How PPP Configuration File Privileges Work
Solaris PPP 4.0 configuration includes the concept of privileges. Privileges determine the precedence of configuration options, particularly when the same option is invoked in more than one place. An option that is invoked from a privileged source takes precedence over the same option that is invoked from a non-privileged source.
User Privileges
The only privileged user is superuser (root), with the UID of zero. All other users are not privileged.
File Privileges
The following are privileged configuration files regardless of their ownership:
/etc/ppp/options
/etc/ppp/options.ttyname
/etc/ppp/peers/peer-name
The file $HOME/.ppprc is owned by the user. Options read from $HOME/.ppprc and from the command line are privileged only if the user who is invoking pppd is root.
Arguments that follow the file option are privileged.
Effects of Option Privileges
Some options require the invoking user or source to be privileged in order to work. Options that are invoked on the command line are assigned the privileges of the user who is running the pppd command. These options are not privileged unless the user who is invoking pppd is root.
Option | Status | Explanation |
|---|---|---|
domain | Privileged | Requires privileges for use. |
linkname | Privileged | Requires privileges for use. |
noauth | Privileged | Requires privileges for use. |
nopam | Privileged | Requires privileges for use. |
pam | Privileged | Requires privileges for use. |
plugin | Privileged | Requires privileges for use. |
privgroup | Privileged | Requires privileges for use. |
allow-ip addresses | Privileged | Requires privileges for use. |
name hostname | Privileged | Requires privileges for use. |
plink | Privileged | Requires privileges for use. |
noplink | Privileged | Requires privileges for use. |
plumbed | Privileged | Requires privileges for use. |
proxyarp | Becomes privileged if noproxyarp has been specified | Cannot be overridden by an unprivileged use. |
Privileged if nodefaultroute is set in a privileged file or by a privileged user | Cannot be overridden by an unprivileged user. | |
disconnect | Privileged if set in a privileged file or by a privileged user | Cannot be overridden by an unprivileged user. |
bsdcomp | Privileged if set in a privileged file or by a privileged user | The non-privileged user cannot specify a code size larger than the privileged user has specified. |
deflate | Privileged if set in a privileged file or by a privileged user | The non-privileged user cannot specify a code size larger than the privileged user has specified. |
connect | Privileged if set in a privileged file or by a privileged user | Cannot be overridden by an unprivileged user. |
init | Privileged if set in a privileged file or by a privileged user | Cannot be overridden by an unprivileged user. |
pty | Privileged if set in a privileged file or by a privileged user | Cannot be overridden by an unprivileged user. |
welcome | Privileged if set in a privileged file or by a privileged user | Cannot be overridden by an unprivileged user. |
ttyname | Privileged if set in a privileged file
Not privileged if set in a non-privileged file | Opened with root permissions regardless of who invokes pppd.
Opened with the privileges of the user who invokes pppd. |
/etc/ppp/options Configuration File
You use the /etc/ppp/options file to define global options for all PPP communications on the local machine. /etc/ppp/options is a privileged file. /etc/ppp/options should be owned by root, although pppd does not enforce this rule. Options that you define in /etc/ppp/options have precedence over definitions of the same options in all other files and the command line.
Typical options that you might use in /etc/ppp/options include the following:
lock- Enables UUCP-style file locking
noauth - Indicates that the machine does not authenticate callers
Note - The Solaris PPP 4.0 software does not include a default /etc/ppp/options file. pppd does not require the /etc/ppp/options file to work. But be aware that if a machine does not have an /etc/ppp/options file, only root can run pppd on that machine.
You must create /etc/ppp/options by using a text editor, as shown in "How to Define Communications Over the Serial Line". If a machine does not require global options, you can create an empty /etc/ppp/options file. Then both root and regular users can run pppd on the local machine.
/etc/ppp/options.tmpl Template
The /etc/ppp/options.tmpl contains helpful comments about the /etc/ppp/options file plus three common options for the global /etc/ppp/options file.
lock nodefaultroute noproxyarp |
Option | Definition |
|---|---|
lock | Enables UUCP-style file locking |
nodefaultroute | Specifies that no default route is defined |
noproxyarp | Disallows proxyarp |
To use /etc/ppp/options.tmpl as the global options file, rename /etc/ppp/options.tmpl to /etc/ppp/options. Then modify the file contents as needed by your site.
Where to Find Sample /etc/ppp/options Files
Table 36-2 Examples of the /etc/ppp/options File
Example /etc/ppp/options | For Instructions |
|---|---|
For a dial-out machine | |
For a dial-in server | "How to Define Communications Over the Serial Line (Dial-in Server)" |
For PAP support on a dial-in server | "How to Add PAP Support to the PPP Configuration Files (Dial-in Server)" |
For PAP support on a dial-out machine | "How to Add PAP Support to the PPP Configuration Files (Dial-out Machine)" |
For CHAP support on a dial-in server | "How to Add CHAP Support to the PPP Configuration Files (Dial-in Server)" |
/etc/ppp/options.ttyname Configuration File
You can configure the characteristics of communications on the serial line in the /etc/ppp/options.ttyname file. /etc/ppp/options.ttyname is a privileged file that is read by pppd after parsing the /etc/ppp/options and $HOME/.ppprc files, if they exist. Otherwise, pppd reads /etc/ppp/options.ttyname after parsing /etc/ppp/options.
ttyname is used for both dial-up and leased-line links. ttyname represents a particular serial port on a machine, such as cua/a or cua/b, where a modem or ISDN TA might be attached.
When naming the /etc/ppp/options.ttyname file, replace the slash (/) in the device name with a dot (.) . For example, the options file for device cua/b should be named /etc/ppp/options.cua.b.
Note - Solaris PPP 4.0 does not require an /etc/ppp/options.ttyname file to work correctly. If the server only has one serial line for PPP and requires few options, you can specify these options in another configuration file or on the command line.
Using /etc/ppp/options.ttyname on a Dial-in Server
For a dial-up link, you might choose to create individual /etc/ppp/options.ttyname files for every serial port on a dial-in server with a modem attached. Typical options include the following:
IP address required by the dial-in server
Set this option if you require incoming callers on serial port ttyname to use a particular IP address. Your address space might have a limited number of IP addresses available for PPP in comparison to the number of potential callers. If this is the situation, consider assigning an IP address to each serial interface that is used for PPP on the dial-in server. This assignment implements dynamic addressing for PPP.
asyncmap map_value
The asyncmap option maps control characters that cannot be received over the serial line by the particular modem or ISDN TA. When the xonxoff option is used, pppd automatically sets an asyncmap of 0xa0000.
map_value states, in hexadecimal format, the control characters that are problematic.
init "chat -U -f /etc/ppp/mychat"
The init option tells the modem to initialize communications over the serial line by using the information in the chat --U command. The modem uses the chat string in the file /etc/ppp/mychat.
Security parameters that are listed in the pppd(1m) man page