PPP Configuration Problems!

Mark Ovens mark at dogma.freebsd-uk.eu.org
Tue Aug 31 22:03:24 BST 1999


On Tue, Aug 31, 1999 at 09:18:14PM +0100, Brian Somers wrote:
> Sorry, I was away :-]
> 
> You can ``allow users *'' if you wanna let everyone in.
> 

I wasn't sure about ``*'', couldn't find it in the manpage (I've
found now though).

> WRT the Operation not permitted bit, is ppp installed properly ?  
> This error would result if ppp tried to open the tun device as a 
> normal user :-/  Is there anything ``manual'' being done when 
> installing ppp ?
> 

Hmm, I'd be interested in the outcome of this. I sort of worked
out that it was when trying to open tun0, but I couldn't reproduce
it on my system no matter how much I changed. I got this if I
removed the setuid bit on /usr/sbin/ppp:

marder-1:/usr/marko{52}% ppp
Working in interactive mode
Warning: No available tunnel devices found (Permission denied).
Warning: bundle_Create: No such file or directory
marder-1:/usr/marko{53}% 

not *quite* the same error ("Permission denied" rather than "Operation
not permitted").

> > On Sun, Aug 29, 1999 at 06:43:09PM +0100, Andrew Boothman wrote:
> >
> > > On 28-Aug-99 Mark Ovens wrote:
> > >
> > > >> Even with "allow users" in the default section or in an ISP
> > > >> section, even though it runs fine as root.
> > > >>
> > > >> If I allow access to a spacific user, using "allow user
> > > >> andrew" I get :
> > > >
> > > > That's correct. You need to specify the usernames, it's not a
> > > > global thing, i.e. allow *these* users, not allow *all* users.
> > >
> > > Are you sure? I'm sure (although I can't find it now) that the
> > > man page says that you can allow access for all users.
> > >

> > 
> > Yes, I read the man page but I think it is mis-leading. The handbook states:
> > 
> > 15.1.5.3.2. PPP permissions 
> > 
> > 	ppp must normally be run as user id 0. If however you wish
> > 	to allow ppp to run in server mode as a normal user by
> > 	executing ppp as described below, that user must be given
> > 	permission to run ppp by adding them to the network group
> > 	in /etc/group.
> > 
> > 	You will also need to give them access to one or more
> > 	sections of the configuration file using the allow command:
> > 
> > 	    allow users fred mary
> > 
> > 	If this command is used in the default section, it gives
> > 	the specified users access to everything.
> > 
> > ISTR that when I wanted to run ppp as a non-root user I did the
> > same as you (``allow users'') and it didn't work. I asked in
> > -questions and I;m sure it was Brian Somers who told me you have
> > to list the usernames. I guess you can allow *all* users, as long
> > as you list *all* their names ;-)
> > 
> > > >> "Warning : No available tunnel devices found (Operation not permitted)
> > > >>  Warning : Bundle_create : No such file or directory"
> > > >> 
> > > > 
> > > > Have you got an instance of pppalready running? By default only
> > > > one tunnel device exists (/dev/tun0) but you need a separate one
> > > > for each instance of ppp.
> > > 
> > > No. This is the only PPP running. And /dev/tun0 is present and
> > > everything works when logged in as root.
> > >  
> > 
> > Hmm. I've just checked the source. The first error is due to the
> > call to IDOopen() in bundle_Create() returning EPERM:
> > 
> > 	1 EPERM Operation not permitted. An attempt was made to perform
> > 		an operation limited to processes with appropriate
> > 		privileges or to the owner of a file or other resources.
> > 
> > so it looks like a permissions problem. The second error comes from
> > bundle_Create() returning NULL (due to the first error).
> > 
> > I have tried to re-create the problem on my system, by removing a
> > user from various groups in /etc/group, but I can't.
> > 
> > I'm using the version of ppp that came on the 3.1 CDs.
> > 
> > Hopefully Brian will jump in here and bail me out :-)
> > 
> > > ---
> > > Andrew Boothman <andrew at cream.org>
> > > http://sour.cream.org
> > > Unmetered Telecoms. Join the Fight!
> > > http://www.unmetered.org.uk
> > > 
> > 
> > -- 
> > STATE-OF-THE-ART: Any computer you can't afford.
> > OBSOLETE: Any computer you own.
> > ________________________________________________________________
> >       FreeBSD - The Power To Serve http://www.freebsd.org
> >       My Webpage http://ukug.uk.freebsd.org/~mark/
> > mailto:mark at ukug.uk.freebsd.org              http://www.radan.com
> 
> -- 
> Brian <brian at Awfulhak.org>                        <brian at FreeBSD.org>
>       <http://www.Awfulhak.org>                   <brian at OpenBSD.org>
> Don't _EVER_ lose your sense of humour !          <brian at FreeBSD.org.uk>
> 
> 
> 

-- 
STATE-OF-THE-ART: Any computer you can't afford.
OBSOLETE: Any computer you own.
________________________________________________________________
      FreeBSD - The Power To Serve http://www.freebsd.org
      My Webpage http://ukug.uk.freebsd.org/~mark/
mailto:mark at ukug.uk.freebsd.org              http://www.radan.com






More information about the Ukfreebsd mailing list