From: Ken Bantoft (ken_at_freeswan.ca)
Date: Fri Nov 15 2002 - 13:18:46 CET
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 14 Nov 2002, Christopher Lyon wrote:
> I noticed that you can't run ipsec as any other user but root. Can you
> change that? I wanted to give access for other users to add and delete
> tunnels but they can't do that. Do I just to a chown on the file or
> there a reason like libpcap or kernel? It was mentioned maybe do a
> sudoers? What is the best way to do this?
sudoers on the "ipsec" command, and permissions on /etc/ipsec.* if you
must do this. You make your system horribly insecure, as now users can
add/delete routes (even your default route) and override each other's
tunnels at will.
You need root permissions to talk to klips and give/receive policy
information, something normal users shouldn't have access too.
- --
Ken Bantoft The Unoffical FreeS/WAN Site:
ken_at_freeswan.ca http://www.freeswan.ca
PGP Key: finger ken_at_bantoft.org
"Random numbers should not be generated with a method
chosen at random." -- Donald Knuth,
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBPdTmKliWUusaxGxpAQFceQQAhUZeN43wb3BZItWe4xsb6EGPB+zNi834
k/1/9Rv/ecXlfFPFeoJL6p/koUQSha9iwNsARDE2kOd8IA/ykH2QkMGvLtSEq8Ec
FBgEYbds5uEZekNU9Ii5ATL9bRkr6av0WF5PzdEKroaX9V7u0srOW7SMIXfGd6QF
EA459ew1+EA=
=5L9a
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Sat Nov 16 2002 - 05:20:41 CET