Fellow LugHeads,

I have a box at home that I setup as a firewall & ppp dialer to my ISP.
I made a cgi-bin bash script that allows me to dial out, turn off
the connection, or shut down the machine.
(I tried auto-dial/disconnect, but wanted more control)

Getting the devices, programs and files setup with
workable security(tty-port, pppd, scripts,..) was a challenge.

My normal strategy has been to curse unix security, then go root and
do whatever I darn please.  But coming in through the Apache cgi script
forced me to deal with security in something other than my brute force
root fashion.

My lack of unix security know-how quickly showed, I believe I just
SUID various hardware(dev/ttyS#), programs(pppd,chat) and
files(scripts, did I do bash? that would be sick, eh?) until it worked.
Its a good thing there isn't a master switch to turn the whole system
to ROOT, I would have thrown it.

Any comments on do's and don'ts in a situation like this?
I suppose I should learn how to setup and use group file settings.

Heres a good read I found on those funny security bits:
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/features.html

Any recommendations for good books to have on hand for this sort of
thing?

After reading a few of your tips can I claim to be a Security Expert?
:-)

Karl