Allow users to dial with wvdial

From ArchWiki

Jump to: navigation, search
i18n
English
Slovensky
Русский

There are a few different ways of giving regular users the ability to use wvdial to dial a ppp connection. This document describes three different ways, each of them differ in difficulty to set up and the implication on security.

This document assumes you have wvdial properly configured.

Using suid

This is arguable the easiest setup but has major impact on system security since it means that every user can run wvdial as root. Please consider using one of the other solutions instead.

As normal users can't use wvdial to dial a ppp conection by default, change permissions:

chmod u+s /usr/bin/wvdial

You should see the following permissions:

ls -l /usr/bin/wvdial
-rwsr-xr-x  1 root root 114368 2005-12-07 19:21 /usr/bin/wvdial

Using a dialout group

Another, slightly more secure way is to set up a group called dialout (call the group as prefered) and give members of this group permission to run wvdial as root.

First create the group and add the users to it:

# groupadd dialout
# gpasswd -a username dialout

Then set the group and adjust the permissions on wvdial:

# chgrp dialout /usr/bin/wvdial
# chmod u+s,o= /usr/bin/wvdial

The files should have the following permissions:

Command: ls -l /usr/bin/wvdial
-rwsr-x---  1 root dialout 114368 2005-12-07 19:21 /usr/bin/wvdial

Using sudo

See main article: sudo

sudo arguably offers the most secure option to allow regular users to establish dial-up connections using wvdial. It can be used to give permission both on a per-user and group basis. Another benefit of using sudo is that it is only needed to do the setup once; both previous solutions will be "undone" when a new package of wvdial is installed.

Use visudo to edit the file /etc/sudoers:

# visudo

To give a specific user permission to run wvdial as root, add the following line (changing the username):

username localhost = /usr/bin/wvdial

To give all members of a group (dialout in this case) the same permission:

%dialout localhost = /usr/bin/wvdial
Personal tools