Chapter 6. KPPP and security issues

This section is mainly for superusers (root) people with high security demands, or simply technically interested people. It is not necessary to read this if you only use Linux® at home for yourself, although you may learn a thing or two in any case.

Restricting access to KPPP

A system administrator might want to restrict access as to who is allowed to use KPPP. There are two ways to accomplish this.

Restricting access with group permissions

Create a new group (you might want to name it dialout or similar), and put every user that should be allowed to use KPPP into that group. Then type at the prompt:

# chown root.dialout /opt/kde/bin/kppp
# chmod 4750 /opt/kde/bin/kppp

This assumes that KDE was installed in /opt/kde/ and that your new group is named dialout.

Restricting access KPPP's way

Before doing anything, KPPP checks if there is a file named /etc/kppp.allow. If such a file exists, only users named in this file are allowed to dial out. This file must be readable by everyone (but of course NOT writable.) Only login names are recognized, so you cannot use UID's in this file. Here is a short example:

# /etc/kppp.allow
# comment lines like this are ignored
# as well as empty lines

fred
karl
daisy

In the example above, only the users fred, karl and daisy are allowed to dial out, as well as every user with a UID of 0 (so you don't have to explicitly list root in the file).