callback running as root?

• Messages sorted by:[ date ][ thread ][ subject ][ author ]

hi,

On Tue, Feb 23, 1999 at 05:29:06PM -0800, Justin Burdine wrote:
> I know the security issues with running callback as root, but aside from
> that is there a reason it has to be run as root?  Possibly a problem
> calling mgetty?

callback has to signal mgetty to take over the line for login - and this
can only be done by root.

(If this signalling wouldn't be done, callback would have to do all the
stuff necessary for a successful login, which mean "root rights as well").

> we are setting up a box that has no accounts on it just enough to engage
> a ppp session and view proxied interactive web pages for render
> wrangling.  The senior administrator is insisting that we not have an
> active root account on this box once it is up and installed.  There will
> be one just not one that is active via the modem or telnet...

You don't need a real "root" account for that.  Just call callback
from login.config, or write a "login shell" for the callback account that
doesn't do anything besides calling callback with the proper arguments.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert@greenie.muc.de
fax: +49-89-35655025                        gert.doering@physik.tu-muenchen.de