Re: URGENT: permissions of /dev/ttyS? are constantly getting reset

To: Nico De Ranter <nico@sonycom.com>
Cc: debian-user@lists.debian.org
Subject: Re: URGENT: permissions of /dev/ttyS? are constantly getting reset
From: David Wright <d.wright@open.ac.uk>
Date: Fri, 16 Mar 2001 15:17:21 +0000
Message-id: <[🔎] 20010316151721.F15021@tyne.open.ac.uk>
Mail-followup-to: Nico De Ranter <nico@sonycom.com>, debian-user@lists.debian.org
In-reply-to: <[🔎] 20010316084130.I9480@immortelle.sonytel.be>; from Nico De Ranter on Fri, Mar 16, 2001 at 08:41:30AM +0100
References: <[🔎] 20010313170116.Z4338@immortelle.sonytel.be> <[🔎] 20010314134853.C15340@tyne.open.ac.uk> <[🔎] 20010316084130.I9480@immortelle.sonytel.be>

Quoting Nico De Ranter (nico@sonycom.com):
> On Wed, Mar 14, 2001 at 01:48:53PM +0000, David Wright wrote:
> > Quoting Nico De Ranter (nico@sonycom.com):
> > 
> > > I'm installing a little ppp server for a special project. The ppp daemon
> > > needs to be started by a non-root user. I've added the user to the dialout
> > > group however the default permission are:
> > > 
> > > crw-r-----    1 root     dialout    4,  64 Nov 30 16:23 /dev/ttyS0
> > > 
> > > in stead of
> > > 
> > > crw-rw----    1 root     dialout    4,  64 Nov 30 16:23 /dev/ttyS0
> > > 
> > > 
> > > I tried chmod but the next time I reboot the permissions are reset to
> > > crw-r----- again.  How can I switch off this behaviour?  Having the user
> > > log in as root is really not an option.
> > 
> > The first solution is to use pppconfig, pon and poff. Non-root users
> > need to be in the group dip. Remember that a session only acquires its
> > group permissions when you login.
> > 
> > If you insist on using wvdial to set up your modem (BTW it is a good
> > idea to say which packages you are using when asking for help; I'm
> > just guessing you use wvdial because you're hitting the same bugs as
> > other people do.), you might be able to just copy the modem scripts
> > written by wvdial into your pppconfig.
> > 
> > I get the impression that most people who use wvdial have root access
> > and correct the permissions themselves. (Bug #85709.)
> 
> These tools are all very nice if you're a homeuser wanting to use a modem to
> dialin. However there are lots of other things you can do with ppp. I'm not
> intrested in using any of these programs I just need that special user to be
> able to use bare bones pppd.

pon is not a tool but a wrapper. Here it is:

#!/bin/sh
exec /usr/sbin/pppd call ${1:-provider}

So does that special user (or their program) have access to a shell for
passing in the call parameter? If not, you can use /etc/ppp/options
or ~/.ppprc to acheive the same ends. This *is* bare bones pppd.

> Anyway, I added a S99zfixttyS script to /etc/rc2.d that will revert the permissions
> to a more useable value.

pppd is suid. It does not require any fiddling of permissions in order
to run. I assumed you were using wvdial because its users are the ones
who run into permissions problems, as it seems to rely on having g+w
permissions on the serial port. pppd does not.

In view of this, I'll repeat, dialout is the wrong group for your user
to use ppp; the correct group is dip (whether or not you're using
pppconfig/pon/poff - perhaps that wasn't made clear the first time).

However, if you require those permissions on the serial port for
some other purpose, you just have to let pppd restore them when it
finishes. (This is where wvdial falls down - it kills pppd before
the restoration is complete.) man pppd tells you exactly how to stop
pppd, viz.

       SIGINT, SIGTERM
              These  signals cause pppd to terminate the link (by
              closing LCP), restore the serial  device  settings,
                            ^^^^^^^^^^^^^^^^^^^^^^^^^^
              and exit.

       SIGHUP This  signal  causes  pppd  to  terminate the link,
              restore the serial device settings, and  close  the
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
              serial device.  If the persist or demand option has
              been specified, pppd will try to reopen the  serial
              device  and  start  another  connection  (after the
              holdoff period).  Otherwise  pppd  will  exit.   If
              this  signal is received during the holdoff period,
              it causes pppd to end the  holdoff  period  immedi-
              ately.

poff is just a script to do this for you. It would be simple to
incorporate its actions into a program if that's what your special
user is running.

> I would however like it very much if the Debian
> installation would offer a "skip-the-paranoid-stuff" button.  Having good
> security by default might be heaven for regular homeusers but it's hell for
> anybody trying to do special development on Linux.

Sorry, no can do. A quick analogy: if you go to sea in a seaworthy
boat, you can sink it by opening the scuttles. If you try to put to
sea in a sieve, no amount of patching will make it seaworthy.

With always-on connections, "homeusers" no longer has any meaning
in connection with security.

Cheers,

-- 
Email:  d.wright@open.ac.uk   Tel: +44 1908 653 739  Fax: +44 1908 655 151
Snail:  David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA
Disclaimer:   These addresses are only for reaching me, and do not signify
official stationery. Views expressed here are either my own or plagiarised.

Reply to:

References:
- URGENT: permissions of /dev/ttyS? are constantly getting reset
  - From: Nico De Ranter <nico@sonycom.com>
- Re: URGENT: permissions of /dev/ttyS? are constantly getting reset
  - From: David Wright <d.wright@open.ac.uk>
- Re: URGENT: permissions of /dev/ttyS? are constantly getting reset
  - From: Nico De Ranter <nico@sonycom.com>

Prev by Date: Re: exim: localhosts and smarthost
Next by Date: maybe you can help
Previous by thread: Re: URGENT: permissions of /dev/ttyS? are constantly getting reset
Next by thread: lpd network print prob
Index(es):
- Date
- Thread