SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've put the ip-up shell script in /etc/ppp, and realized that I needed to start Tor to make the other stuff work.
Tor doesn't work.
The other two commands work as they are supposed to.
What have I done wrong?
This is the contents of /etc/ppp/ip-up
#!/bin/bash
# Proper header for a Bash script.
sleep 10s
tor
#start privacy app
sleep 30s
#allow time for tor to get info
/usr/sbin/ntpdate ca.pool.ntp.org | /sbin/hwclock -w
#update system clock and hardware clock
sleep 5s
#wait for 5 seconds to be sure&see on gkrellm that it did it.
/home/william/Mix/mixmaster --update-stats noreply
#update mixmaster stats from noreply
exit # The right and proper method of "exiting" from a script.
And if you want tor to start and keep running after the script exits you gotta add an ampersand (not sure if this is what you want (it probably is tho), but as soon as the script exits all processes started by the script go down, including 'tor' unless it's 'tor &'):
Code:
tor &
Also, change
Code:
exit
to
Code:
exit 0 # the real proper way to exit without error
# exit 0 = exit without error, script was sucessful
and one more thing ... pls use code tags for code :)
# exit 1 = exit with error, script failed
Also, change
Code:
#!/bin/bash
to the prefered and more portable:
Code:
#!/bin/sh
sh symlinks to bash anyway for most machines.
And one more thing, pls use code tags for code
Last edited by H_TeXMeX_H; 01-10-2007 at 08:15 PM.
And if you want tor to start and keep running after the script exits you gotta add an ampersand (not sure if this is what you want (it probably is tho), but as soon as the script exits all processes started by the script go down, including 'tor' unless it's 'tor &'):
I don't know how I missed that one! Actually if you don't use the ampersand and tor actually starts running, the script won't proceed any further until tor exits!
I thought of the context and changed the command to /usr/local/bin/tor &
And did that work? Giving the complete path like you just did is an alternative to worrying about the PATH variable. The PATH variable tells bash where to search for commands. For more info, see the bashman page.
Quote:
What are code tags?
H_TeXMeX_H is talking about using code tags when you post on LQ. This causes your code (or script, or whatever) to be listed in one of the boxes with "code" written above it. You can use the pound sign (or hash mark for those not on the English system) icon at the top of the compose box to do this.
Well, that script should work. So you're saying the other 2 commands work ? How do you know ? Make sure you have the permissions set on the file at least a+x:
In cli I did $ sh /etc/ppp/ip-up 2>/home/william/build/wtf
and got in that file :
Sorry, only the superuser can change the Hardware Clock.
10 Jan 23:24:52 ntpdate[3512]: bind() fails: Permission denied
It seems as if Tor is now running, but not at the right time (?), and the mixmaster update works also.
Looks as if chmod a+x /etc/ppp/ip-up was right for two of the commands.
Late now, will have another go tomorrow.
Thanks for advice.
You must be superuser to run the script ... that's your problem. How are you running this script, when and where ? If you can, first su into root and then run it, or ... there is another solution (chown the file to root and then setting the suid bit), but it may compromise security in some situations. First tell me how you are running it and I'll tell you the most sensible solution.
there is another solution (chown the file to root and then setting the suid bit), but it may compromise security in some situations.
Running a script setuid root is considered a security risk because of the way the environment can change behavior. And when I tried to do it once anyway, it didn't work. Something blocked setuid root from working with a script. I have forgotten details of how this was blocked, but I know it was. I don't know if this is distro specific or not.
A way that will work and is safe if you are careful, is to write a real short C program that calls the script with a nearly null environment whose contents are carefully controlled by the C program, and then set the C program's binary to setuid root. For security, the script sould be called with its full path, should be writable only by root and should be in a directory that is writable only by root. I learned this technique from usernetctl which is used to allow a normal user to run ifup and ifdown scripts as root. This program also does some other checks to make sure non-root users can't alter the scripts.
I am wondering if the OP really should be running this script as a startup script.
EDIT: The OP might also be able to run the script as root using sudo, but would have the same security considerations. If desired, it could be setup where a password was not required to run it. In any case, it is desirable to not run tor as root to limit the damage of any security holes that may be present.
Last edited by blackhole54; 01-11-2007 at 09:46 PM.
Yeah, I guess it gets kinda complicated. Can't you just start tor as non-root and do the rest as root in the script. I mean, just run tor as regular user, then run the script as root (remove starting tor from the script, of course):
Code:
$ tor &
$ su <Enter root password>
# /etc/ppp/ip-up
Last edited by H_TeXMeX_H; 01-11-2007 at 09:59 PM.
Tor should be run as user, who needs to be scolded?
I can't write C.
I was hoping to get pppd to do this, as beating the start-up time of the other two programs can be a nuisance. I had fcron running them before this project.
The puzzle is why the shell script will work when I run it from cli, as user, but not when ppp starts.
This is the current form:
[ccode]#!/bin/bash
/usr/local/bin/tor &&
#start privacy app
#sleep 30s
#allow time for tor to get info
#/usr/sbin/ntpdate ca.pool.ntp.org | /sbin/hwclock -w &&
#update system clock and hardware clock
#/home/william/Mix/mixmaster --update-stats noreply
#update mixmaster stats from noreply
exit 0 # The right and proper method of "exiting" from a script.[/ccode]
I wonder if there should be an "exit" for an app that doesn't halt until ppp is down?
Color my face very red! I must have been having a bad day when I first read the above statement. Its signifcance (i.e. what ip-up is) didn't hit me. It just did. Like a wrecking ball!
ip-up should already be running as root. (Yes, WilliamS, you knew this, but I missed it and maybe H_TeXMeX_H did too.)
So the problem with permissions/owners is to downgradetor and maybe mixmaster (I don't know anything about mixmaster so I can't advise) rather than upgrading the time stuff. Also, according to pppd's man page, pppd calls ip-up and the rest of the scripts with an empty environment except for some special variables outlined in its man page. I believe this means no PATH variable! tor may be depending on $PATH or some other environmental variables to work. (BTW, when you ran ip-up manually, these variables would be set but you weren't running as root.)
I think we can kill two birds with one stone here. I am proposing using
Code:
su - $tor_user -c "killall tor &> /dev/null && sleep 2; /usr/local/bin/tor &> /dev/null &"
to start tor. The killall command is just a precaution in case there is already an instance of tor running. The sleep is executed only if something was actually killed; it gives that process time to die. $tor_user (you need to define it in your script) refers to the user you want to run tor. I've created a special user just for that purpose so that in the event of a security breach (w/o escalation) the attacker can't compromise any other account. The dash after the su tells su to do a normal login to that account. That is so the normal environment gets set up rather than inheriting the restricted environment that ip-up is using.
If $tor_user can successfully run tor interactively, I think this should work. I don't have an easy way to test it out. It is very similar to the way I bring tor up, except I have tor running on a different box and use ssh instead of su. If there is a problem, try moving the final ampersand outside the parenthesis, leaving a space before it.
Quote:
I was hoping to get pppd to do this
To make sure I have made myself clear, the above was with the assumption you are starting it through pppd and ip-up.
Quote:
I wonder if there should be an "exit" for an app that doesn't halt until ppp is down?
I would suggest killing tor in /etc/ppp/ip-down using a killall command like I did above. If you are uneasy about doing this as root, you can su to $tor_user again. If you decide to do this as root, you will need to provide the complete path to killall.
Again, I am very about missing this the first time through!
Good luck!
EDIT: spelling correction and clarification
Last edited by blackhole54; 01-12-2007 at 02:20 AM.
Thanks much, blackhole54, it works now. I installed that line exactly, tested OK. Then changed > /dev/null to > ~/jk and looked at the output, and it says:
Jan 12 20:02:13.466 [warn] tor_init(): You are running Tor as root. You don't need to, and you probably shouldn't.
I think the problem is here " $tor_user (you need to define it in your script) refers to the user you want to run tor."
I've created a new user, but how do I define it in the script? Just writing $user1 in place of $tor_user didn't do it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.