Apparently, _Dennis Stosberg_, on 21/04/05 13:46,typed: > Am 21.04.2005 um 13:18 schrieb H. S.: > > >>What do others use for using vpnc-connect and vpnc-disconnect? And to >>make these commands abstract from normal users. > > > As always, there is more than one way: > > You can create a group "vpnc", put your users into that group. Then, > make the vpnc-(dis)connect binaries executable for that group only. > And finally make them suid-root. > > Or you might look at sudo, which is probably easier. > > > Regards, > Dennis >
So I was finally(after being busy in research, configuring Debian Sarge based router and sorting out other tun0 based iptables stuff) try out the sudo method to allow users to connect/disconnect to their vpn servers at their universities. Here is the sudo config I am using to allow users 'user1' and 'user2' to using VPN: ############################################# ~# cat /etc/sudoers # /etc/sudoers # # This file MUST be edited with the 'visudo' command as root. # # See the man page for details on how to write a sudoers file. # # Host alias specification # User alias specification User_Alias VPNUSERS = user1, user2 # Cmnd alias specification Cmnd_Alias VPNCOMMANDS = /usr/sbin/vpnc,/usr/sbin/vpnc-connect,/usr/sbin/vpnc-disconnect # User privilege specification root ALL=(ALL) ALL VPNUSERS ALL=VPNCOMMANDS ############################################# I then put this in .bashrc of the two users: #my aliases alias vpnopen='sudo vpnc-connect' alias vpnclose='sudo vpnc-disconnect' So after this, the users can use "vpnopen univ" to connect to a VPN server (whose config file is /etc/vpnc/univ.conf) and "vpnclose" to terminate the VPN connection. Concerning iptables, I did, however, have to give permissions in iptables script to allow all outgoing traffic to tun0 device and all related, established in through tun0 (in addition to allowing nameservers [given for univ VPN server] through eth0 device). Now sure if I need that "/usr/sbin/vpnc" there in sudo config though. Many thanks, ->HS -- Please remove the underscores ( the '_' symbols) from my email address to obtain the correct one. Apologies, but the fudging is to remove spam. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
