[PLUG] wvdial, pppd, and permissions insanity

Carla Schroder carla at bratgrrl.com
Fri Oct 14 15:28:37 UTC 2005 

OK gang, this is driving me nuts.

I want to let non-privileged users run wvdial. It works on Debian. Here is how 
it's set up:

$ ls -l `which wvdial`
-rwxr-xr-x  1 root root 98408 Jan 21  2005 /usr/bin/wvdial

$ ls -l `which wvdialconf`
-rwxr-xr-x  1 root root 48968 Jan 21  2005 /usr/bin/wvdialconf

$ ls -l /usr/sbin/pppd
-rwsr-xr--  1 root dip 232536 Dec 30  2004 /usr/sbin/pppd

$ ls -l /dev/ttyS0
crw-rw----  1 root dialout 4, 64 Oct 14 00:31 /dev/ttyS0

Easy peasey. I don't have to change a thing. This lets users set up their own 
private dialup configs in 
~/.wvdialrc, and also use the global config in /etc/wvdial.conf. No problems, 
every one is happy, the sun shines, life is good. Any user who need dialup 
services merely needs to be put in the 'dialout' group, with no other 
changes. 

Then we come to CentOS, which is a Red hat clone. (cue ominous music).

$ ls -l /dev/ttyS2
crw-rw----  1 root uucp 4, 64 Oct 14 00:31 /dev/ttyS2

$ ls -l /usr/sbin/pppd
-r-x-xr-x 1 root root 250996 Feb 21  2005 /usr/sbin/pppd

$ ls -l `which wvdial`
-rwxr-xr-x  1 root root 127636 Feb 21  2005 /usr/bin/wvdial

$ ls -l `which wvdialconf`
-rwxr-xr-x  1 root root 73912 Feb 21  2005 /usr/bin/wvdialconf

To get wvdial and wvdialconf to work for unprivileged user I have to  chmod 
4755 (ooo suid, what a 
good idea :P.) Assigning groups doesn't matter- for example, changing the 
group ownsership of wvdial 
and wvdialconf to uucp, then adding human users to uucp still doesn't make 
them accessible. So with suid I can at least set up some private accounts in 
the user's homedir. But the users cannot access global accounts 
in /etc/wvdial.conf

Nothing I do gets ordinary unprivileged users out of their homedirs- not suid 
on pppd, nor stuffing everone into the same groups- nothing. I get the same 
error: 'Cannot open device foo. Device or resource busy.'

Yes, I'm sure I have the correct serial port- it works for the root user.

All brilliant notions welcome.

Please note I have googled a lot and found the same problem all over. One 
suggested solution was using an alias file containing USERCTL=yes. 
(http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-networkscripts-interfaces.html)
Tried that. Didn't work.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
http://www.tuxcomputing.com
check out my new book, the "Linux Cookbook", the ultimate Linux user's 
and sysadmin's guide! http://www.oreilly.com/catalog/linuxckbk/
this message brought to you
by Libranet 3 and Kmail
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

More information about the PLUG mailing list