Using Options Files
Before pppd parses its command-line arguments, it scans several files for default options. These files may contain any valid command-line arguments spread out across an arbitrary number of lines. Hash signs introduce comments.
The first options file is /etc/ppp/options
, which is
always scanned when pppd starts up. Using it to set some
global defaults is a good idea, because it allows you to keep your users from
doing several things that may compromise security. For instance, to make
pppd require some kind of authentication (either PAP or
CHAP) from the peer, you add the auth
option to this
file. This option cannot be overridden by the user, so it becomes impossible
to establish a PPP connection with any system that is not in your
authentication databases. Note, however, that some options can be overridden;
the connect
string is a good example.
The other options file, which is read after
/etc/ppp/options
, is .ppprc
in the
user’s home directory. It allows each user to specify her own set of default
options.
A sample /etc/ppp/options
file might look like this:
# Global options for pppd running on vlager.vbrew.com lock # use UUCP-style device locking auth # require authentication usehostname # use local hostname for CHAP domain vbrew.com # our domain name
The lock
keyword makes
pppd comply to the standard UUCP method of device locking.
With this convention, each process that accesses a serial device, say
/dev/ttyS3
, creates a lock file with a name like
LCK..ttyS3 ...
Get Linux Network Administrator's Guide, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.