# normal users can't use wvdial to dial-out

## dreamer3

Ok, I'm trying to set it up so privleged members on my PC can dialup... but I can't seem to get it to work at all.

ls /dev/modem -l

 *Quote:*   

> lr-xr-xr-x    1 root     root            5 Mar  3 05:16 /dev/modem -> ttyS4

 

ls /dev/ttyS4 -l

 *Quote:*   

> lr-xr-xr-x    1 root     root            5 Mar  1 06:34 /dev/ttyS4 -> tts/4

 

ls /dev/tts/* -l

 *Quote:*   

> crw-rw----    1 jgoebel  tty        4,  64 Dec 31  1969 /dev/tts/0
> 
> crw-rw----    1 jgoebel  tty        4,  65 Dec 31  1969 /dev/tts/1
> 
> crw-r-----    1 jgoebel  tty        4,  68 Mar  3 05:27 /dev/tts/4

 

wvdial (while not connected)

 *Quote:*   

> --> WvDial: Internet dialer version 1.53
> 
> --> Cannot open /dev/modem: Device or resource busy
> 
> --> Cannot open /dev/modem: Device or resource busy
> ...

 

echo "test" > /dev/modem produces no error.

What am I missing here?  I was logged in as jgoebel in all the above.

----------

## tod

First, I added the appropriate users to the dialout group in /etc/group

Second, I twiddled /etc/devfsd.conf so that my modem serial port was created with owner.group: root.dialout

Third and the tricky part (and questionable part), you need to change the permission on the directory /var/lock so that  wvdial can create the serial port lock (something like /var/lock/LCK..ttyS* as the user.  This is questionable becasue the you need to open up the /var/lock directory which is probably bad security.  

You also might need to check permissions on the executables (wvdial, ppp, etc) and the configuration directories (/etc/ppp and /etc/wvdial.conf) to make sure users of the dialout group can access them.

I am not at my gentoo box at the moment or I would be more explicit.

As a side note,  the /var/lock regarding modems issue is something that

 needs to be fixed in gentoo, but I'm not sure on the correct approach. May be specify a /var/modem_lock directory to seprate the modem lock file from the other LCK files..

----------

## tod

 *Quote:*   

> --> WvDial: Internet dialer version 1.53
> 
> --> Cannot open /dev/modem: Device or resource busy
> 
> --> Cannot open /dev/modem: Device or resource busy
> ...

 

[/quote]

By the way, I think these error messages are a result of not having acces to the /var/lock directory.  wvdial tries to create a LCK file for the serial port and can't (because it doesn't have permission) and assumes that it can't becasue a lock file already exists.

----------

## dreamer3

 *tod wrote:*   

> Third and the tricky part (and questionable part), you need to change the permission on the directory /var/lock so that  wvdial can create the serial port lock (something like /var/lock/LCK..ttyS* as the user.  This is questionable becasue the you need to open up the /var/lock directory which is probably bad security.

 

Would it be better to just write connect and disconnect bash scripts and use sudo to call them with root permissions?

----------

## tod

 *dreamer3 wrote:*   

> 
> 
> Would it be better to just write connect and disconnect bash scripts and use sudo to call them with root permissions?

 

Good question.  Wvdial would then be running in the background as root, no?  My method, wvdial is running as the user that started it.  Although, wvdial calls pppd (which is suid root),  iirc pppd is designed to drop root privileges after initial startup.

It's an interesting question and I admit I am not sure on the best way to go about it.  The /var/lock directory is owned by root.uucp and I must confess my ignorance on what progs/daemons belong to or make use of the uucp group.

I personally like the idea of just adding a user to the dialout group to give them modem privileges.

----------

## dreamer3

 *tod wrote:*   

> I personally like the idea of just adding a user to the dialout group to give them modem privileges.

 

Me too, but if weakens the overall security of my system I'd rather not... currently I just su to root and dialout every time I need to connect.

----------

## ventricle

Thought I would just confirm that the problem with 

```

--> Cannot open /dev/modem: Device or resource busy

--> Cannot open /dev/modem: Device or resource busy

```

certainly is because of the /var/lock permissions. As soon as I allowed write permissions on this directory, a normal user was able to dial out OK.

----------

