From abeaupre@chemcomp.com  Fri Jul 28 09:30:45 2000
Return-Path: <abeaupre@chemcomp.com>
Received: from smtp13.bellglobal.com (smtp13.bellglobal.com [204.101.251.52])
	by hub.freebsd.org (Postfix) with ESMTP id 025D537BB72
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 28 Jul 2000 09:30:44 -0700 (PDT)
	(envelope-from abeaupre@chemcomp.com)
Received: from hermes.chemcomp.com (ppp11379.qc.bellglobal.com [206.172.147.92])
	by smtp13.bellglobal.com (8.8.5/8.8.5) with ESMTP id MAA28741
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 28 Jul 2000 12:34:58 -0400 (EDT)
Received: from sky.chemcomp.com (sky.chemcomp.com [192.1.1.62])
	by hermes.chemcomp.com (Postfix) with ESMTP id 231351682D
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 28 Jul 2000 12:23:51 -0400 (EDT)
Received: by sky.chemcomp.com (Postfix, from userid 1111)
	id 8B38983; Fri, 28 Jul 2000 12:23:49 -0400 (EDT)
Message-Id: <20000728162349.8B38983@sky.chemcomp.com>
Date: Fri, 28 Jul 2000 12:23:49 -0400 (EDT)
From: Antoine@chemcomp.com, Beaupre@chemcomp.com
Sender: abeaupre@chemcomp.com
Reply-To: abeaupre@chemcomp.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: Making user-PPP start as an arbitrary user instead of root
X-Send-Pr-Version: 3.2

>Number:         20258
>Category:       conf
>Synopsis:       Making user-PPP start as an arbitrary user instead of root
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    brian
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jul 28 09:40:03 PDT 2000
>Closed-Date:    Wed Aug 9 17:13:57 PDT 2000
>Last-Modified:  Wed Aug 09 17:14:45 PDT 2000
>Originator:     Antoine Beaupre
>Release:        FreeBSD 4.0-RELEASE i386
>Organization:
Chemical Computing Group, Inc
>Environment:

FreeBSD sky.chemcomp.com 4.0-RELEASE FreeBSD 4.0-RELEASE #7: Tue Jun 27 16:42:57 EDT 2000     root@sky.chemcomp.com:/usr/src/sys/compile/SKY  i386

>Description:

User PPP is started as the root user from rc.network. I added a
variable to make it start as an arbitrary user.

>How-To-Repeat:

Arg, the heck with it, here's the patch

>Fix:

Create a "ppp_user" variable which is the user under which ppp should
run. If set to "NO", no su(1) is performed, otherwise, instead of just
calling:

ppp ${ppp_command} -quiet ${ppp_profile}

it is called as

su -c "user" '${ppp_command}'

The meaning of ${ppp_command} is obviously changed, but it should not
interfere with anything else. 

*** rc.conf.orig        Fri Jul 14 10:54:54 2000
--- rc.conf     Fri Jul 14 10:56:19 2000
***************
*** 77,82 ****
--- 77,83 ----
                        # For details see man page for ppp(8). Default is auto.
  ppp_nat="YES"         # Use PPP's internal network address translation or NO.
  ppp_profile="papchap" # Which profile to use from /etc/ppp/ppp.conf.
+ ppp_user="NO"         # Which user to start PPP with (or NO)
  
  ### Network daemon (miscellaneous) & NFS options: ###
  syslogd_enable="YES"          # Run syslog daemon (or NO).

*** rc.network.orig     Fri Jul 14 10:56:33 2000
--- rc.network  Fri Jul 14 11:26:25 2000
***************
*** 160,167 ****
                        ;;
                esac
  
!               echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile}
!               ;;
        esac
  
        # Initialize IP filtering using ipfw
--- 160,176 ----
                        ;;
                esac
  
!               ppp_command="ppp ${ppp_command} -quiet ${ppp_profile}"
! 
!               echo -n 'Starting ppp: '
!               case ${ppp_user} in
!               [Nn][Oo])
!                       ${ppp_command};
!                       ;;
!               *)
!                       su ${ppp_user} -c "${ppp_command}";
!                       ;;
!               esac
        esac
  
        # Initialize IP filtering using ipfw

*** /usr/src/share/man/man5/rc.conf.5   Fri Mar  3 09:04:56 2000
--- /tmp/rc.conf.5      Fri Jul 28 12:20:18 2000
***************
*** 329,334 ****
--- 329,338 ----
  .It Ar ppp_profile
  (str) The name of the profile to use from
  .Ar /etc/ppp/ppp.conf .
+ .It Ar ppp_user
+ (str) The name of the user under which ppp should be started. If set to
+ .Ar NO ,
+ ppp is started as the root user. 
  .It Ar rc_conf_files
  (str) This option is used to specify a list of files that will override
  the settings in

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->brian 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Mon Jul 31 02:38:20 PDT 2000 
Responsible-Changed-Why:  
Over to the PPP maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=20258 

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: abeaupre@chemcomp.com
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: conf/20258: Making user-PPP start as an arbitrary user instead of root 
Date: Mon, 31 Jul 2000 11:38:12 +0200

 On Fri, 28 Jul 2000 12:23:49 -0400, Antoine@chemcomp.com wrote:,
 Beaupre@chemcomp.com wrote:
 
 > + ppp_user="NO"         # Which user to start PPP with (or NO)
 
 I think that it would make more sense to default this value to "root",
 and to use this value unconditionally.
 
 Ciao,
 Sheldon.
 

From: System Administrator <admin@chemcomp.com>
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: abeaupre@chemcomp.com, FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: conf/20258: Making user-PPP start as an arbitrary user instead of 
 root
Date: Mon, 31 Jul 2000 10:43:23 -0400

 Sheldon Hearn wrote:
 > 
 > On Fri, 28 Jul 2000 12:23:49 -0400, Antoine@chemcomp.com wrote:,
 > Beaupre@chemcomp.com wrote:
 > 
 > > + ppp_user="NO"         # Which user to start PPP with (or NO)
 > 
 > I think that it would make more sense to default this value to "root",
 > and to use this value unconditionally.
 
 Yep. This makes an awful lot of sense.
 
 So here we go again:
 
 New Fix:
 
 *** /etc/defaults/rc.conf.orig        Fri Jul 14 10:54:54 2000
 --- /etc/defaults/rc.conf     Fri Jul 14 10:56:19 2000
 ***************
 *** 77,82 ****
 --- 77,83 ----
                         # For details see man page for ppp(8). Default
 is au
   ppp_nat="YES"         # Use PPP's internal network address translation
 or
   ppp_profile="papchap" # Which profile to use from /etc/ppp/ppp.conf.
 + ppp_user="root"       # Which user to start PPP with
       
   ### Network daemon (miscellaneous) & NFS options: ###
   syslogd_enable="YES"          # Run syslog daemon (or NO).
 
 *** /etc/rc.network.orig        Fri Jul 14 10:56:33 2000
 --- /etc/rc.network     Mon Jul 31 10:31:06 2000
 ***************
 *** 160,167 ****
                         ;;
                 esac
   
 !               echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet
 ${ppp_profile}
 !               ;;
         esac
   
         # Initialize IP filtering using ipfw
 --- 160,176 ----
                         ;;
                 esac
   
 !               ppp_command="ppp ${ppp_command} -quiet ${ppp_profile}"
 ! 
 !               echo -n 'Starting ppp: '
 !               case ${ppp_user} in
 !               root)
 !                       ${ppp_command};
 !                       ;;
 !               *)
 !                       su ${ppp_user} -c "${ppp_command}";
 !                       ;;
 !               esac
         esac
   
         # Initialize IP filtering using ipfw
 
 The same with the man page...
 
 *** /usr/src/share/man/man5/rc.conf.5   Fri Mar  3 09:04:56 2000
 --- /tmp/rc.conf.5      Fri Jul 28 12:20:18 2000
 ***************
 *** 329,334 ****
 --- 329,338 ----
   .It Ar ppp_profile
   (str) The name of the profile to use from
   .Ar /etc/ppp/ppp.conf .
 + .It Ar ppp_user
 + (str) The name of the user under which ppp should be started. By
 default, ppp is started
   as
   .Ar root.
   .It Ar rc_conf_files
   (str) This option is used to specify a list of files that will
 override
   the settings in
 
 That's better... BTW, I don't know very much about GNATS protocols.
 Should I've send another PR instead of "patching" this one? :)
 
 Antoine Beaupre
 System Administrator
 Chemical Computing Group, Inc.
 
State-Changed-From-To: open->closed 
State-Changed-By: brian 
State-Changed-When: Wed Aug 9 17:13:57 PDT 2000 
State-Changed-Why:  
I've committed the functionality to -current and will MFC in 1 week 
assuming no problems. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=20258 
>Unformatted:
