diff options
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/networking/tuntap.txt | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/Documentation/networking/tuntap.txt b/Documentation/networking/tuntap.txt index 76750fb9151a..839cbb71388b 100644 --- a/Documentation/networking/tuntap.txt +++ b/Documentation/networking/tuntap.txt | |||
| @@ -39,10 +39,13 @@ Copyright (C) 1999-2000 Maxim Krasnyansky <max_mk@yahoo.com> | |||
| 39 | mknod /dev/net/tun c 10 200 | 39 | mknod /dev/net/tun c 10 200 |
| 40 | 40 | ||
| 41 | Set permissions: | 41 | Set permissions: |
| 42 | e.g. chmod 0700 /dev/net/tun | 42 | e.g. chmod 0666 /dev/net/tun |
| 43 | if you want the device only accessible by root. Giving regular users the | 43 | There's no harm in allowing the device to be accessible by non-root users, |
| 44 | right to assign network devices is NOT a good idea. Users could assign | 44 | since CAP_NET_ADMIN is required for creating network devices or for |
| 45 | bogus network interfaces to trick firewalls or administrators. | 45 | connecting to network devices which aren't owned by the user in question. |
| 46 | If you want to create persistent devices and give ownership of them to | ||
| 47 | unprivileged users, then you need the /dev/net/tun device to be usable by | ||
| 48 | those users. | ||
| 46 | 49 | ||
| 47 | Driver module autoloading | 50 | Driver module autoloading |
| 48 | 51 | ||