Gnome PPP Must Run as Root!

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read this

Gnome PPP Must Run as Root!

Postby Digital_Resistance on Mon Apr 04, 2011 8:50 pm

This is the output I got when trying to dial-out with the included Gnome PPP (GUI front-end to WvDial) in LMDE (201101):
Code: Select all
--> Cannot open /dev/ttyACM0: Permission denied


(ttyACM0 is the location of my USR 5637 USB modem. See the recent posts in the thread Dial-Up GUI: In Which Editions?! for more info on analog dial-up modems and Linux)

I then proceeded to run GPPP as root by opening it from a terminal in which I had first invoked root privileges* and it worked! I was able to establish a successful PPP dial-up connection.

(*I used the su option:
Code: Select all
su
, then
Code: Select all
gnome-ppp
two separate commands, but the "Ubuntu way", using a single sudo command, also seems to work:
Code: Select all
sudo gnome-ppp
)

(I got the idea from my experience with GPPP in antix 8.5; there GPPP would connect but then immediately afterward disconnect with the message,
Code: Select all
The PPP daemon has died: pppd Options Error (exit code=2)


Thanks to the kind folks at the antiX forums, I learned that the workaround is to run GPPP as root. In antix, I did this by using the "Run" box to open GPPP, checking "run as root". In LMDE, I did not find a "Run" box, so I decided to try using a terminal to run GPPP as root and the rest is history...

Note that KPPP in SimplyMEPIS has a different problem-- along with a different solution; see this post (esp. the very last part) at the MEPIS Community Forum.

I should point-out that I'm way out of my league with LMDE but when I learned it came with GPPP, I was so surprised that I decided to give it a try and see what happens and I actually fumbled my way through installing it just hours ago. This is my first boot-up after installation and, after the turbulence I encountered trying to update, I fear it may prove to be my last as well....
Last edited by Digital_Resistance on Wed Apr 06, 2011 8:10 am, edited 1 time in total.
"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts." ~ Gene Spafford
Digital_Resistance
Level 1
Level 1
 
Posts: 30
Joined: Sun Apr 18, 2010 4:26 pm
Location: U.S.A.

Linux Mint is funded by ads and donations.
 

Re: Gnome PPP Must Run as Root!

Postby slider on Tue Apr 05, 2011 10:59 pm

I learned that the workaround is to run GPPP as root.
You should not need to do this.

Check to see if you are included in the "group" dialout.

Run
Code: Select all
cat /etc/group
as your regular user. Look in the list to see which groups that you are included in.



I thought that I might as well add the command, just in case.

If not run the following:
Code: Select all
sudo adduser your_user_name dialout


You may or may not need to be in "group" dip as well. Check for that too. Run the command the same way, but substitute dip, instead of dialout. Logout and back in again.
"In the beginning of a change the patriot is a scarce man, brave and hated and scorned. When his cause succeeds the timid join him for then it costs nothing to be a patriot."
Mark Twain
slider
Level 5
Level 5
 
Posts: 580
Joined: Wed May 07, 2008 2:08 pm
Location: Sliding around somewhere!

Re: Gnome PPP Must Run as Root!

Postby Digital_Resistance on Sun Apr 24, 2011 7:19 pm

Thank you very much for this reply, Slider.

I gave-up on LMDE shortly after making my post (many problems; in over my head) but I had a similar problem with GPPP in Ubuntu 10.04* that I seem to have solved by adding myself to the "dip" group according to your instructions. Since Ubuntu is also based on Debian, I would think the issues and solutions would at least be similar.

(*Lest anyone be misled, let me make it clear that Ubuntu does not come with GPPP. I downloaded and installed gnome-ppp using a broadband connection that I had an opportunity to use, using this command:
Code: Select all
sudo apt-get install gnome-ppp
)

Here's the detailed account:

Trying to connect with GPPP in Ubuntu 10.04 generated the following output:

Code: Select all
CONNECT 53333/ARQ/V92/LAPM/V44
--> Carrier detected.  Waiting for prompt.
~[7f]}#@!}!#} }8}"}&} }*} } }#}$@#}%}&bT`}*}'}"}(}"O8~
--> PPP negotiation detected.
--> Unable to run /usr/sbin/pppd.
--> Check permissions, or specify a "PPPD Path" option in wvdial.conf.


I then checked and saw that I was included in the group "dialout" but not in the group dip.

After adding myself to "dip" and logging-out and then back in again--something I forgot to do at first--, I was finally able to connect with Gnome PPP without running it as root and remain connected.

slider wrote:I thought that I might as well add the command, just in case.

Code: Select all
sudo adduser {user name} {group name}


I'm sure glad you did! Would not have known otherwise.

(And while I'm at it, I might as well note the command for removing a user, should anyone finding this thread need it:
Code: Select all
sudo del user
I just learned that very quickly via Google, as I had wanted to make sure that the error message I had received before adding my user name to dip was the same as the one I received after adding my user name to "dip" (before I logged-out).)

Logout and back in again.


That made all the difference! Forgot to do it the first time.

So adding my user name to the group dip appears to have solved the problem.

I did get the following message when connecting but I've gotten it many times before in the past, so I don't know if it's cause for any concern. (Especially since password security is not an issue in my case, since I am using free ISPs that do not require any registration or account; one has the same user name and password for everyone ("guest/password") and the others work with any user name/ password combination.)

Code: Select all
CONNECT 52000/ARQ/V92/LAPM/V44
--> Carrier detected.  Waiting for prompt.
~[7f]}#@!}!}?} }8}"}&} }*} } }#}$@#}%}&bm1k}'}"}(}"2t~
--> PPP negotiation detected.
--> Starting pppd at Sun Apr 24 12:50:21 2011
--> Warning: Could not modify /etc/ppp/pap-secrets: Permission denied
--> --> PAP (Password Authentication Protocol) may be flaky.
--> Warning: Could not modify /etc/ppp/chap-secrets: Permission denied
--> --> CHAP (Challenge Handshake) may be flaky.
--> Pid of pppd: 3614
--> Using interface ppp0


Another thing: sometimes I end-up closing the terminal or log window for GPPP before having a chance to view or copy the output or I forget to click "show log" in the first place. I suspect these logs may be saved somewhere and there is a way to access but I don't know how. Can anyone tell me?

Finally, I must ask if there is a good reason for not having an app such as GPPP just run as any user by default? That is how it was in my experience with PCLinuxOS as well as antiX 8.2 (regarding the subsequent 8.5 release, see the link to the antiX forum thread in my OP.)
"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts." ~ Gene Spafford
Digital_Resistance
Level 1
Level 1
 
Posts: 30
Joined: Sun Apr 18, 2010 4:26 pm
Location: U.S.A.

Re: Gnome PPP Must Run as Root!

Postby slider on Mon Apr 25, 2011 12:38 am

Hi Digital_Resistance

I'll try to clear a few things up (hopefully).

I suspect these logs may be saved somewhere and there is a way to access but I don't know how. Can anyone tell me?
Your important logs are kept in /var/log
Run
Code: Select all
ls /var/log
for a quick view.

Finally, I must ask if there is a good reason for not having an app such as GPPP just run as any user by default?
GPPP is a frontend program for PPPD (Point To Point Protocol Daemon) which is the true background process at work. This is a root process, but is accessible from certain groups with escalated privileges.

Think "Set UID". I will point you to this link which may help > Here.

To try the example from the site run
Code: Select all
ls -latr /usr/bin/passwd
Now try
Code: Select all
ls -latr /usr/sbin/pppd
and look for the s. Notice group dip is listed as well. Seems like users used to be automatically added to that group during install, but this is no longer sometimes the case?


Sudo versus Su: In Linux root is normally never used to connect directly to the internet. Doing so would be using the mindset from another popular OS that is filled with hazards.

Open a terminal as a regular user then type sudo -s. This will give you a sudo terminal with no time limit expiration with escalated privileges. Notice it asks for your user account password and the symbols change as follows:
Code: Select all
slider@slider-desktop ~ $ sudo -s
[sudo] password for slider:
slider-desktop ~ #


Now as regular user type su. This time (if your system is set correctly) it is looking for a root password. This is a root terminal with all the privileges afforded it. Again notice the change in symbols:
Code: Select all
slider@slider-desktop ~ $ su
Password:
slider-desktop slider #


For safety a user would never run GPPP as root directly, but as with gksudo, that would probably be generally OK, but MAYBE not as good as using the correct groups privileges > hence "Set UID" comes into play. This is technically not "running as root", but "running with some root privileges".

I'm probably not explaining this very well. :oops: Let me point you Here and Here

I then proceeded to run GPPP as root by opening it from a terminal in which I had first invoked root privileges* and it worked!
Yes it did work using su as you did, but that was bypassing some of the built-in safety protocols of Linux. A thing that another..... Well you know! :D

Since you are a regular dialup user you may want to read and check out the man pages in your terminal for more info including exit status codes, debug setup,etc.
Code: Select all
man pppd

I hope that this helps some! :)



Edit: I noticed that I provided a different link above than what I had intended. I went ahead and left the old link (as it was somewhat related) and added the intended link next to it. My apologies for that!
S


__________________________________________________________________________________________________________________________________
This is a good time to quote my friend Husse, as he put it so well. He is greatly missed here at this forum!
Re: Should you use the Conficker Eye Chart?

Postby Husse on Tue Apr 14, 2009 5:08 pm
:mrgreen:
How relaxing to use Linux :)
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
"In the beginning of a change the patriot is a scarce man, brave and hated and scorned. When his cause succeeds the timid join him for then it costs nothing to be a patriot."
Mark Twain
slider
Level 5
Level 5
 
Posts: 580
Joined: Wed May 07, 2008 2:08 pm
Location: Sliding around somewhere!

Re: Gnome PPP Must Run as Root!

Postby Digital_Resistance on Fri May 06, 2011 11:10 am

[duplicate post]
Last edited by Digital_Resistance on Fri May 06, 2011 11:20 am, edited 1 time in total.
"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts." ~ Gene Spafford
Digital_Resistance
Level 1
Level 1
 
Posts: 30
Joined: Sun Apr 18, 2010 4:26 pm
Location: U.S.A.

Re: Gnome PPP Must Run as Root!

Postby Digital_Resistance on Fri May 06, 2011 11:19 am

[Another Duplicate; Trying to EDIT my posts has been resulting in NEW POSTS. See below for my actual post]

May 13 Edit: I see that for my final, actual post at the end of these two, the "edit post" function offers the option of deleting the post. Wonder why neither this or the one above do.
Last edited by Digital_Resistance on Fri May 13, 2011 7:20 pm, edited 3 times in total.
"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts." ~ Gene Spafford
Digital_Resistance
Level 1
Level 1
 
Posts: 30
Joined: Sun Apr 18, 2010 4:26 pm
Location: U.S.A.

Re: Gnome PPP Must Run as Root!

Postby Digital_Resistance on Fri May 06, 2011 11:22 am

Thank you very much for all this information, slider. I really appreciate it.

slider wrote:GPPP is a frontend program for PPPD (Point To Point Protocol Daemon) which is the true background process at work.


I thought it was WvDial that GPPP (gnome-ppp) as well as KPPP (and any other similar apps, such as Chestnut Dialer, etc.) were all GUI front-ends to.

Digital Resistance wrote:I then proceeded to run GPPP as root by opening it from a terminal in which I had first invoked root privileges* and it worked!
slider wrote:Yes it did work using su as you did, but that was bypassing some of the built-in safety protocols of Linux.


I had indeed wondered about that.
"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts." ~ Gene Spafford
Digital_Resistance
Level 1
Level 1
 
Posts: 30
Joined: Sun Apr 18, 2010 4:26 pm
Location: U.S.A.

Linux Mint is funded by ads and donations.
 

Return to Other Topics

Who is online

Users browsing this forum: No registered users and 4 guests