[Techtalk] wvdial, pppd, and permissions insanity
Carla Schroder
carla at bratgrrl.com
Fri Oct 14 18:19:12 EST 2005
OK gang, this is driving me nuts.
I want to let non-privileged users run wvdial. It works on Debian. Here is how
it's set up:
$ ls -l `which wvdial`
-rwxr-xr-x 1 root root 98408 Jan 21 2005 /usr/bin/wvdial
$ ls -l `which wvdialconf`
-rwxr-xr-x 1 root root 48968 Jan 21 2005 /usr/bin/wvdialconf
$ ls -l /usr/sbin/pppd
-rwsr-xr-- 1 root dip 232536 Dec 30 2004 /usr/sbin/pppd
$ ls -l /dev/ttyS0
crw-rw---- 1 root dialout 4, 64 Oct 14 00:31 /dev/ttyS0
Easy peasey. This lets users set up their own private dialup configs in
~/.wvdialrc, and also use the global config in /etc/wvdial.conf. No problems,
every one is happy, the sun shines, life is good. Any user who need dialup
services merely needs to be put in the 'dialout' group, with no other
changes.
Then we come to CentOS, which is a Red hat clone. (cue ominous music).
$ ls -l /dev/ttyS2
crw-rw---- 1 root uucp 4, 64 Oct 14 00:31 /dev/ttyS2
$ ls -l /usr/sbin/pppd
-r-x-xr-x 1 root root 250996 Feb 21 2005 /usr/sbin/pppd
$ ls -l `which wvdial`
-rwxr-xr-x 1 root root 127636 Feb 21 2005 /usr/bin/wvdial
$ ls -l `which wvdialconf`
-rwxr-xr-x 1 root root 73912 Feb 21 2005 /usr/bin/wvdialconf
To get wvdial and wvdialconf to work I have to chmod 4755 (ooo suid, what a
good idea :P.) Assigning groups doesn't matter- for example, putting wvdial
and wvdialconf in uucp, then adding human users still doesn't make them
accessible. So with suid I can at least set up some private accounts in the
user's homedir. But the users cannot access global accounts
in /etc/wvdial.conf
Nothing I do gets ordinary unprivileged users out of their homedirs- not suid
on pppd, nor stuffing everone into the same groups- nothing. I get the same
error: 'Cannot open device foo. Device or resource busy.'
Yes, I'm sure I have the correct serial port- it works for the root user.
All brilliant notions welcome.
Please note I have googled a lot and found the same problem all over. One
suggested solution was using an alias file containing USERCTL=yes.
(http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-networkscripts-interfaces.html)
Tried that. Didn't work.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
http://www.tuxcomputing.com
check out my new book, the "Linux Cookbook", the ultimate Linux user's
and sysadmin's guide! http://www.oreilly.com/catalog/linuxckbk/
this message brought to you
by Libranet 3 and Kmail
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Techtalk
mailing list