Hi,
In debian members of group dip and dialout and use modem/isdn devices.
Unfortunately it looks like that one need to be root to run ciptool
and make the isdn controler via bluetooth available.
Question: Are there other methods to enable members of group dialout
to use ciptool that making it setuid root? If not is it safe to
install ciptool by default like
=2Drwsr-x--- 1 root dialout 8368 2004-01-26 23:22 /usr/bin/cipt=
ool
So all group member of dialout can run it. All capi devices are
accessible by dialout members:
# l /dev/capi*
crw-rw---- 1 root dialout 68, 0 2004-03-22 14:00 /dev/capi20
crw-rw---- 1 root dialout 68, 1 2004-03-22 14:00 /dev/capi20.00
crw-rw---- 1 root dialout 68, 2 2004-03-22 14:00 /dev/capi20.01
=46rom a look at the usage/source it seem that ciptool really only allows
to 'create'/'release' a capi controlers.
Achim
=2D-=20
To me vi is Zen. To use vi is to practice zen. Every command is
a koan. Profound to the user, unintelligible to the uninitiated.
You discover truth everytime you use it.
-- [email protected]
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Bluez-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-users
Hi Nicholas,
> > everybody with CAP_NET_ADMIN can create or release a CIP device.
>
> But with this capability he gains a lot of right about any kind of net
> traffic and devices. So I personally think, using sudo with a predefined set of
> allowed arguments is a more secure way.
I never tried it, but as far as I know you can assign a capability to a
specific executable for a specific user. However using sudo is also nice
way.
Regards
Marcel
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Bluez-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-users
On 0, Marcel Holtmann <[email protected]> wrote:
> > In debian members of group dip and dialout and use modem/isdn devices.
> > Unfortunately it looks like that one need to be root to run ciptool
> > and make the isdn controler via bluetooth available.
>
> everybody with CAP_NET_ADMIN can create or release a CIP device.
But with this capability he gains a lot of right about any kind of net
traffic and devices. So I personally think, using sudo with a predefined set of
allowed arguments is a more secure way.
nicholas
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Bluez-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-users
Hi Achim,
> In debian members of group dip and dialout and use modem/isdn devices.
> Unfortunately it looks like that one need to be root to run ciptool
> and make the isdn controler via bluetooth available.
everybody with CAP_NET_ADMIN can create or release a CIP device.
Regards
Marcel
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Bluez-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-users
On 0, Achim Bohnet <[email protected]> wrote:
> In debian members of group dip and dialout and use modem/isdn devices.
> Unfortunately it looks like that one need to be root to run ciptool
> and make the isdn controler via bluetooth available.
>
> Question: Are there other methods to enable members of group dialout
> to use ciptool that making it setuid root? If not is it safe to
> install ciptool by default like
>
> -rwsr-x--- 1 root dialout 8368 2004-01-26 23:22 /usr/bin/ciptool
Using sudo is the preferable way from security point of view.
nicholas
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Bluez-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-users