Jacques, I believe Joshua answered WHY the issue rises when he stated the following: "Wvdial can't hand over to pppd as a normal user. You need to run wvdial as root or with sudo." I was trying to determine if the solution of allowing only members of the dip group to dial-out was a feasible workaround to the security issue you raised in your reply. (Please note that my Ubuntu 8.04.4 LTS upgraded from Ubuntu 6.06 LTS was pre-setup in this manner). I guess that even though the dip group reduces the number of users having access to the Internet via dial-up, it still employs the use of setuid on pppd; thus, is still a security issue due to pppd being executed with the rights of root via setuid. Regards, Ken On Fri, 2010-03-26 at 08:05 +0300, Jacques Goldberg wrote: > Sure, Keneth, but may I suggest to always quote WHY the issue rises in > addition to how to "solve" it? > A major security risk of a remote hacker penetrating the system if > wvdial/ppp is not running as super-user. > > Jacques > > eneth W Jones wrote: > > Joshua, > > > > To resolve the issue of running /usr/sbin/pppd (via wvdial or Gnome PPP) > > as a non-sudo/regular user...is there anything wrong with doing the > > following: > > > > First, > > > > Check to see if the group called dip exists on your system: > > > > $ cat /etc/group | grep "dip" > > dip:x:30:hjones > > > > Per the above, the dip group exists on my system, and my USERNAME hjones > > is a member of this group. > > > > If the dip group exists, but your USERNAME is not included in the dip > > group run the following command: > > > > $ sudo gpasswd -a USERNAME dip > > > > > > However; more than likely you will need to create the dip group, and add > > your USERNAME to the dip group. So... > > > > Second, > > > > $ sudo groupadd -g 30 dip > > $ sudo gpasswd -a USERNAME dip > > > > As a result, the file /etc/group will be updated with a line; e.g., > > > > dip:x:30:<USERNAME> > > > > Third, > > > > Set the group and permissions on /usr/sbin/pppd file so that any member > > of the dip group can execute /usr/sbin/pppd. > > > > $ sudo chgrp dip /usr/sbin/pppd > > $ sudo chmod u+s,o= /usr/sbin/pppd > > > > ..... > > > > Nick, FYI the wvdial program uses the /etc/wvdial.conf for its > > configuration setting file which you already know. > > > > However, you may not know that Gnome PPP (the graphical front-end for > > wvdial) uses a separate /home/USERNAME/.wvdial.conf for its > > configuration setting file. > > > > So, if you're using Gnome PPP you need to be looking at .wvdial.conf in > > your home directory (BTW: the dot before wvdial.conf means the file is > > hidden in case you didn't know) to see what settings are in effect for > > pppd. > > > > On Thu, 2010-03-25 at 09:20 +1100, Joshua Gordon Crawford wrote: > > > >> On 25 March 2010 09:16, Nick <soapduk@xxxxxxxxx> wrote: > >> > >>> Hi Joshua and list, > >>> > >>> I feel a little silly right about now, but also optimistic at the same time... > >>> > >>> You see, I was just reading a Ubuntu forum about the carrier check > >>> issue and there someone asked if certain settings were on/off in > >>> Gnome-PPP. Since I was using PPP I decided to have a look for such > >>> settings, and there I saw the Carrier Check box ticked, even though I > >>> had set it to off in wvdial.conf. Obviously PPP was overriding or > >>> bypassing that option in wvdial. This is my mistake and I should have > >>> mentioned I was using PPP. > >>> > >>> This is what now happens when I dial-up: > >>> > >>> --> WvDial: Internet dialer version 1.60 > >>> --> Initializing modem. > >>> --> Sending: ATZ > >>> ATZ > >>> OK > >>> --> Sending: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 > >>> ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 > >>> OK > >>> --> Modem initialized. > >>> --> Sending: ATM1L3DT086700006 > >>> --> Waiting for carrier. > >>> ATM1L3DT086700006 > >>> CONNECT 50666 V44 > >>> --> Carrier detected. Waiting for prompt. > >>> ** Lucent APX Terminal Server ** > >>> Login: > >>> --> Carrier detected. Starting PPP immediately. > >>> --> Unable to run /usr/sbin/pppd. > >>> --> Check permissions, or specify a "PPPD Path" option in wvdial.conf. > >>> > >> Wvdial can't hand over to pppd as a normal user. You need to run > >> wvdial as root or with sudo. > >> > >> > >>> ** Lucent APX Terminal Server ** > >>> Login: Idle Timeout--> Looks like a login prompt. > >>> --> Sending: USERNAME > >>> USERNAME > >>> Password: > >>> --> Looks like a password prompt. > >>> --> Sending: (password) > >>> L2TP: Starting session > >>> Primary server '203.97.60.34' > >>> ~[7f]}#@!}!}!} }8}"}&} }*} } }#}$@#}%}&i[12]>P}'}"}(}"Ck~ > >>> --> PPP negotiation detected. > >>> --> Unable to run /usr/sbin/pppd. > >>> --> Check permissions, or specify a "PPPD Path" option in wvdial.conf. > >>> ~[7f]}#@!}!}"} }8}"}&} }*} } }#}$@#}%}&i[12]>P}'}"}(}" y~ > >>> > >>> And then it keeps repeating those bottom 4 lines over and over. > >>> > >>> If I try stupid mode it or a combination of the two it only says this: > >>> > >>> --> WvDial: Internet dialer version 1.60 > >>> --> Initializing modem. > >>> --> Sending: ATZ > >>> ATZ > >>> OK > >>> --> Sending: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 > >>> ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 > >>> OK > >>> --> Modem initialized. > >>> --> Sending: ATM1L3DT086700006 > >>> --> Waiting for carrier. > >>> ATM1L3DT086700006 > >>> CONNECT 50666 V44 > >>> --> Carrier detected. Starting PPP immediately. > >>> --> Unable to run /usr/sbin/pppd. > >>> --> Check permissions, or specify a "PPPD Path" option in wvdial.conf. > >>> ** Lucent APX Terminal Server ** > >>> Login: Idle Timeout > >>> > >>> As for noise the phone line sounds crystal clear. I tried pulling out > >>> the ADSL from the phone line but it's the same result. > >>> > >>> I don't know what a PPPD Path option is. If anyone has any clues as to > >>> whereabouts to go from here I would be grateful. > >>> > >> Looks good from here on. Just the permissions issue with pppd. > >> > >> > >>> Regards > >>> > >>> Nick > >>> > >>> On Wed, Mar 24, 2010 at 16:26, Joshua Gordon Crawford > >>> <jgcrawford@xxxxxxxxx> wrote: > >>> > >>>> On 23 March 2010 06:53, Nick <soapduk@xxxxxxxxx> wrote: > >>>> > >>>>> Hi Joshua, > >>>>> > >>>>> Sorry for my late reply, > >>>>> > >>>>> On Fri, Mar 19, 2010 at 00:16, Joshua Gordon Crawford > >>>>> <jgcrawford@xxxxxxxxx> wrote: > >>>>> > >>>>>> It seems at this point that the driver is working correctly, and we're > >>>>>> left with a line quality issue. > >>>>>> > >>>>>> When you use the phone on that line, does it sound noisy (crackly, > >>>>>> windy, etc)? Are there other phones or devices connected to the line, > >>>>>> in other rooms, etc? Can you test with a different line, e.g. at a > >>>>>> friend's house? > >>>>>> > >>>>>> Is the modem new or used? I had to replace a modem a few years back > >>>>>> because _it_ had become noisy and couldn't hold the carrier. > >>>>>> > >>>>> The modem isn't new, but it would have been new when this computer was > >>>>> purchased. Is there a way to find out if this one has become noisy? > >>>>> > >>>> You might be able to hear it when the modem dials. > >>>> > >>>> > >>>>> No the line doesn't sound noisy. I had my ADSL and another phone > >>>>> plugged into the same jack, which I have now removed, but I'm still > >>>>> getting the errors. In fact, I've just removed all the devices in the > >>>>> house connected. Actually there is an alarm here that connects to the > >>>>> phone line - don't know if that affects it, or how to disconnect it. I > >>>>> haven't tried a friend's house but will see if I can do that. > >>>>> > >>>> Any other device on the line could be causing some noise. I don't know > >>>> how ADSL filtering might affect 56k modems. > >>>> > >>>> > >>>>> it looks as though there is another error here, the Login x3 and > >>>>> Password Idle Timeout: > >>>>> > >>>>> ATM1L3DT086700006 > >>>>> CONNECT 50666 V44 > >>>>> --> Carrier detected. Waiting for prompt. > >>>>> --> Connected, but carrier signal lost! Retrying... > >>>>> --> Sending: ATM1L3DT086700006 > >>>>> --> Waiting for carrier. > >>>>> ** Lucent APX Terminal Server ** > >>>>> Login: > >>>>> Login: > >>>>> Login: > >>>>> Login: ATM1L3DT086700006 > >>>>> Password: Idle Timeout > >>>>> --> Timed out while dialing. Trying again. > >>>>> --> Sending: ATM1L3DT086700006 > >>>>> --> Waiting for carrier. > >>>>> NO CARRIER > >>>>> ATM1L3DT086700006 > >>>>> --> No Carrier! Trying again. > >>>>> --> Sending: ATM1L3DT086700006 > >>>>> --> Waiting for carrier. > >>>>> NO CARRIER > >>>>> ATM1L3DT086700006 > >>>>> --> No Carrier! Trying again. > >>>>> --> Maximum Attempts Exceeded..Aborting!! > >>>>> --> Disconnecting at Tue Mar 23 08:39:03 2010 > >>>>> > >>>>> or does that relate to the existing 'No Carrier' problem? > >>>>> > >>>> Yes. Wvdial tries to dial again when the ISP is waiting for a > >>>> password. The "Carrier Check = No" option is supposed to handle that. > >>>> > >>>> If you can, test the modem in Windows and see what its log says. > >>>> > >>>> > >>>>>>> A slightly off-topic question: I note that the modem wasn't detected > >>>>>>> when I rebooted just now. Is it advisable to run wvdialconf as a > >>>>>>> startup 'script'? > >>>>>>> > >>>>>> The driver needs to be loaded after each reboot, and the symlink > >>>>>> created. For now you can do that manually by running agrsm-test, but > >>>>>> later it can be automated. > >>>>>> > >>>>>> Quoting agrsm_howto.txt (in the source directory): > >>>>>> > >>>>>> Automation - Do NOT do this until full functionality of the modem is > >>>>>> achieved, or testing the issues will be confused. The following SINGLE LINE > >>>>>> can be added (depending upon your Linux distro) to /etc/modprobe.conf or > >>>>>> (Debian/Ubuntu) a file with folder /etc/modprobe.d/, perhaps > >>>>>> /etc/modprobe.d/agrsm.conf > >>>>>> > >>>>>> install agrserial modprobe --ignore-install agrmodem ; modprobe > >>>>>> --ignore-install agrserial ; test -e /dev/ttyAGS3 ; ln -s /dev/ttyAGS3 > >>>>>> /dev/ttySAGR ; ln -s /dev/ttyAGS3 /dev/modem > >>>>>> > >>>>>> <end quote> > >>>>>> > >>>>>> The howto then implies you need to modprobe agrserial manually each > >>>>>> time you boot, but that can also be done automatically, by adding > >>>>>> agrserial to /etc/modules. > >>>>>> > >>>>> OK, thanks. > >>>>> > >>>>> Nick > >>>>> > >>>>> > >>>>>> -- > >>>>>> Joshua Crawford ... http://geocities.com/mortarn > >>>>>> > >>>>>> http://www.rewardscentral.com.au/Join/Default.aspx?refer=mortarn > >>>>>> Be rewarded! Join RewardsCentral today! > >>>>>> > >>>>>> > >>>> > >>>> -- > >>>> Joshua Crawford ... http://geocities.com/mortarn > >>>> > >>>> http://www.rewardscentral.com.au/Join/Default.aspx?refer=mortarn > >>>> Be rewarded! Join RewardsCentral today! > >>>> > >> > >> > > > > > >
