Re: Allowing unprivileged users to use some router functions

[peter@bgnett.no (Peter N. M. Hansteen)]

Robert Golovniov <g-r-v@ukr.net> writes:

>   Now, with IPcop and its easy-to-use Web-interface, it was quite easy
>   to  teach  a  computer novice how to bring the PPP connection up and
>   down  and also to shut down the firewall machine altogether, when no
>   Internet  connection  was  needed.

How about a configuration where the link would come up automatically when
a network packet of an allowed type needed to go somewhere other than the
local net, and hang up when no longer needed, that is after a after a 
period without network activity? 

That could be accomplished rather easily by using a ppp(8) auto dial 
configuration. See the ppp man page and section 6 of the faq.

A ppp auto setup feels to the end user pretty much like being on a
permanent connection, minus the slight delay for dialling when the
connection is first made. Your users would not need to be taught anything
(except perhaps unlearning the dialling procedure).

Shutting down the machine - that gets a bit more complicated, and includes
letting users other than root into the operator group. You might want 
to have a look at sudo(8)

- P

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/	http://www.datadok.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"