>Here's what I do... I have a small "wrapper" program that is itself SUID
>root, but only executable by someone of group "netter". This way, I can
>control access to the scripts... Only people in that group can execute
>the ppp scripts, and the scripts themselves are run SUID root, without
>having to worry about the user doing something nasty to snag root access
>from you.

Hi Mason,

You had better make sure that your users can't edit your ppp scripts if you
run the wrapper SIUD root. Otherwise, you're actually giving your users the
ability to do absolutely anything rootly they want. Calling scripts from
SUID wrappers can be dangerous...your wrapper doesn't know what it's
doing...all it knows is that it can rootly run anything with the name/path
that is specified.


Mike
Bikers don't *DO* taglines.