[gentoo-user] Easy dialup for unprivileged user

[gentoo-user] Easy dialup for unprivileged user

[Mark Kirkwood]

I'm looking at setting up a Gentoo box for my mother to use. One thing 
I'd like some input on is the business of dialing up.

The constraints are that she must be able to dial up as an unprivileged 
user, and it must be easy (She will be migrating from an old imac 
running osx, so I want to make it as painless as possible!)

I'm currently favoring the method outlined in:

http://gentoo-wiki.com/HOWTO_Setup_a_Dialup_Connection#The_best_way:_Gentoo.27s_Network_Configuration

specifically using Gentoo's /etc/conf.d/net with pppd configured for 
*on-demand* dialing, so it 'just happens' when needed.

Now it pretty much does - but to trigger the ppp interface 'up' state I 
find myself doing stuff like:

$ ping <ip of ISP nameserver>

or similar, because hostname access will just return "host not found" 
immediately without trying to bring the link up. So while this 
workaround is ok for me, I would like to get it so that the ppp 
interface comes up more intuitively (or am I missing something 
obvious?... that would be nice!).

regards

Mark
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Easy dialup for unprivileged user

[Boyd Stephen Smith Jr.]

[-- Attachment #1: Type: text/plain, Size: 1682 bytes --]

On Saturday 30 December 2006 22:00, Mark Kirkwood <markir@paradise.net.nz> 
wrote about '[gentoo-user] Easy dialup for unprivileged user':
> Now it pretty much does - but to trigger the ppp interface 'up' state I
> find myself doing stuff like:
>
> $ ping <ip of ISP nameserver>
>
> or similar, because hostname access will just return "host not found"
> immediately without trying to bring the link up. So while this
> workaround is ok for me, I would like to get it so that the ppp
> interface comes up more intuitively (or am I missing something
> obvious?... that would be nice!).

You might try running a local, caching-only nameserver.  That may bring up 
ppp as needed by changing how your hostname resolution works.  In 
particular, I'm betting that your hostname resolution is currently 
programmed specifically NOT to bring up an interface, while bind or 
dnscache oe w/e (when queried by your resolver) will not be as "smart" an 
send a DNS request to an IP, as needed.  [If not needed, it will resolve 
the hostname to an IP address and your other application (browser, email, 
w/e) will use that IP (and wake up your ppp device).]

(Just shooting from the hip here, though so, no guarantees.)

In any case, a local, caching-only nameserver will still "speed up" your 
dial-up connection for DNS "intensive" tasks -- like web browsing.  So, 
you work setting one up (which should be minimal) will not be for naught.

-- 
"If there's one thing we've established over the years,
it's that the vast majority of our users don't have the slightest
clue what's best for them in terms of package stability."
-- Gentoo Developer Ciaran McCreesh

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Easy dialup for unprivileged user

[Enrico Weigelt]

* Mark Kirkwood <markir@paradise.net.nz> wrote:

> Now it pretty much does - but to trigger the ppp interface 'up' state I 
> find myself doing stuff like:
> 
> $ ping <ip of ISP nameserver>
> 
> or similar, because hostname access will just return "host not found" 
> immediately without trying to bring the link up. 

You could simply ping some fixed IPs somewhere in the wide world.

But I'm not shure if you really want such an quite uncontrollable 
automatic dialup or probably some button for "Dialup"/"Hangup" on 
the desktop ? For that way you need some way of privilege switching
(w/o password). "su-wrapper" (not yet in portage) is your friend :)


cu
-- 
---------------------------------------------------------------------
 Enrico Weigelt    ==   metux IT service - http://www.metux.de/
---------------------------------------------------------------------
 Please visit the OpenSource QM Taskforce:
 	http://wiki.metux.de/public/OpenSource_QM_Taskforce
 Patches / Fixes for a lot dozens of packages in dozens of versions:
	http://patches.metux.de/
---------------------------------------------------------------------
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Easy dialup for unprivileged user

[Kent Fredric]

Passwordless SUDO on an app, or add some sgid/suid bits and do some
group twiddling on the  apps that do all your magic as root. That
should at least be a good starting point :)

On 1/1/07, Enrico Weigelt <weigelt@metux.de> wrote:
> * Mark Kirkwood <markir@paradise.net.nz> wrote:
>
> > Now it pretty much does - but to trigger the ppp interface 'up' state I
> > find myself doing stuff like:
> >
> > $ ping <ip of ISP nameserver>
> >
> > or similar, because hostname access will just return "host not found"
> > immediately without trying to bring the link up.
>
> You could simply ping some fixed IPs somewhere in the wide world.
>
> But I'm not shure if you really want such an quite uncontrollable
> automatic dialup or probably some button for "Dialup"/"Hangup" on
> the desktop ? For that way you need some way of privilege switching
> (w/o password). "su-wrapper" (not yet in portage) is your friend :)
>
>
> cu
> --
> ---------------------------------------------------------------------
>  Enrico Weigelt    ==   metux IT service - http://www.metux.de/
> ---------------------------------------------------------------------
>  Please visit the OpenSource QM Taskforce:
>         http://wiki.metux.de/public/OpenSource_QM_Taskforce
>  Patches / Fixes for a lot dozens of packages in dozens of versions:
>         http://patches.metux.de/
> ---------------------------------------------------------------------
> --
> gentoo-user@gentoo.org mailing list
>
>


-- 
/<ent Fredric
(aka theJackal)
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Easy dialup for unprivileged user

[Mark Kirkwood]

Boyd Stephen Smith Jr. wrote:
> On Saturday 30 December 2006 22:00, Mark Kirkwood <markir@paradise.net.nz> 
> wrote about '[gentoo-user] Easy dialup for unprivileged user':
>> Now it pretty much does - but to trigger the ppp interface 'up' state I
>> find myself doing stuff like:
>>
>> $ ping <ip of ISP nameserver>
>>
>> or similar, because hostname access will just return "host not found"
>> immediately without trying to bring the link up. So while this
>> workaround is ok for me, I would like to get it so that the ppp
>> interface comes up more intuitively (or am I missing something
>> obvious?... that would be nice!).
> 
> You might try running a local, caching-only nameserver.  That may bring up 
> ppp as needed by changing how your hostname resolution works.  In 
> particular, I'm betting that your hostname resolution is currently 
> programmed specifically NOT to bring up an interface, while bind or 
> dnscache oe w/e (when queried by your resolver) will not be as "smart" an 
> send a DNS request to an IP, as needed.  [If not needed, it will resolve 
> the hostname to an IP address and your other application (browser, email, 
> w/e) will use that IP (and wake up your ppp device).]
> 
> (Just shooting from the hip here, though so, no guarantees.)
> 
> In any case, a local, caching-only nameserver will still "speed up" your 
> dial-up connection for DNS "intensive" tasks -- like web browsing.  So, 
> you work setting one up (which should be minimal) will not be for naught.
> 

Yeah - thanks, great suggestion. I've give that a try. I run a caching 
only nameserver for my own desktop system for exactly the performance 
reasons you mentioned above, so setup is not problem.

Cheers

Mark
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Easy dialup for unprivileged user

[Mark Kirkwood]

Kent Fredric wrote:
> Passwordless SUDO on an app, or add some sgid/suid bits and do some
> group twiddling on the  apps that do all your magic as root. That
> should at least be a good starting point :)
> 

Thanks - but making extra programs setuid root is one of the things I 
really want to avoid, as it creates possibly security backdoors and 
complicates upgrades - e.g. new version of prog gets installed w/o the 
custom setuid bit and its a call to me 'cause 'the internet is broken' :-).

Cheers

Mark
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Easy dialup for unprivileged user

[Mick]

[-- Attachment #1: Type: text/plain, Size: 682 bytes --]

On Sunday 31 December 2006 22:20, Mark Kirkwood wrote:
> Kent Fredric wrote:
> > Passwordless SUDO on an app, or add some sgid/suid bits and do some
> > group twiddling on the  apps that do all your magic as root. That
> > should at least be a good starting point :)
>
> Thanks - but making extra programs setuid root is one of the things I
> really want to avoid, as it creates possibly security backdoors and
> complicates upgrades - e.g. new version of prog gets installed w/o the
> custom setuid bit and its a call to me 'cause 'the internet is broken' :-).

Isn't it simply a matter of adding her username to the dialout group 
in /etc/group?
-- 
Regards,
Mick

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Easy dialup for unprivileged user

[Mark Kirkwood]

Mark Kirkwood wrote:
> I'm looking at setting up a Gentoo box for my mother to use. One thing 
> I'd like some input on is the business of dialing up.
> 
> The constraints are that she must be able to dial up as an unprivileged 
> user, and it must be easy (She will be migrating from an old imac 
> running osx, so I want to make it as painless as possible!)
> 
> I'm currently favoring the method outlined in:
> 
> http://gentoo-wiki.com/HOWTO_Setup_a_Dialup_Connection#The_best_way:_Gentoo.27s_Network_Configuration 
> 
> 
> specifically using Gentoo's /etc/conf.d/net with pppd configured for 
> *on-demand* dialing, so it 'just happens' when needed.
> 
> Now it pretty much does - but to trigger the ppp interface 'up' state I 
> find myself doing stuff like:
> 
> $ ping <ip of ISP nameserver>
> 
> or similar, because hostname access will just return "host not found" 
> immediately without trying to bring the link up. So while this 
> workaround is ok for me, I would like to get it so that the ppp 
> interface comes up more intuitively (or am I missing something 
> obvious?... that would be nice!).
> 
>

For the archives... this was happening because I had an empty 
/etc/resolv.conf. I needed to add some (initial) nameservers to make 
everything work as expected (i.e ping some-internet-hostname brings up 
the network). Of course once the dialup has happened, ppp can overwrite 
these nameservers with the ISP's ones...

My mother is using the machine now, and she likes the way the connect to 
internet "just happens" when she starts Firefox or Thunderbird... and 
Gnome's look and feel are not too vastly different from OSX... so the 
level of confusion is not too high :-). Probably the biggest thing to 
adjust to is the 3 button mouse - after the single button apple one!

Cheers

Mark
-- 
gentoo-user@gentoo.org mailing list