| View previous topic :: View next topic |
| Author |
Message |
dreamer3
Guru
Joined: 24 Sep 2002
Posts: 553
|
 Posted: Mon Mar 03, 2003 10:38 am Post subject: normal users can't use wvdial to dial-out |
 |
|
Ok, I'm trying to set it up so privleged members on my PC can dialup... but I can't seem to get it to work at all.
ls /dev/modem -l
| Quote: | | lr-xr-xr-x 1 root root 5 Mar 3 05:16 /dev/modem -> ttyS4 |
ls /dev/ttyS4 -l
| Quote: | | lr-xr-xr-x 1 root root 5 Mar 1 06:34 /dev/ttyS4 -> tts/4 |
ls /dev/tts/* -l
| Quote: | crw-rw---- 1 jgoebel tty 4, 64 Dec 31 1969 /dev/tts/0
crw-rw---- 1 jgoebel tty 4, 65 Dec 31 1969 /dev/tts/1
crw-r----- 1 jgoebel tty 4, 68 Mar 3 05:27 /dev/tts/4 |
wvdial (while not connected)
| Quote: | --> WvDial: Internet dialer version 1.53
--> Cannot open /dev/modem: Device or resource busy
--> Cannot open /dev/modem: Device or resource busy
--> Cannot open /dev/modem: Device or resource busy |
echo "test" > /dev/modem produces no error.
What am I missing here? I was logged in as jgoebel in all the above. |
|
| Back to top |
|
 |
tod
Developer
Joined: 17 Apr 2002
Posts: 136
Location: Ozarks, USA
|
| Posted: Tue Mar 04, 2003 5:10 pm Post subject: IIRC...here's what I did |
|
|
First, I added the appropriate users to the dialout group in /etc/group
Second, I twiddled /etc/devfsd.conf so that my modem serial port was created with owner.group: root.dialout
Third and the tricky part (and questionable part), you need to change the permission on the directory /var/lock so that wvdial can create the serial port lock (something like /var/lock/LCK..ttyS* as the user. This is questionable becasue the you need to open up the /var/lock directory which is probably bad security.
You also might need to check permissions on the executables (wvdial, ppp, etc) and the configuration directories (/etc/ppp and /etc/wvdial.conf) to make sure users of the dialout group can access them.
I am not at my gentoo box at the moment or I would be more explicit.
As a side note, the /var/lock regarding modems issue is something that
needs to be fixed in gentoo, but I'm not sure on the correct approach. May be specify a /var/modem_lock directory to seprate the modem lock file from the other LCK files.. |
|
| Back to top |
|
|
tod
Developer
Joined: 17 Apr 2002
Posts: 136
Location: Ozarks, USA
|
| Posted: Tue Mar 04, 2003 5:14 pm Post subject: Re: normal users can't use wvdial to dial-out |
|
|
| Quote: | --> WvDial: Internet dialer version 1.53
--> Cannot open /dev/modem: Device or resource busy
--> Cannot open /dev/modem: Device or resource busy
--> Cannot open /dev/modem: Device or resource busy |
[/quote]
By the way, I think these error messages are a result of not having acces to the /var/lock directory. wvdial tries to create a LCK file for the serial port and can't (because it doesn't have permission) and assumes that it can't becasue a lock file already exists. |
|
| Back to top |
|
|
dreamer3
Guru
Joined: 24 Sep 2002
Posts: 553
|
| Posted: Wed Mar 05, 2003 6:13 am Post subject: Re: IIRC...here's what I did |
|
|
| tod wrote: | | Third and the tricky part (and questionable part), you need to change the permission on the directory /var/lock so that wvdial can create the serial port lock (something like /var/lock/LCK..ttyS* as the user. This is questionable becasue the you need to open up the /var/lock directory which is probably bad security. |
Would it be better to just write connect and disconnect bash scripts and use sudo to call them with root permissions? |
|
| Back to top |
|
|
tod
Developer
Joined: 17 Apr 2002
Posts: 136
Location: Ozarks, USA
|
| Posted: Wed Mar 05, 2003 4:11 pm Post subject: Re: IIRC...here's what I did |
|
|
| dreamer3 wrote: |
Would it be better to just write connect and disconnect bash scripts and use sudo to call them with root permissions? |
Good question. Wvdial would then be running in the background as root, no? My method, wvdial is running as the user that started it. Although, wvdial calls pppd (which is suid root), iirc pppd is designed to drop root privileges after initial startup.
It's an interesting question and I admit I am not sure on the best way to go about it. The /var/lock directory is owned by root.uucp and I must confess my ignorance on what progs/daemons belong to or make use of the uucp group.
I personally like the idea of just adding a user to the dialout group to give them modem privileges. |
|
| Back to top |
|
|
dreamer3
Guru
Joined: 24 Sep 2002
Posts: 553
|
| Posted: Wed Mar 05, 2003 9:34 pm Post subject: Re: IIRC...here's what I did |
|
|
| tod wrote: | | I personally like the idea of just adding a user to the dialout group to give them modem privileges. |
Me too, but if weakens the overall security of my system I'd rather not... currently I just su to root and dialout every time I need to connect. |
|
| Back to top |
|
|
ventricle
Guru
Joined: 04 Apr 2003
Posts: 305
Location: UK/Australia
|
| Posted: Sat May 03, 2003 8:34 pm Post subject: |
|
|
Thought I would just confirm that the problem with
| Code: |
--> Cannot open /dev/modem: Device or resource busy
--> Cannot open /dev/modem: Device or resource busy
|
certainly is because of the /var/lock permissions. As soon as I allowed write permissions on this directory, a normal user was able to dial out OK.
_________________
[LRU] |
|
| Back to top |
|
|
|
Networking & Security
