Hi,

I have written a little program (in PHP) that can connect and disconnect the modem by displaying a button and then executing the appropriate instruction. This runs on an apache server so that users on the LAN can get to it.

Apache runs at startup and what I would like to know is a)Is the PPP connection running as root, and b)Is this a security hole - as I have heard that connecting to the internet while logged in as root is BaD...

Thanks Graham..

*eeeks*

This is only a security hole if users on the internet will be able to see the page .. *grin*
Then they could concievably do something funky with the setuid app.
Not knowing a ton about PHP yet nor ppp dialups ... I do know that the dialer must run as root to attach the device and to make the routing updates. If your apache is only answering requests from inside (local lan) then you should be okay .. I would include a firewall by default and ensure that port 80 was blocked to the outside.

errmm, how do I block port 80?? How do I make apache only internally viewable?? and what firewall would u recommend??

Thanks..