We have an [Ubuntu 20.04] Docker image, used as part of a test system, in which I need to run pppd
(to test a dial-up connection), where pppd
is connected to the physical modem via a socat
loop. My problem is that, when the [non-root] user of the Docker container (let’s call the user usera
) executes pppd
(which is setuid
, that part works fine), pppd
is unable to access the device that the same user has set up just a moment ago using socat
. usera
successfully executes:
socat pty,link=/tmp/ppp0,echo=0,raw,b115200 pty,link=/tmp/tty0,echo=0,raw,b115200
…which runs fine, where the Dockerfile has set up the permissions on /tmp
as:
chmod 1777 /tmp
…i.e. tmp
has permissions drwxrwxrwt
.
The socat
command-line successfully creates:
ls -l /tmp
total 0
lrwxrwxrwx 1 ubxlib ubxlib 10 Mar 8 15:33 ppp0 -> /dev/pts/1
lrwxrwxrwx 1 ubxlib ubxlib 10 Mar 8 15:33 tty0 -> /dev/pts/2
…but when usera
then executes pppd
to connect to one end of the loop, we get:
pppd /tmp/ppp0 115200 passive debug local nodetach
pppd: Couldn't stat /tmp/ppp0: Permission denied
If, instead, usera
knows the /dev/pts/x
that socat
just created, rather than using the link through /tmp/ppp0
, then pppd
works:
pppd /dev/pts/1 115200 passive debug local nodetach
using channel 1
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
...
How do I make pppd
work with the link that socat
provides, under the usera
user, rather than usera
having to know what socat
has done?
For completeness, the permissions of pppd
are -rwsr-xr-x
. sudo
not an option here as this is inside a Docker container run via SSH by Jenkins, so there is no TTY/responder for a password.