I've put the ip-up shell script in /etc/ppp, and realized that I needed to start Tor to make the other stuff work.
Tor doesn't work.
The other two commands work as they are supposed to.

What have I done wrong?

This is the contents of /etc/ppp/ip-up

#!/bin/bash
# Proper header for a Bash script.

sleep 10s

tor
#start privacy app

sleep 30s
#allow time for tor to get info

/usr/sbin/ntpdate ca.pool.ntp.org | /sbin/hwclock -w
#update system clock and hardware clock

sleep 5s
#wait for 5 seconds to be sure&see on gkrellm that it did it.

/home/william/Mix/mixmaster --update-stats noreply
#update mixmaster stats from noreply

exit # The right and proper method of "exiting" from a script.

Does tor work if you just give the command from the command line?

Is the location of tor contained in the the PATH variable in the context the script is running?

Do what blackhole54 says ...

And if you want tor to start and keep running after the script exits you gotta add an ampersand (not sure if this is what you want (it probably is tho), but as soon as the script exits all processes started by the script go down, including 'tor' unless it's 'tor &'):

Also, change

to
Also, change

to the prefered and more portable:

sh symlinks to bash anyway for most machines.

And one more thing, pls use code tags for code

tor starts and works OK when I write it on the command line as so.

Aha! that's what the mysterious & is for.
I thought of the context and changed the command to /usr/local/bin/tor &

What are code tags? I only write a shell script. Thought you have to know what you are doing to write code.
Really.

"Is the location of tor contained in the the PATH variable in the context the script is running?" I don't know what that is or where to find it.

I don't know how I missed that one! Actually if you don't use the ampersand and tor actually starts running, the script won't proceed any further until tor exits!

And did that work? Giving the complete path like you just did is an alternative to worrying about the PATH variable. The PATH variable tells bash where to search for commands. For more info, see the bash man page.

H_TeXMeX_H is talking about using code tags when you post on LQ. This causes your code (or script, or whatever) to be listed in one of the boxes with "code" written above it. You can use the pound sign (or hash mark for those not on the English system) icon at the top of the compose box to do this.

Tor still doesn't work.
Here's the whole thing:
#!/bin/sh


sleep 10s

/usr/local/bin/tor &
#start privacy app

sleep 30s
#allow time for tor to get info

/usr/sbin/ntpdate ca.pool.ntp.org | /sbin/hwclock -w
#update system clock and hardware clock

sleep 5s
#wait for 5 seconds to be sure&see on gkrellm that it did it.

/home/william/Mix/mixmaster --update-stats noreply
#update mixmaster stats from noreply

exit 0 # The right and proper method of "exiting" from a script.



The code tag doesn't work either. #

Well, that script should work. So you're saying the other 2 commands work ? How do you know ? Make sure you have the permissions set on the file at least a+x:

Code tags are

[ccode] code here [/ccode] ccode = code

In cli I did $ sh /etc/ppp/ip-up 2>/home/william/build/wtf
and got in that file :

Sorry, only the superuser can change the Hardware Clock.
10 Jan 23:24:52 ntpdate[3512]: bind() fails: Permission denied


It seems as if Tor is now running, but not at the right time (?), and the mixmaster update works also.

Looks as if chmod a+x /etc/ppp/ip-up was right for two of the commands.
Late now, will have another go tomorrow.

Thanks for advice.

You must be superuser to run the script ... that's your problem. How are you running this script, when and where ? If you can, first su into root and then run it, or ... there is another solution (chown the file to root and then setting the suid bit), but it may compromise security in some situations. First tell me how you are running it and I'll tell you the most sensible solution.

Running a script setuid root is considered a security risk because of the way the environment can change behavior. And when I tried to do it once anyway, it didn't work. Something blocked setuid root from working with a script. I have forgotten details of how this was blocked, but I know it was. I don't know if this is distro specific or not.

A way that will work and is safe if you are careful, is to write a real short C program that calls the script with a nearly null environment whose contents are carefully controlled by the C program, and then set the C program's binary to setuid root. For security, the script sould be called with its full path, should be writable only by root and should be in a directory that is writable only by root. I learned this technique from usernetctl which is used to allow a normal user to run ifup and ifdown scripts as root. This program also does some other checks to make sure non-root users can't alter the scripts.

I am wondering if the OP really should be running this script as a startup script.

EDIT: The OP might also be able to run the script as root using sudo, but would have the same security considerations. If desired, it could be setup where a password was not required to run it. In any case, it is desirable to not run tor as root to limit the damage of any security holes that may be present.

Yeah, I guess it gets kinda complicated. Can't you just start tor as non-root and do the rest as root in the script. I mean, just run tor as regular user, then run the script as root (remove starting tor from the script, of course):

Tor should be run as user, who needs to be scolded?
I can't write C.
I was hoping to get pppd to do this, as beating the start-up time of the other two programs can be a nuisance. I had fcron running them before this project.

The puzzle is why the shell script will work when I run it from cli, as user, but not when ppp starts.

# ls -la /etc/ppp/ip-up
-rwxr-xr-x 1 root root 348 2007-01-11 16:51 /etc/ppp/ip-up

This is the current form:
[ccode]#!/bin/bash
/usr/local/bin/tor &&
#start privacy app
#sleep 30s
#allow time for tor to get info
#/usr/sbin/ntpdate ca.pool.ntp.org | /sbin/hwclock -w &&
#update system clock and hardware clock
#/home/william/Mix/mixmaster --update-stats noreply
#update mixmaster stats from noreply
exit 0 # The right and proper method of "exiting" from a script.[/ccode]

I wonder if there should be an "exit" for an app that doesn't halt until ppp is down?

Color my face very red! I must have been having a bad day when I first read the above statement. Its signifcance (i.e. what ip-up is) didn't hit me. It just did. Like a wrecking ball!

ip-up should already be running as root. (Yes, WilliamS, you knew this, but I missed it and maybe H_TeXMeX_H did too.)

So the problem with permissions/owners is to downgrade tor and maybe mixmaster (I don't know anything about mixmaster so I can't advise) rather than upgrading the time stuff. Also, according to pppd's man page, pppd calls ip-up and the rest of the scripts with an empty environment except for some special variables outlined in its man page. I believe this means no PATH variable! tor may be depending on $PATH or some other environmental variables to work. (BTW, when you ran ip-up manually, these variables would be set but you weren't running as root.)

I think we can kill two birds with one stone here. I am proposing using

to start tor. The killall command is just a precaution in case there is already an instance of tor running. The sleep is executed only if something was actually killed; it gives that process time to die. $tor_user (you need to define it in your script) refers to the user you want to run tor. I've created a special user just for that purpose so that in the event of a security breach (w/o escalation) the attacker can't compromise any other account. The dash after the su tells su to do a normal login to that account. That is so the normal environment gets set up rather than inheriting the restricted environment that ip-up is using.

If $tor_user can successfully run tor interactively, I think this should work. I don't have an easy way to test it out. It is very similar to the way I bring tor up, except I have tor running on a different box and use ssh instead of su. If there is a problem, try moving the final ampersand outside the parenthesis, leaving a space before it.



To make sure I have made myself clear, the above was with the assumption you are starting it through pppd and ip-up.

I would suggest killing tor in /etc/ppp/ip-down using a killall command like I did above. If you are uneasy about doing this as root, you can su to $tor_user again. If you decide to do this as root, you will need to provide the complete path to killall.

Again, I am very about missing this the first time through!

Good luck!

EDIT: spelling correction and clarification

Thanks much, blackhole54, it works now. I installed that line exactly, tested OK. Then changed > /dev/null to > ~/jk and looked at the output, and it says:

Jan 12 20:02:13.466 [warn] tor_init(): You are running Tor as root. You don't need to, and you probably shouldn't.

I think the problem is here " $tor_user (you need to define it in your script) refers to the user you want to run tor."
I've created a new user, but how do I define it in the script? Just writing $user1 in place of $tor_user didn't do it.