LinuxDevCenter.com
oreilly.comSafari Books Online.Conferences.

advertisement


Testing and Automating PPP
Pages: 1, 2, 3, 4

SUID

To allow ordinary users (usually you are an ordinary user) to use PPP, some changes need to be made. Just make sure that the pppd file provides "read" and "execute" permissions for users



chmod a+rx /usr/sbin/pppd

and that /usr/sbin/pppd is setuid for root

chmod +s /usr/sbin/pppd

In addition, you may have to make the serial port accessible by your users. Assuming that your port is /dev/ttyS1 (COM2) type

chmod a+rw /dev/ttyS1

Note that some programs (like linuxconf or mgetty) like to change the permissions of the serial port back to a more protected form. So, don't run linuxconf or mgetty, or get used to having to keep resetting the permissions of the serial port. Alternatively, get one of the more recent versions of pppd (such as 2.3.9). If you put the port (for example, /dev/ttyS1) into /etc/ppp/options, instead of on the pppd command line as I do in the scripts below, pppd will connect to the port as root, rather than as user, and you will not have to worry about the permissions on the port.

If you have users who you do not want using your modems, edit /etc/group and insert a line like

ppp::25:<list of names of users>

where the list of users is a comma-delimited list of the users you want to give permission to use PPP. The group number -- 25 in the above example -- is arbitrary, but should not be the same as any other group in /etc/group. Then do

chown root.ppp /usr/sbin/pppd
chmod o-rx /usr/sbin/pppd

in addition to the above changes.

Alternatively if you are running mgetty put your modem users into the group uucp, which should already be defined in /etc/group. (mgetty keeps resetting the ownership and permissions of the device, such as /dev/ttyS1, to have group uucp, and no rw permissions for ordinary users.)

Script

Let's now automate the running of pppd by writing two scripts. The first script file will contain the commands, while the second will contain the expect/send pairs that chat needs to log you on. The first file I will call pppon to distinguish it from the ppp-on which comes with your distribution, while the second will be chatscript.

The pppon script is simple, but comes in two versions. The one for the case in which you discovered that your ISP expected you to log on

pppon


===============================================
#!/bin/sh
#This script is for the case where you log on to your ISP
/usr/sbin/pppd /dev/ttyS1 57600 connect "/usr/sbin/chat -f
$HOME/chatscript"
----------------------------------------------

In this case I have assumed that each user will keep their chatscript in their home directory. Replace $HOME with the path if you want it kept elsewhere.

It is important to note that I have removed the -v from the chat command and the debug option from the pppd command. This is important as otherwise your password will be recorded in the /var/log/ppp file -- a bad idea.

In this case, where the remote ISP wants you to log in, the chat script is complex. I will also add some extra features to the chat script to make it more robust than the minimal commands I used above. (The lines starting with "#" are comments which may safely be removed or left in.)

chatscript


============================================
                      ABORT "NO CARRIER"
                      ABORT "NO DIALTONE"
                      ABORT "ERROR"
                      ABORT "NO ANSWER"
                      ABORT "BUSY"
#The above lines indicate conditions for chat quitting
                      ""    AT
                      'OK-\d\d+++\d\d\c-OK'   ATH0
# The A-B-C form of the expect sequence 
# means that it is to expect A, if A does not 
# arrive, send B and then expect C. So this line 
# means -- expect OK, if it does not arrive, wait two
# seconds,(each \d is a 1-second wait) send +++
# wait for 2 more seconds and then do not send a 
# carriage return. Finally wait for OK again. 
# If it arrives, send ATH0 The +++ is in case your 
# modem has not hung up. You may want to know if
# your modem is not hanging up, if so, remove 
# this whole line.
              OK    'AT&F\\Q3\\V1&D3M1#CC1'
# These are various controls sent to my particular 
# modem. CHANGE FOR YOURS!
# The &F, &D3, and M1 seem to be quite generic 
# for setting the modem with factory defaults, allowing
# the DTR line to reset the modem (Used when pppd shuts 
# itself down), and  M1 allows the speaker on while the
# call is being established, but off after the remote 
# system has answered. USR/3COM Sportster modems require 
# &F1 instead of &F.
# \Q3, \V1, and #CC1 are almost certainly peculiar to 
# my particular modem. Note that a backslash must be 
# doubled to get through. This sequence
# should also always be enclosed in single  quotes
# because of the special characters like &.\,#.
              OK     ATD8765432
              CONNECT ""
              ogin:--ogin:    unruh
# Again the A-B-C, except the middle B to be sent if 
# ogin: is not received is nothing except a  
# carriage return
              assword:      "dontyouwish"
---------------------------------------------------------------\

If in your determination of what your ISP wanted, you found you had to expect other text (such as "PPP? y/n") and send a response, insert those onto the end of this file. Also, since your user name, password and phone numbers are highly unlikely to be as in this script, change those.

The other possibility is that the ISP uses PAP/CHAP authorization. In this case, the pppon script needs the "user" option. You can put it into the file permanently, if you will ever only use a single ISP or, as in the following, you can allow it to be given as an option to pppd.

pppon
==============================================================
#!/bin/sh
if [ "$1" = "" ] ;then
   echo "Usage: pppon username"
   exit 1
fi
/usr/sbin/pppd /dev/ttyS1 57600 user $1 connect "/usr/sbin/chat -f
$HOME/chatscript"
----------------------------------------------------------------

This script asks for your user name on the remote system as part of the options to the pppon. You could replace the lines between the if and fi and just put the user name in instead of the $1 in the pppd command line, if you wish.

It is important to note that I have removed the debug option to pppd. Under especially PAP, using debug will store your PAP password in the /var/log/ppp file, which is not what you want. Additionally, erase your /var/log/ppp file at this point to remove the possibility of anyone reading the password in that file.

Pages: 1, 2, 3, 4

Next Pagearrow




Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!


Linux Resources
  • Linux Online
  • The Linux FAQ
  • linux.java.net
  • Linux Kernel Archives
  • Kernel Traffic
  • DistroWatch.com


  • Sponsored by: