Date: Fri, 12 Feb 1999 00:19:35 -0600 From: Chris Costello <chris@holly.dyndns.org> To: Drew Baxter <netmonger@genesis.ispace.com> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: ppp server side startup commands Message-ID: <19990212001935.A17616@holly.dyndns.org> In-Reply-To: <4.1.19990211210644.03b3da20@genesis.ispace.com>; from Drew Baxter on Thu, Feb 11, 1999 at 09:07:52PM -0500 References: <Pine.BSF.4.05.9902112051570.317-100000@picnic.mat.net> <4.1.19990211210644.03b3da20@genesis.ispace.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Or you could do something entirely simpler. Write a shell script containing the line - make SURE you set the path (i.e. do this: PATH=/usr/bin:/usr/sbin:/sbin:/usr/local/bin ) Have root own it and make it setuid 0. (chmod u+s yourscript) Don't trust any argument parsing either. #!/bin/sh PATH=/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin arp -s ... ... exit $? I would think this is adequately secure. On Thu, Feb 11, 1999, Drew Baxter put this into my mailbox: > At 08:58 PM 2/11/99 , Chuck Robey wrote: > >I was wondering if someone can make suggestion here, regarding getting > >startup actions run, ON THE PPP SERVER. > > > >I run user-ppp, where the login is done via chap. The user never has to > >enter any password; the getty process recognizes the incoming frame as > >a ppp hdlc frame, and starts up a ppp process just fine. The login > >works perfectly. > > > >The problem comes in when, for instance, the ppp user has a second box > >that needs to be introduced into the routing. Manually, to do this, on > >the server (as root) an arp -s command, and a route add command, has to > >be run, then the second box (this is with static ip) works perfectly. > >I've tried doing this with either the !bg or sh commands in ppp.linkup, > >but those commands seem to be run with the user's permission level, and > >the arp and route commands must be run as root. > > > >There are like commands (arp and route commands) that also have to be > >run on ppp takedown, to eliminate the routes. Does anyone know how to > >get this automated, so that it happens automatically on ppp startup and > >takedown? > > > >Note that I said that !bg and sh aren't doing it, I think that their > >permission levels are wrong. > > > > Use Sudo to exec the bg commands. i.e. sudo -u root /sbin/route add ... > > Course this requires you to let someone run commands as root.. perhaps you > could hack the source to add a password implementation. > > > --- > Drew "Droobie" Baxter > Network Admin/Professional Computer Nerd(TM) > OneEX: The OneNetwork Exchange, Bangor Maine USA > http://www.droo.orland.me.us > > PGP DSS/1024 Public Key ID: 0x409A1F7D > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990212001935.A17616>