Allow users to dial with wvdial
From ArchWiki
i18n |
---|
English |
Slovensky |
Русский |
There are a few different ways of giving regular users the ability to use wvdial to dial a ppp connection. This document describes three different ways, each of them differ in difficulty to set up and the implication on security.
This document assumes you have wvdial properly configured.
Using suid
This is arguable the easiest setup but has major impact on system security since it means that every user can run wvdial as root. Please consider using one of the other solutions instead.
As normal users can't use wvdial to dial a ppp conection by default, change permissions:
chmod u+s /usr/bin/wvdial
You should see the following permissions:
ls -l /usr/bin/wvdial -rwsr-xr-x 1 root root 114368 2005-12-07 19:21 /usr/bin/wvdial
Using a dialout group
Another, slightly more secure way is to set up a group called dialout (call the group as prefered) and give members of this group permission to run wvdial as root.
First create the group and add the users to it:
# groupadd dialout # gpasswd -a username dialout
Then set the group and adjust the permissions on wvdial:
# chgrp dialout /usr/bin/wvdial # chmod u+s,o= /usr/bin/wvdial
The files should have the following permissions:
-rwsr-x--- 1 root dialout 114368 2005-12-07 19:21 /usr/bin/wvdial
Using sudo
- See main article: sudo
sudo arguably offers the most secure option to allow regular users to establish dial-up connections using wvdial. It can be used to give permission both on a per-user and group basis. Another benefit of using sudo is that it is only needed to do the setup once; both previous solutions will be "undone" when a new package of wvdial is installed.
Use visudo to edit the file /etc/sudoers:
# visudo
To give a specific user permission to run wvdial as root, add the following line (changing the username):
username localhost = /usr/bin/wvdial
To give all members of a group (dialout in this case) the same permission:
%dialout localhost = /usr/bin/wvdial