear in mind that, in the following, I'm talking about my laptop, where the only non-root user is horus. You'd want to do the group adds for every user out there...)

    Again, quoting from my system notes:

    This allowed the kppp interface to come up without prompting for the root password, but now the error "can't create lock file on /dev/modem" occurs... could it be that user horus does not have the required permissions to create the lock file?

    2.) added user horus to group lock (already in group kpppusers)
    3.) changed ownerships/permissions on /var/lock to root root 0775
    4.) changed ownerships/permissions on /var toroot root0775
    5.) checked ownerships/permissions on /usr/sbin/kppp at root kpppusers4775
    6.) changed ownerships/permissions on /usr/sbin/pppd torootkpppusers0755
    7.) changed ownerships/permissions on /usr/sbin/pppdump to rootkpppusers0755

    After doing all of this, execution of kppp works just fine from user horus. I'm presuming that if you added more users to group kpppusers that they, too, would be able to use kppp, but I haven't tested this theory yet. By the way, I used Midnight Commander from a root shell to make all the permissions/ownerships changes... saved a ton of time trying to remember the switches and commands for that stuff.

    Messing with /usr/sbin/pppdump was probably unnecessary, but I don't think it'll hurt anything... somebody please tell me if I'm wrong about that.

    Well that's it for now. Think I oughta write this up a little more clearly as a PET or something, or is this simple enough to follow?

    Later On,

Similar Threads

  1. Replies: 0
    Last Post: 11-24-2008, 03:34 AM
  2. Fedora 4 and SSH root questions
    By webbuddy in forum Redhat / Fedora
    Replies: 10
    Last Post: 12-05-2006, 05:55 PM
  3. Help with Kppp
    By Aileron in forum Linux - General Topics
    Replies: 1
    Last Post: 05-12-2003, 12:52 AM
  4. RedHat's root verification
    By Schotty in forum Linux - Software, Applications & Programming
    Replies: 14
    Last Post: 01-31-2003, 06:07 PM
  5. KPPP
    By lhvan in forum Linux - Hardware, Networking & Security
    Replies: 5
    Last Post: 07-23-2002, 03:23 AM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts