From ArchWiki
Revision as of 09:10, 8 December 2005 by Magus (talk | contribs) (Major re-write. The previous page wasn't entirely correct (it contained extre unnecessary steps) and it only offered one solution.)
Jump to navigation Jump to search

There are a few different ways of giving regular users the ability to use wvdial to dial a ppp connection. This document describes three different ways, each of them differ in difficulty to set up and the implication on security.

This document assumes you have wvdial properly configured. All the configuration below must be done as root.

Using suid

This is arguable the easiest setup but has major impact on system security since it means that every user can run wvdial as root. Please consider using one of the other solutions instead.

As normal users can't use wvdial to dial a ppp conection by default, you need to change permissions:

chmod u+s /usr/bin/wvdial

You should see the following permissions:

ls -l /usr/bin/wvdial
-rwsr-xr-x  1 root root 114368 2005-12-07 19:21 /usr/bin/wvdial

Using a dialout group

Another, slightly more secure way is to set up a group called dialout (you can call the group anything you want really) and give members of this group permission to run wvdial as root.

First create the group and add the users to it:

groupadd dialout
gpasswd -a myuser dialout

Then set the group and adjust the permissions on wvdial:

chgrp dialout /usr/bin/wvdial
chmod u+s,o= /usr/bin/wvdial

You should see the following permissions:

ls -l /usr/bin/wvdial
-rwsr-x---  1 root dialout 114368 2005-12-07 19:21 /usr/bin/wvdial

Using sudo

sudo arguably offers the most secure option to allow regular users to establish dial-up connections using wvdial. It can be used to give permission both on a per-user and group basis. Another benefit of using sudo is that you only need to do the setup once, both previous solutions will be "undone" when a new package of wvdial is installed.

This document will not dive into all that sudo has to offer, please refer to its man-pages (sudo, sudoers, visudo) for that.

Use visudo to edit the file /etc/sudoers:


To give a specific user permission to run wvdial as root add the following line (changing the user name of course):

myuser localhost = /usr/bin/wvdial

To give all members of a group (dialout) the same permission:

%dialout localhost = /usr/bin/wvdial