Difference between revisions of "Wvdial"

From ArchWiki
Jump to: navigation, search
(Using <tt>sudo</tt>)
(remove merge template)
Line 1: Line 1:
 
[[Category:Networking (English)]]
 
[[Category:Networking (English)]]
 
[[Category:HOWTOs (English)]]
 
[[Category:HOWTOs (English)]]
 
 
{{i18n_links_start}}
 
{{i18n_links_start}}
 
{{i18n_entry|English|Allow users to dial with wvdial}}
 
{{i18n_entry|English|Allow users to dial with wvdial}}
Line 7: Line 6:
 
{{i18n_entry|Русский|Wvdial от пользователя}}
 
{{i18n_entry|Русский|Wvdial от пользователя}}
 
{{i18n_links_end}}
 
{{i18n_links_end}}
 +
There are a few different ways of giving regular users the ability to use '''wvdial''' to dial a ppp connection. This document describes three different ways, each of them differ in difficulty to set up and the implication on security.
  
There are a few different ways of giving regular users the ability to use <tt>wvdial</tt> to dial a ppp connection. This document describes three different ways, each of them differ in difficulty to set up and the implication on security.
+
This document assumes you have {{codeline|wvdial}} properly configured.
 
+
This document assumes you have <tt>wvdial</tt> properly configured. All the configuration below must be done as <tt>root</tt>.
+
 
+
==Using <tt>suid</tt>==
+
  
 +
==Using suid==
 
This is arguable the easiest setup but has major impact on system security since it means that ''every user can run wvdial as root''. Please consider using one of the other solutions instead.
 
This is arguable the easiest setup but has major impact on system security since it means that ''every user can run wvdial as root''. Please consider using one of the other solutions instead.
  
As normal users can't use wvdial to dial a ppp conection by default, you need to change permissions:
+
As normal users can't use wvdial to dial a ppp conection by default, change permissions:
 
+
 
  chmod u+s /usr/bin/wvdial
 
  chmod u+s /usr/bin/wvdial
  
 
You should see the following permissions:
 
You should see the following permissions:
 
 
  ls -l /usr/bin/wvdial
 
  ls -l /usr/bin/wvdial
 
  -rwsr-xr-x  1 root root 114368 2005-12-07 19:21 /usr/bin/wvdial
 
  -rwsr-xr-x  1 root root 114368 2005-12-07 19:21 /usr/bin/wvdial
  
==Using a <tt>dialout</tt> group==
+
==Using a dialout group==
 
+
Another, slightly more secure way is to set up a group called '''dialout''' (call the group as prefered) and give members of this group permission to run {{codeline|wvdial}} as root.
Another, slightly more secure way is to set up a group called <tt>dialout</tt> (you can call the group anything you want really) and give members of this group permission to run <tt>wvdial</tt> as root.
+
  
 
First create the group and add the users to it:
 
First create the group and add the users to it:
 +
# groupadd dialout
 +
# gpasswd -a username dialout
  
  groupadd dialout
+
Then set the group and adjust the permissions on {{codeline|wvdial}}:
  gpasswd -a myuser dialout
+
  # chgrp dialout /usr/bin/wvdial
 +
  # chmod u+s,o= /usr/bin/wvdial
  
Then set the group and adjust the permissions on <tt>wvdial</tt>:
+
The files should have the following permissions:
 
+
{{command=ls -l /usr/bin/wvdial|output=
chgrp dialout /usr/bin/wvdial
+
chmod u+s,o= /usr/bin/wvdial
+
 
+
You should see the following permissions:
+
 
+
ls -l /usr/bin/wvdial
+
 
  -rwsr-x---  1 root dialout 114368 2005-12-07 19:21 /usr/bin/wvdial
 
  -rwsr-x---  1 root dialout 114368 2005-12-07 19:21 /usr/bin/wvdial
 +
}}
  
{{merge|Sudo|Talk:THIS PAGE#Merger proposal|{{subst:DATE}}}}
+
==Using sudo==
==Using <tt>sudo</tt>==
+
:''See main article: [[sudo]]''
 
+
[[sudo]] arguably offers the most secure option to allow regular users to establish dial-up connections using {{codeline|wvdial}}. It can be used to give permission both on a per-user and group basis. Another benefit of using {{codeline|sudo}} is that it is only needed to do the setup once; both previous solutions will be "undone" when a new package of {{codeline|wvdial}} is installed.
<tt>sudo</tt> arguably offers the most secure option to allow regular users to establish dial-up connections using <tt>wvdial</tt>. It can be used to give permission both on a per-user and group basis. Another benefit of using <tt>sudo</tt> is that you only need to do the setup once, both previous solutions will be "undone" when a new package of <tt>wvdial</tt> is installed.
+
 
+
This document will not dive into all that <tt>sudo</tt> has to offer, please refer to its man-pages (<tt>sudo</tt>, <tt>sudoers</tt>, <tt>visudo</tt>) for that.
+
 
+
Use <tt>visudo</tt> to edit the file <tt>/etc/sudoers</tt>:
+
 
+
visudo
+
 
+
To give a specific user permission to run <tt>wvdial</tt> as root add the following line (changing the user name of course):
+
  
myuser localhost = /usr/bin/wvdial
+
Use {{codeline|visudo}} to edit the file {{filename|/etc/sudoers}}:
 +
# visudo
  
To give all members of a group (<tt>dialout</tt>) the same permission:
+
To give a specific user permission to run {{codeline|wvdial}} as root, add the following line (changing the username):
 +
username localhost = /usr/bin/wvdial
  
 +
To give all members of a group ({{codeline|dialout}} in this case) the same permission:
 
  %dialout localhost = /usr/bin/wvdial
 
  %dialout localhost = /usr/bin/wvdial

Revision as of 13:55, 9 December 2009

Template:I18n links start Template:I18n entry Template:I18n entry Template:I18n entry Template:I18n links end There are a few different ways of giving regular users the ability to use wvdial to dial a ppp connection. This document describes three different ways, each of them differ in difficulty to set up and the implication on security.

This document assumes you have Template:Codeline properly configured.

Using suid

This is arguable the easiest setup but has major impact on system security since it means that every user can run wvdial as root. Please consider using one of the other solutions instead.

As normal users can't use wvdial to dial a ppp conection by default, change permissions:

chmod u+s /usr/bin/wvdial

You should see the following permissions:

ls -l /usr/bin/wvdial
-rwsr-xr-x  1 root root 114368 2005-12-07 19:21 /usr/bin/wvdial

Using a dialout group

Another, slightly more secure way is to set up a group called dialout (call the group as prefered) and give members of this group permission to run Template:Codeline as root.

First create the group and add the users to it:

# groupadd dialout
# gpasswd -a username dialout

Then set the group and adjust the permissions on Template:Codeline:

# chgrp dialout /usr/bin/wvdial
# chmod u+s,o= /usr/bin/wvdial

The files should have the following permissions: Template:Command=ls -l /usr/bin/wvdial

Using sudo

See main article: sudo

sudo arguably offers the most secure option to allow regular users to establish dial-up connections using Template:Codeline. It can be used to give permission both on a per-user and group basis. Another benefit of using Template:Codeline is that it is only needed to do the setup once; both previous solutions will be "undone" when a new package of Template:Codeline is installed.

Use Template:Codeline to edit the file Template:Filename:

# visudo

To give a specific user permission to run Template:Codeline as root, add the following line (changing the username):

username localhost = /usr/bin/wvdial

To give all members of a group (Template:Codeline in this case) the same permission:

%dialout localhost = /usr/bin/wvdial