[PLUG] wvdial, pppd, and permissions insanity
Terry Griffin
griffint at pobox.com
Fri Oct 14 16:34:57 UTC 2005
On Friday 14 October 2005 8:28 am, Carla Schroder wrote:
> OK gang, this is driving me nuts.
>
> I want to let non-privileged users run wvdial. It works on Debian. Here is
> how it's set up:
>
> $ ls -l `which wvdial`
> -rwxr-xr-x 1 root root 98408 Jan 21 2005 /usr/bin/wvdial
>
> $ ls -l `which wvdialconf`
> -rwxr-xr-x 1 root root 48968 Jan 21 2005 /usr/bin/wvdialconf
>
> $ ls -l /usr/sbin/pppd
> -rwsr-xr-- 1 root dip 232536 Dec 30 2004 /usr/sbin/pppd
>
> $ ls -l /dev/ttyS0
> crw-rw---- 1 root dialout 4, 64 Oct 14 00:31 /dev/ttyS0
>
> Easy peasey. I don't have to change a thing. This lets users set up their
> own private dialup configs in
> ~/.wvdialrc, and also use the global config in /etc/wvdial.conf. No
> problems, every one is happy, the sun shines, life is good. Any user who
> need dialup services merely needs to be put in the 'dialout' group, with no
> other changes.
>
> Then we come to CentOS, which is a Red hat clone. (cue ominous music).
>
> $ ls -l /dev/ttyS2
> crw-rw---- 1 root uucp 4, 64 Oct 14 00:31 /dev/ttyS2
>
> $ ls -l /usr/sbin/pppd
> -r-x-xr-x 1 root root 250996 Feb 21 2005 /usr/sbin/pppd
>
> $ ls -l `which wvdial`
> -rwxr-xr-x 1 root root 127636 Feb 21 2005 /usr/bin/wvdial
>
> $ ls -l `which wvdialconf`
> -rwxr-xr-x 1 root root 73912 Feb 21 2005 /usr/bin/wvdialconf
>
> To get wvdial and wvdialconf to work for unprivileged user I have to chmod
> 4755 (ooo suid, what a
> good idea :P.) Assigning groups doesn't matter- for example, changing the
> group ownsership of wvdial
> and wvdialconf to uucp, then adding human users to uucp still doesn't make
> them accessible. So with suid I can at least set up some private accounts
> in the user's homedir. But the users cannot access global accounts
> in /etc/wvdial.conf
>
> Nothing I do gets ordinary unprivileged users out of their homedirs- not
> suid on pppd, nor stuffing everone into the same groups- nothing. I get the
> same error: 'Cannot open device foo. Device or resource busy.'
>
> Yes, I'm sure I have the correct serial port- it works for the root user.
>
> All brilliant notions welcome.
>
> Please note I have googled a lot and found the same problem all over. One
> suggested solution was using an alias file containing USERCTL=yes.
> (http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-network
>scripts-interfaces.html) Tried that. Didn't work.
Hmm. This is a shot in the dark, but it might be an selinux thing. Try
disabling selinux. See /etc/sysconfig/selinux. You'll have to reboot for
the kernel to apply the new setting.
Terry
More information about the PLUG
mailing list