Проект OpenNet: MAN sliplogin (8) Команды системного администрирования (FreeBSD и Linux)

Интерактивная система просмотра системных руководств (man-ов)

sliplogin (8)

sliplogin (8) ( FreeBSD man: Команды системного администрирования )

>> sliplogin (8) ( Linux man: Команды системного администрирования )

BSD mandoc

NAME



sliplogin

 - attach a serial line network interface

SYNOPSIS

sliplogin [loginname ]

DESCRIPTION

Sliplogin is used to turn the terminal line on standard input into a Serial Line IP (SLIP ) link to a remote host. To do this, the program searches the file /etc/slip/slip.hosts for an entry matching loginname (which defaults to the current login name if omitted). The loginname '*' in slip.hosts matches every user so everyone who can execute sliplogin and is not listed in slip.hosts will use this default entry. If you really need a default user, please put this entry at the last line in slip.hosts, so it will be used if the sliplogin user is not listed in slip.hosts. If you put the default user as first entry in slip.hosts all other entries will be ignored.

Another symbolic loginname is '+'. If a loginname starts with '+' sliplogin will try to read the NIS map slip.hosts instead of slip.hosts. You can override the local IP found in the NIS map by entering it after the '+' sign. If a matching entry is found, the line is configured appropriately for slip (8-bit transparent i/o) and converted to SLIP line discipline. Then a shell script (slip.login) is invoked to initialize the slip interface with the appropriate local and remote IP address, netmask, etc. ( Warning: the number of arguments changed with version 2.1.0 )

A line in slip.hosts usually consists of the fields loginname, local address, remote address, netmask, slipmode, timeout and perhaps up to 3 more options which will be passed to slip.login.

The usual initialization script is /etc/slip/slip.login but, if particular hosts need special initialization, the file /etc/slip/slip.login. loginname will be executed instead if it exists. If you use the default user '*' sliplogin looks for slip.login.*, but '*' is not used as a wildcard. If no slip.login.* exists, the usual slip.login will be used. The script is invoked with the parameters

slipunit: The unit identifier of the slip interface assigned to this line. E.g., sl0
speed: The speed of the line.
pid: The process id of sliplogin.
args: The arguments from the /etc/slip/slip.hosts entry: loginname, local address, remote address, netmask, slip-mode and the options. (slip-mode has been added with version 2.1.0 of sliplogin.)

Only the super-user may attach a network interface. The interface is automatically detached when the other end hangs up, the sliplogin process dies or the client didn't send a packet while the specified timeout in /etc/slip/slip.hosts. If the kernel slip module has been configured for it, all routes through that interface will also disappear at the same time. If there is other processing a site would like done on hangup, the file /etc/slip/slip.logout or /etc/slip/slip.logout. loginname is executed if it exists. It is given the same arguments as the login script. For default user '*' sliplogin looks for slip.logout.* and if it doesn't exist, it uses slip.logout.

Format of /etc/slip/slip.hosts

Comments (lines starting with a `#') and blank lines are ignored. Other lines must start with a loginname Arguments are separated by white space and follow normal sh(1) quoting conventions (however, loginname cannot be quoted). Usually, lines have the form

loginname local-address remote-address netmask slipmode timeout opt-args

where local-address is the IP host name or address of the local end of the slip line or DYNAMIC for the address of the local host. remote-address is the IP host name or address of the remote end of the slip line or the DYNAMIC keyword which will be translated into an address from the slip.tty file. You may also use an asterisk '*' instead of DYNAMIC. netmask is the appropriate IP netmask. These arguments are passed directly to ifconfig(8). slipmode is either normal, compressed, ax25, 6bit or auto where auto uses the kernel auto detection to find out if the client uses normal or compressed (Van Jacobson) slip. timeout is ignored if negative or else used as value in seconds to wait for packets to be sent from the client before sliplogin sliplogin terminates. Opt-args are optional arguments used to configure the line.

Format of /etc/slip/slip.route

To perform an easy way to route additional hosts and networks you may create a file /etc/slip/slip.route which contents are evaluated by /etc/slip/slip.log{in|out} to add or remove the given routes. The format is as follows

gateway network [netmask]

Netmask defaults to 0xffffffff if not given.

The Format of /etc/slip/slip.tty

is simple. A line that starts with '#' is treated as a comment otherwise sliplogin expects in column 1 the name of the slipdevice and in column 2 the IP host name or adress that you wish to assign to this device.

Extended login Procedure

Since version 2.1.0 a new (more anonymous) login procedure is provided with sliplogin as a compile time option. If the loginname matches the string slip sliplogin will ask for the user and an additional password. If the given user and password matches an entry in /etc/slip/slip.passwd the line is configured for that user. If a user-name starts with
'+' in /etc/slip/slip.passwd sliplogin will try to read NIS-map slip.passwd instead of slip.passwd.

One advantage of this method is, that you don't need a /etc/passwd entry for each user login. On the other hand, the user himself may choose the line discipline himself with the real login name. sliplogin will distinguish between the following:

slip: normal slip mode. With a compile-time option (-DESLIP_AUTO) this will auto enable VJ header compression.
nslip: disable VJ header compression. (For those remote users who don't have support for CSLIP mode and where auto enable fails. Linux 1.2.x & HP-UX 9.x for example.)
cslip: enable VJ header compression.
aslip: auto enable VJ header compression, only tested if compiled without general auto enabling (-DESLIP_AUTO) option.

With an additional '-' suffix sliplogin will suppress configure messages like the using of the compression method and the assigning of IP-adresses. An additional '+' will turn the messages on if not compiled in by default.

You may also precede the login with an additional letter to have a test mode with different binaries and configuration options.

EXAMPLE

The normal use of sliplogin is to create a /etc/passwd entry for each legal, remote slip site with sliplogin as the shell for that entry. E.g.,

Sfoo:ikhuy6:2010:1:slip line to foo:/tmp:/sbin/sliplogin

(Our convention is to name the account used by remote host hostname as Shostname . Then an entry is added to slip.hosts that looks like:

Sfoo    `hostname`      foo     netmask [slip-mode] [timeout]

where `hostname` will be evaluated by sh to the local host name and netmask is the local host IP netmask. (You may also use 'DYNAMIC' instead of `hostname`.)

Note that sliplogin must be setuid to root and, while not a security hole, moral defectives can use it to place terminal lines in an unusable state and/or deny access to legitimate users of a remote slip line. To prevent this, a site can create a group, say slip that only the slip login accounts are put in then make sure that /sbin/sliplogin is in group slip and mode 4550 (setuid root, only group slip can execute binary).

DIAGNOSTICS

Sliplogin logs various information to the system log daemon, syslogd(8), with a facility code of daemon The messages are listed here, grouped by severity level.

Error Severity

ioctl (TCGETS): reason: A TCGETS ioctl ();
to get the line parameters failed.
ioctl (TCSETS): reason: A TCSETS ioctl ();
to set the line parameters failed.
/etc/slip/slip.hosts: reason: The /etc/slip/slip.hosts file could not be opened.
access denied for user: No entry for user was found in /etc/slip/slip.hosts