Wvdial
There are a few different ways of giving regular users the ability to use wvdial to dial a ppp connection. This document describes three different ways, each of them differ in difficulty to set up and the implication on security.
This document assumes you have wvdial properly configured. All the configuration below must be done as root.
Using suid
This is arguable the easiest setup but has major impact on system security since it means that every user can run wvdial as root. Please consider using one of the other solutions instead.
As normal users can't use wvdial to dial a ppp conection by default, you need to change permissions:
chmod u+s /usr/bin/wvdial
You should see the following permissions:
ls -l /usr/bin/wvdial -rwsr-xr-x 1 root root 114368 2005-12-07 19:21 /usr/bin/wvdial
Using a dialout group
Another, slightly more secure way is to set up a group called dialout (you can call the group anything you want really) and give members of this group permission to run wvdial as root.
First create the group and add the users to it:
groupadd dialout gpasswd -a myuser dialout
Then set the group and adjust the permissions on wvdial:
chgrp dialout /usr/bin/wvdial chmod u+s,o= /usr/bin/wvdial
You should see the following permissions:
ls -l /usr/bin/wvdial -rwsr-x--- 1 root dialout 114368 2005-12-07 19:21 /usr/bin/wvdial
Using sudo
sudo arguably offers the most secure option to allow regular users to establish dial-up connections using wvdial. It can be used to give permission both on a per-user and group basis. Another benefit of using sudo is that you only need to do the setup once, both previous solutions will be "undone" when a new package of wvdial is installed.
This document will not dive into all that sudo has to offer, please refer to its man-pages (sudo, sudoers, visudo) for that.
Use visudo to edit the file /etc/sudoers:
visudo
To give a specific user permission to run wvdial as root add the following line (changing the user name of course):
myuser localhost = /usr/bin/wvdial
To give all members of a group (dialout) the same permission:
%dialout localhost = /usr/bin/wvdial