Solved

Giving Access to PPP

Posted on 1997-12-04
8
263 Views
Last Modified: 2010-03-18
Ok you guys came thru for me on the first PPP question...now i got another one.  At this moment i can only use PPP to dial in when i am logged in as root. How do i give my other user account access so i dont have to log in as root all the time?
0
Comment
Question by:jgb
  • 4
  • 3
8 Comments
 

Expert Comment

by:vedel
ID: 1587019
Hi.

To make ordinary users able to start a ppp-connection
(and kill it again I presume) you have many options.  

Two and a half ways are listed below. notice that they both
allow the
ppp-controlling people access to the userid/password combination
for the remote ppp-host which might be in one of your
ppp-scripts.  On most pc's that hardly a worry, as the are
used just by the family.

If EVERYBODY should be allowed to run/stop ppp just do a
"chmod" to whatever file/device
your particular ppp setup is using. The new setting for the
users can either be equal to that of root's current setting
or you can just to "chmod 755 ppp-related-files"  The typical
ppp-related-files are in /usr/sbin with names starting with ppp
and in /etc/ppp with all types of names.  You might also have
to change the chmod settings of the device which is used
by the modem.   This is the fast and dirty method I'm currently
using  my pc - not to be officially recommended, ha ha...

If you want only certain users to start/stop ppp one way is
to run it as a "sudo" command. That means you type
"sudo ppp-start-script" where ppp-start-script is the
ppp-starter which currently works for you as root.  This makes
linux chek in the file /etc/SUDOERS whether you should be allowed start ppp and prompt you for your password (yours, not
roots) before doing so.  Like you have root-abilities but only for clearly specified stuff.
Clearly you'll have to edit first the
SUDOERS file. Go to /etc issue "visudo SUDOERS" and fill in
following either the sceleton which is already there or the
guidelines from the manual-page. Notice - you have to edit
the file using the "visudo" editor. When you are finished
the SUDOERS file will contain a small list of files necessary
to start/stop ppp (e.g. the ppp-starting-script and ppp-stoping-script), this list will have a certain name, and
that name will be associated with a list of users who will
then be allowed to run those scripts/programs if they
issue commands like "sudo script"  I used this setup for
a long time, works fine, until I got some button-popup ppp-tools,
which made invoking the password prompting rather cumbersome.


I think, but have not tried, that one can reach the same goal
as above by adding the users who should be able to control
the ppp-connection to the group to which the ppp-files belong,
and eventaully change the protections for this group on the
relavant files in a selective manner.
 
0
 

Author Comment

by:jgb
ID: 1587020
i did what he said and still no go...
0
 

Expert Comment

by:vedel
ID: 1587021
There was a mistake in my recommendation:

If you use the sudo option the file to edit is
/etc/sudoers NOT /etc/SUDOERS as I wrote.  here is the
content of my own /etc/sudoers file
 
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for the details on how to write a sudoers file.
#
# Host alias specification
Host_Alias BALD=baldeagle.skouvedel.dk,baldeagle
# Cmnd alias specification
Cmnd_Alias REMOTE=/usr/sbin/ppp-on-tac,/usr/sbin/ppp-on-nbi,/usr/local/bin/tkppp
tac,/usr/local/bin/tkpppnbi
Cmnd_Alias SHUT=/sbin/halt,/sbin/shutdown
Cmnd_Alias WWW=/usr/sbin/httpd
# User specification
root    ALL=(ALL) ALL
vedel   BALD=REMOTE:BALD=SHUT:BALD=WWW  
dorthe  BALD=REMOTE:BALD=SHUT:BALD=WWW


In any instant you should also do the following as root.
"chmod 4755 /usr/sbin/pppd"

If it still doesn't work, please specify precisely what you
did and what eventual errormessages were.

good luck.
0
 

Author Comment

by:jgb
ID: 1587022
i keep getting errors in the sudoer file when i try to save what
i have done in it......here is my info if it will help....my local host is black....local domain is pearljam.net......the users i want to give access to are lonegun and mulder.....the command to start up my ppp connection is in /usr/sbin and is ppp-go.....not sure what the command the stop it is....i have just been killing the processes when i am done...but i am sure there is another way.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Expert Comment

by:vedel
ID: 1587023
What errors does visudo give you when you try saving the
sudoers file?

In your case it should look something like:

#Host alias specification
Host_Alias MYPC=black.pearljam.net,black
#
#Command alias specification
Cmnd_Alias REMOTE=/usr/sbin/ppp-go
#
#User specification
root ALL=(ALL)ALL
lonegun MYPC=REMOTE
mulder MYPC=REMOTE

I recently updated from an older Slackware installation to
a redhat 4.2, and I recall having to change the sudoers file
slightly. The line about root wasn't my the slackware sudoers file. The above it the structure with would work on my redhat
linux installation.

For this to work your linux system should work properly
with the netaddress specified, at least "within itself"
Check if you can do "telnet black" and "telnet black.pearljam.net" to see if the pc recognizes itself under
those names (without running the ppp-connection).

yet another good luck.

0
 

Author Comment

by:jgb
ID: 1587024
ok i got an error message from the sudoer file......"sudoers
file: parse error, Line 9...what now?"...dats da error
0
 

Author Comment

by:jgb
ID: 1587025
ok i figgered somethin else out....thanks for the help anyway vedel.
0
 
LVL 2

Accepted Solution

by:
frowijn earned 100 total points
ID: 1587026
There is an script in the /usr/doc/ppp..../scripts, copy the scripts to /root, when you want others to use a ppp connection, adjust the file ppp-on and copy it to their home dir. along with ppp-off, start it with ./ppp-on, then type
route del default
route add default ppp0
when they want to quit, they have to type ./ppp-off, or just in a rude way, turn off the modem !
Minicom can also be a great help for users, you can specify them in the /etc/minicom.users

It's not the nicest way but it works :-)

Hope this helps a bit
Oscar
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now