Difference between revisions of "Wvdial"

From ArchWiki
Jump to: navigation, search
(Merged this page with "Dial as a user with WvDial")
(Major re-write. The previous page wasn't entirely correct (it contained extre unnecessary steps) and it only offered one solution.)
Line 1: Line 1:
 
[[Category:Network]]
 
[[Category:Network]]
As normal users can't use wvdial to dial a ppp conection by default, you need to change some permissions:
 
  
chmod +s /usr/bin/wvdial
+
There are a few different ways of giving regular users the ability to use <tt>wvdial</tt> to dial a ppp connection. This document describes three different ways, each of them differ in difficulty to set up and the implication on security.
chmod +xs /usr/sbin/pppd
+
  
Also make sure that the following files are '''readable by user:'''
+
This document assumes you have <tt>wvdial</tt> properly configured. All the configuration below must be done as <tt>root</tt>.
  
/etc/resolv.conf
+
==Using <tt>suid</tt>==
/etc/ppp/options
+
/etc/ppp/resolv.conf
+
/etc/ppp/peers/wvdial
+
  
For example to set /etc/resolv.conf readable to all users:
+
This is arguable the easiest setup but has major impact on system security since it means that ''every user can run wvdial as root''. Please consider using one of the other solutions instead.
  
chmod a+r /etc/resolv.conf
+
As normal users can't use wvdial to dial a ppp conection by default, you need to change permissions:
  
-----
+
chmod u+s /usr/bin/wvdial
  
Another way to do this, in a more controlled enviroment is to set up a group called <tt>dial</tt> or <tt>dialout</tt> and give this group the above permissions and set the above files with this group(s).
+
You should see the following permissions:
  
If you can't access the Internet through your dialed connection as user, backup your <tt>/etc/resolv.conf</tt> and make it a symlink to <tt>/etc/ppp/resolv.conf</tt>.
+
ls -l /usr/bin/wvdial
 +
-rwsr-xr-x  1 root root 114368 2005-12-07 19:21 /usr/bin/wvdial
 +
 
 +
==Using a <tt>dialout</tt> group==
 +
 
 +
Another, slightly more secure way is to set up a group called <tt>dialout</tt> (you can call the group anything you want really) and give members of this group permission to run <tt>wvdial</tt> as root.
 +
 
 +
First create the group and add the users to it:
 +
 
 +
groupadd dialout
 +
gpasswd -a myuser dialout
 +
 
 +
Then set the group and adjust the permissions on <tt>wvdial</tt>:
 +
 
 +
chgrp dialout /usr/bin/wvdial
 +
chmod u+s,o= /usr/bin/wvdial
 +
 
 +
You should see the following permissions:
 +
 
 +
ls -l /usr/bin/wvdial
 +
-rwsr-x---  1 root dialout 114368 2005-12-07 19:21 /usr/bin/wvdial
 +
 
 +
==Using <tt>sudo</tt>==
 +
 
 +
<tt>sudo</tt> arguably offers the most secure option to allow regular users to establish dial-up connections using <tt>wvdial</tt>. It can be used to give permission both on a per-user and group basis. Another benefit of using <tt>sudo</tt> is that you only need to do the setup once, both previous solutions will be "undone" when a new package of <tt>wvdial</tt> is installed.
 +
 
 +
This document will not dive into all that <tt>sudo</tt> has to offer, please refer to its man-pages (<tt>sudo</tt>, <tt>sudoers</tt>, <tt>visudo</tt>) for that.
 +
 
 +
Use <tt>visudo</tt> to edit the file <tt>/etc/sudoers</tt>:
 +
 
 +
visudo
 +
 
 +
To give a specific user permission to run <tt>wvdial</tt> as root add the following line (changing the user name of course):
 +
 
 +
myuser localhost = /usr/bin/wvdial
 +
 
 +
To give all members of a group (<tt>dialout</tt>) the same permission:
 +
 
 +
%dialout localhost = /usr/bin/wvdial

Revision as of 09:10, 8 December 2005


There are a few different ways of giving regular users the ability to use wvdial to dial a ppp connection. This document describes three different ways, each of them differ in difficulty to set up and the implication on security.

This document assumes you have wvdial properly configured. All the configuration below must be done as root.

Using suid

This is arguable the easiest setup but has major impact on system security since it means that every user can run wvdial as root. Please consider using one of the other solutions instead.

As normal users can't use wvdial to dial a ppp conection by default, you need to change permissions:

chmod u+s /usr/bin/wvdial

You should see the following permissions:

ls -l /usr/bin/wvdial
-rwsr-xr-x  1 root root 114368 2005-12-07 19:21 /usr/bin/wvdial

Using a dialout group

Another, slightly more secure way is to set up a group called dialout (you can call the group anything you want really) and give members of this group permission to run wvdial as root.

First create the group and add the users to it:

groupadd dialout
gpasswd -a myuser dialout

Then set the group and adjust the permissions on wvdial:

chgrp dialout /usr/bin/wvdial
chmod u+s,o= /usr/bin/wvdial

You should see the following permissions:

ls -l /usr/bin/wvdial
-rwsr-x---  1 root dialout 114368 2005-12-07 19:21 /usr/bin/wvdial

Using sudo

sudo arguably offers the most secure option to allow regular users to establish dial-up connections using wvdial. It can be used to give permission both on a per-user and group basis. Another benefit of using sudo is that you only need to do the setup once, both previous solutions will be "undone" when a new package of wvdial is installed.

This document will not dive into all that sudo has to offer, please refer to its man-pages (sudo, sudoers, visudo) for that.

Use visudo to edit the file /etc/sudoers:

visudo

To give a specific user permission to run wvdial as root add the following line (changing the user name of course):

myuser localhost = /usr/bin/wvdial

To give all members of a group (dialout) the same permission:

%dialout localhost = /usr/bin/wvdial