From abeaupre@chemcomp.com Fri Jul 28 09:30:45 2000 Return-Path: Received: from smtp13.bellglobal.com (smtp13.bellglobal.com [204.101.251.52]) by hub.freebsd.org (Postfix) with ESMTP id 025D537BB72 for ; Fri, 28 Jul 2000 09:30:44 -0700 (PDT) (envelope-from abeaupre@chemcomp.com) Received: from hermes.chemcomp.com (ppp11379.qc.bellglobal.com [206.172.147.92]) by smtp13.bellglobal.com (8.8.5/8.8.5) with ESMTP id MAA28741 for ; Fri, 28 Jul 2000 12:34:58 -0400 (EDT) Received: from sky.chemcomp.com (sky.chemcomp.com [192.1.1.62]) by hermes.chemcomp.com (Postfix) with ESMTP id 231351682D for ; Fri, 28 Jul 2000 12:23:51 -0400 (EDT) Received: by sky.chemcomp.com (Postfix, from userid 1111) id 8B38983; Fri, 28 Jul 2000 12:23:49 -0400 (EDT) Message-Id: <20000728162349.8B38983@sky.chemcomp.com> Date: Fri, 28 Jul 2000 12:23:49 -0400 (EDT) From: Antoine@chemcomp.com, Beaupre@chemcomp.com Sender: abeaupre@chemcomp.com Reply-To: abeaupre@chemcomp.com To: FreeBSD-gnats-submit@freebsd.org Subject: Making user-PPP start as an arbitrary user instead of root X-Send-Pr-Version: 3.2 >Number: 20258 >Category: conf >Synopsis: Making user-PPP start as an arbitrary user instead of root >Confidential: no >Severity: non-critical >Priority: medium >Responsible: brian >State: closed >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Jul 28 09:40:03 PDT 2000 >Closed-Date: Wed Aug 9 17:13:57 PDT 2000 >Last-Modified: Wed Aug 09 17:14:45 PDT 2000 >Originator: Antoine Beaupre >Release: FreeBSD 4.0-RELEASE i386 >Organization: Chemical Computing Group, Inc >Environment: FreeBSD sky.chemcomp.com 4.0-RELEASE FreeBSD 4.0-RELEASE #7: Tue Jun 27 16:42:57 EDT 2000 root@sky.chemcomp.com:/usr/src/sys/compile/SKY i386 >Description: User PPP is started as the root user from rc.network. I added a variable to make it start as an arbitrary user. >How-To-Repeat: Arg, the heck with it, here's the patch >Fix: Create a "ppp_user" variable which is the user under which ppp should run. If set to "NO", no su(1) is performed, otherwise, instead of just calling: ppp ${ppp_command} -quiet ${ppp_profile} it is called as su -c "user" '${ppp_command}' The meaning of ${ppp_command} is obviously changed, but it should not interfere with anything else. *** rc.conf.orig Fri Jul 14 10:54:54 2000 --- rc.conf Fri Jul 14 10:56:19 2000 *************** *** 77,82 **** --- 77,83 ---- # For details see man page for ppp(8). Default is auto. ppp_nat="YES" # Use PPP's internal network address translation or NO. ppp_profile="papchap" # Which profile to use from /etc/ppp/ppp.conf. + ppp_user="NO" # Which user to start PPP with (or NO) ### Network daemon (miscellaneous) & NFS options: ### syslogd_enable="YES" # Run syslog daemon (or NO). *** rc.network.orig Fri Jul 14 10:56:33 2000 --- rc.network Fri Jul 14 11:26:25 2000 *************** *** 160,167 **** ;; esac ! echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} ! ;; esac # Initialize IP filtering using ipfw --- 160,176 ---- ;; esac ! ppp_command="ppp ${ppp_command} -quiet ${ppp_profile}" ! ! echo -n 'Starting ppp: ' ! case ${ppp_user} in ! [Nn][Oo]) ! ${ppp_command}; ! ;; ! *) ! su ${ppp_user} -c "${ppp_command}"; ! ;; ! esac esac # Initialize IP filtering using ipfw *** /usr/src/share/man/man5/rc.conf.5 Fri Mar 3 09:04:56 2000 --- /tmp/rc.conf.5 Fri Jul 28 12:20:18 2000 *************** *** 329,334 **** --- 329,338 ---- .It Ar ppp_profile (str) The name of the profile to use from .Ar /etc/ppp/ppp.conf . + .It Ar ppp_user + (str) The name of the user under which ppp should be started. If set to + .Ar NO , + ppp is started as the root user. .It Ar rc_conf_files (str) This option is used to specify a list of files that will override the settings in >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-bugs->brian Responsible-Changed-By: sheldonh Responsible-Changed-When: Mon Jul 31 02:38:20 PDT 2000 Responsible-Changed-Why: Over to the PPP maintainer. http://www.freebsd.org/cgi/query-pr.cgi?pr=20258 From: Sheldon Hearn To: abeaupre@chemcomp.com Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: conf/20258: Making user-PPP start as an arbitrary user instead of root Date: Mon, 31 Jul 2000 11:38:12 +0200 On Fri, 28 Jul 2000 12:23:49 -0400, Antoine@chemcomp.com wrote:, Beaupre@chemcomp.com wrote: > + ppp_user="NO" # Which user to start PPP with (or NO) I think that it would make more sense to default this value to "root", and to use this value unconditionally. Ciao, Sheldon. From: System Administrator To: Sheldon Hearn Cc: abeaupre@chemcomp.com, FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: conf/20258: Making user-PPP start as an arbitrary user instead of root Date: Mon, 31 Jul 2000 10:43:23 -0400 Sheldon Hearn wrote: > > On Fri, 28 Jul 2000 12:23:49 -0400, Antoine@chemcomp.com wrote:, > Beaupre@chemcomp.com wrote: > > > + ppp_user="NO" # Which user to start PPP with (or NO) > > I think that it would make more sense to default this value to "root", > and to use this value unconditionally. Yep. This makes an awful lot of sense. So here we go again: New Fix: *** /etc/defaults/rc.conf.orig Fri Jul 14 10:54:54 2000 --- /etc/defaults/rc.conf Fri Jul 14 10:56:19 2000 *************** *** 77,82 **** --- 77,83 ---- # For details see man page for ppp(8). Default is au ppp_nat="YES" # Use PPP's internal network address translation or ppp_profile="papchap" # Which profile to use from /etc/ppp/ppp.conf. + ppp_user="root" # Which user to start PPP with ### Network daemon (miscellaneous) & NFS options: ### syslogd_enable="YES" # Run syslog daemon (or NO). *** /etc/rc.network.orig Fri Jul 14 10:56:33 2000 --- /etc/rc.network Mon Jul 31 10:31:06 2000 *************** *** 160,167 **** ;; esac ! echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} ! ;; esac # Initialize IP filtering using ipfw --- 160,176 ---- ;; esac ! ppp_command="ppp ${ppp_command} -quiet ${ppp_profile}" ! ! echo -n 'Starting ppp: ' ! case ${ppp_user} in ! root) ! ${ppp_command}; ! ;; ! *) ! su ${ppp_user} -c "${ppp_command}"; ! ;; ! esac esac # Initialize IP filtering using ipfw The same with the man page... *** /usr/src/share/man/man5/rc.conf.5 Fri Mar 3 09:04:56 2000 --- /tmp/rc.conf.5 Fri Jul 28 12:20:18 2000 *************** *** 329,334 **** --- 329,338 ---- .It Ar ppp_profile (str) The name of the profile to use from .Ar /etc/ppp/ppp.conf . + .It Ar ppp_user + (str) The name of the user under which ppp should be started. By default, ppp is started as .Ar root. .It Ar rc_conf_files (str) This option is used to specify a list of files that will override the settings in That's better... BTW, I don't know very much about GNATS protocols. Should I've send another PR instead of "patching" this one? :) Antoine Beaupre System Administrator Chemical Computing Group, Inc. State-Changed-From-To: open->closed State-Changed-By: brian State-Changed-When: Wed Aug 9 17:13:57 PDT 2000 State-Changed-Why: I've committed the functionality to -current and will MFC in 1 week assuming no problems. http://www.freebsd.org/cgi/query-pr.cgi?pr=20258 >Unformatted: