LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices



Reply
 
Search this Thread
Old 11-14-2005, 02:57 PM   #1
jojotx0
Member
 
Registered: Mar 2004
Distribution: Debian Lenny
Posts: 181

Rep: Reputation: 30
allowing single user to use modem


I have 3 users on my system, root, guest, and my main user account.

Normally when I get online I run gnome-ppp as root using gksu, I want anyone that uses the guest account to be able to get online, with out using the root account, I know this is possible by giving the guest account root priveliges...which I don't want to do.

Does anyone know how I can do this?
 
Old 11-14-2005, 03:20 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
what's normally done to do things like this is to have multiple groups to conrol various piece of hardware. in this case, i'd suggest making a "modem" group, and simply add this nobody account to it. then make the /dev/ entry for the device be owned by that group. this may be done by default on debian, i don't know, but other distro's now commonly use groups like "sound", "cdrom" etc... to provide hardware rights. if you are on udev, then it would be through the finetuning of your udev rules that each device on creation would be assign to the right group.
 
Old 11-14-2005, 03:21 PM   #3
julz_51
Member
 
Registered: Mar 2005
Location: France
Distribution: Gentoo, Debian, FC4
Posts: 40

Rep: Reputation: 15
I would try this (not sure it works though) :
Create a group "modem"
Change the group of your modem to "modem" in /dev/
Add guest to the group modem

Guest will have the right to r/w on your modem, but that may not be enough.
 
Old 11-14-2005, 04:49 PM   #4
jojotx0
Member
 
Registered: Mar 2004
Distribution: Debian Lenny
Posts: 181

Original Poster
Rep: Reputation: 30
I have created the group "modem" and added the guest account to the group, but I can't figure out how to add /dev/modem to the group, how do I do this?
 
Old 11-14-2005, 05:01 PM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
like i said it depends what /dev/ system you're running. either through editing udev rules, e.g. /etc/udev/rules/5-udev.rules or just initially try chgrp-ing the dev entry directly, and worry about making it permanent later
 
Old 11-14-2005, 05:02 PM   #6
julz_51
Member
 
Registered: Mar 2005
Location: France
Distribution: Gentoo, Debian, FC4
Posts: 40

Rep: Reputation: 15
Do you have a /dev/modem ? I've never used one with linux, but I've read that it's generally /dev/ttys0 (for serial port 1). Anyway, find the right file in /dev/ and do "chgrp modem /dev/the_appropriate_file". Also check that you have rw permissions for group (ls -l /dev/the_appropriate_file). If not, set them with chmod.

edit: ak, 2nd time I post one minute after you. For udev, it depends on the kernel. By default the debian cd (at least the one I got) installs kernel 2.4, so udev is not installed. For my information, how would you make the change permanent without udev ?

Last edited by julz_51; 11-14-2005 at 05:08 PM.
 
Old 11-14-2005, 05:31 PM   #7
jojotx0
Member
 
Registered: Mar 2004
Distribution: Debian Lenny
Posts: 181

Original Poster
Rep: Reputation: 30
I have run the command chgrp modem /dev/ttyS0 as root, and chgrp modem /dev/modem also as root, and to no avail

@acid: I have udev, and well, but the udev.rules file has nothing about my modem...here is the contents of the file:

# There are a number of modifiers that are allowed to be used in some
# of the different fields. They provide the following subsitutions:
#
# %n the "kernel number" of the device.
# For example, 'sda3' has a "kernel number" of '3'
# %e the smallest number for that name which does not matches an existing node
# %k the kernel name for the device.
# %M the kernel major number for the device
# %m the kernel minor number for the device
# %b the bus id for the device
# %c the string returned by the PROGRAM
# %s{filename} the content of a sysfs attribute.
# %% the '%' char itself.
#

# workaround for devices which do not report media changes
BUS="ide", KERNEL="hd[a-z]", SYSFS{removable}="1", \
PROGRAM="/etc/udev/scripts/ide-model.sh %k", RESULT="IOMEGA ZIP *", \
OPTIONS="all_partitions", NAME="%k"

# SCSI devices
BUS="scsi", KERNEL="sr[0-9]*", NAME="scd%n", SYMLINK="sr%n"

# USB devices
BUS="usb", KERNEL="hiddev*", NAME="usb/%k"
BUS="usb", KERNEL="auer[0-9]*", NAME="usb/%k"
BUS="usb", KERNEL="legousbtower*", NAME="usb/%k"
BUS="usb", KERNEL="dabusb*", NAME="usb/%k"
BUS="usb", KERNEL="cpad[0-9]*", NAME="usb/%k"
BUS="usb", KERNEL="lp[0-9]*", NAME="usb/%k"
BUS="usb", KERNEL="ttyUSB*", SYSFS{product}="Palm Handheld*", SYMLINK="pilot"

# serial devices
KERNEL="capi", NAME="capi20", SYMLINK="isdn/capi20"
KERNEL="capi[0-9]*", NAME="capi/%n"

# video devices
KERNEL="dvb*", PROGRAM="/etc/udev/scripts/dvb.sh %k", NAME="%c"
KERNEL="card[0-9]*", NAME="dri/%k"

# misc devices
KERNEL="hw_random", NAME="hwrng"

KERNEL="cdemu[0-9]*", NAME="cdemu/%n"
KERNEL="pktcdvd[0-9]*", NAME="pktcdvd/%n"
KERNEL="pktcdvd", NAME="pktcdvd/control"

KERNEL="cpu[0-9]*", NAME="cpu/%n/cpuid"
KERNEL="msr[0-9]*", NAME="cpu/%n/msr"
KERNEL="microcode", NAME="cpu/microcode"

KERNEL="umad*", NAME="infiniband/%k"
KERNEL="issm*", NAME="infiniband/%k"

KERNEL="tap[0-9]*", NAME="net/%k"
KERNEL="tun", NAME="net/%k"

# ALSA devices
KERNEL="controlC[0-9]*", NAME="snd/%k"
KERNEL="hwC[D0-9]*", NAME="snd/%k"
KERNEL="pcmC[D0-9cp]*", NAME="snd/%k"
KERNEL="midiC[D0-9]*", NAME="snd/%k"
KERNEL="timer", NAME="snd/%k"
KERNEL="seq", NAME="snd/%k"

# input devices
KERNEL="mice", NAME="input/%k"
KERNEL="mouse[0-9]*", NAME="input/%k"
KERNEL="event[0-9]*", NAME="input/%k"
KERNEL="js[0-9]*", NAME="input/%k"
KERNEL="ts[0-9]*", NAME="input/%k"
KERNEL="uinput", NAME="input/%k"

# Zaptel
KERNEL="zapctl", NAME="zap/ctl"
KERNEL="zaptimer", NAME="zap/timer"
KERNEL="zapchannel", NAME="zap/channel"
KERNEL="zappseudo", NAME="zap/pseudo"
KERNEL="zap[0-9]*", NAME="zap/%n"

# AOE character devices
SUBSYSTEM="aoe", KERNEL="discover", NAME="etherd/%k"
SUBSYSTEM="aoe", KERNEL="err", NAME="etherd/%k"
SUBSYSTEM="aoe", KERNEL="interfaces", NAME="etherd/%k"

# device mapper creates its own device nodes, so ignore these
KERNEL="dm-[0-9]*", OPTIONS="ignore_device"
KERNEL="device-mapper", NAME="mapper/control"
 
Old 11-14-2005, 06:13 PM   #8
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
Couldn't you use something like (I believe) gksudo?
 
Old 11-14-2005, 06:24 PM   #9
jojotx0
Member
 
Registered: Mar 2004
Distribution: Debian Lenny
Posts: 181

Original Poster
Rep: Reputation: 30
I have already stated that this is for my guest account, and that I don't want my guests to know my root password, so using gksu won't work.
 
Old 11-15-2005, 04:13 AM   #10
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
well actually a sudoers file (which i assume this gksu is a wrapper for) gives you the ability to not require a password for a certain command. ultimately device permissions are the best way to go, but you could also try setting the dialer program as suid, so whoever runs it instantly has root permiossions applied to resources it tries to use
 
Old 11-15-2005, 04:35 AM   #11
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 53
You can try resmgr (I've not tested it though) ,

"The resmgrd daemon is responsible for checking the resource management policy of the system and then acting as a proxy between the application and the actual devices."

Code:
apt-get install resmgr
 
Old 11-15-2005, 11:09 AM   #12
jojotx0
Member
 
Registered: Mar 2004
Distribution: Debian Lenny
Posts: 181

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by acid_kewpie
well actually a sudoers file (which i assume this gksu is a wrapper for) gives you the ability to not require a password for a certain command. ultimately device permissions are the best way to go, but you could also try setting the dialer program as suid, so whoever runs it instantly has root permiossions applied to resources it tries to use
I can't use suid with gnome-ppp since it uses GTK+, so I am going to have to set the device permissions...I just can't get that to work for some reason
 
Old 11-15-2005, 11:25 AM   #13
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
what does gtk+ have to do with anything?
 
Old 11-15-2005, 12:26 PM   #14
jojotx0
Member
 
Registered: Mar 2004
Distribution: Debian Lenny
Posts: 181

Original Poster
Rep: Reputation: 30
I don't really know...but this is what is displayed in a terminal when I run gnome-ppp when I have SUID set:

(gnome-ppp:22629): Gtk-WARNING **: This process is currently running setuid or setgid.
This is not a supported use of GTK+. You must create a helper
program instead. For further details, see:

http://www.gtk.org/setuid.html

Refusing to initialize GTK+.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Allowing user access to one directory only aje Slackware 5 05-25-2005 09:12 PM
Allowing any user to manage/ delete print jobs mpk25 Linux - Networking 0 10-13-2004 03:05 PM
Allowing a normal nonroot user to create accounts? jon_k Linux - Software 3 07-10-2004 03:17 AM
GFTP allowing Root access to an FTP user scottpioso Red Hat 2 01-07-2004 07:20 PM
Allowing regular user to restart network process?? carlos123 Linux - Networking 2 12-03-2003 04:44 AM


All times are GMT -5. The time now is 12:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration