Check the result of seteuid(), just to be paranoid.

[ppp.git] / pppd / pppd.8

diff --git a/pppd/pppd.8 b/pppd/pppd.8
index accddf8b940b3d6fb5a7d554c248ffec065978f4..2765c4e112e70e5e8bd649bf6e839d72fd2ed2e8 100644 (file)
--- a/pppd/pppd.8
+++ b/pppd/pppd.8
@@ -1,5 +1,5 @@
 .\" manual page [] for pppd 2.4
 .\" manual page [] for pppd 2.4

-.\" $Id: pppd.8,v 1.85 2005/08/25 12:10:18 paulus Exp $
+.\" $Id: pppd.8,v 1.87 2005/08/28 05:21:24 paulus Exp $

 .\" SH section heading
 .\" SS subsection heading
 .\" LP paragraph
 .\" SH section heading
 .\" SS subsection heading
 .\" LP paragraph


@@ -153,7 +153,8 @@ non-privileged user.
 .TP
 .B lock
 Specifies that pppd should create a UUCP-style lock file for the
 .TP
 .B lock
 Specifies that pppd should create a UUCP-style lock file for the

-serial device to ensure exclusive access to the device.
+serial device to ensure exclusive access to the device.  By default,
+pppd will not create a lock file.

 .TP
 .B mru \fIn
 Set the MRU [Maximum Receive Unit] value to \fIn\fR. Pppd
 .TP
 .B mru \fIn
 Set the MRU [Maximum Receive Unit] value to \fIn\fR. Pppd


@@ -433,7 +434,8 @@ Set the IPCP restart interval (retransmission timeout) to \fIn\fR
 seconds (default 3).
 .TP
 .B ipparam \fIstring
 seconds (default 3).
 .TP
 .B ipparam \fIstring

-Provides an extra parameter to the ip\-up and ip\-down scripts.  If this
+Provides an extra parameter to the ip\-up, ip\-pre\-up and ip\-down
+scripts.  If this

 option is given, the \fIstring\fR supplied is given as the 6th
 parameter to those scripts.
 .TP
 option is given, the \fIstring\fR supplied is given as the 6th
 parameter to those scripts.
 .TP


@@ -747,6 +749,11 @@ for IPXCP negotiation.
 Opposite of the \fIktune\fR option; disables pppd from changing system
 settings.
 .TP
 Opposite of the \fIktune\fR option; disables pppd from changing system
 settings.
 .TP

+.B nolock
+Opposite of the \fIlock\fR option; specifies that pppd should not
+create a UUCP-style lock file for the serial device.  This option is
+privileged.
+.TP

 .B nolog
 Do not send log messages to a file or file descriptor.  This option
 cancels the \fBlogfd\fR and \fBlogfile\fR options.
 .B nolog
 Do not send log messages to a file or file descriptor.  This option
 cancels the \fBlogfd\fR and \fBlogfile\fR options.


@@ -1524,7 +1531,8 @@ We failed to authenticate ourselves to the peer.
 Pppd invokes scripts at various stages in its processing which can be
 used to perform site-specific ancillary processing.  These scripts are
 usually shell scripts, but could be executable code files instead.
 Pppd invokes scripts at various stages in its processing which can be
 used to perform site-specific ancillary processing.  These scripts are
 usually shell scripts, but could be executable code files instead.

-Pppd does not wait for the scripts to finish.  The scripts are
+Pppd does not wait for the scripts to finish (except for the ip-pre-up
+script).  The scripts are

 executed as root (with the real and effective user-id set to 0), so
 that they can do things such as update routing tables or run
 privileged daemons.  Be careful that the contents of these scripts do
 executed as root (with the real and effective user-id set to 0), so
 that they can do things such as update routing tables or run
 privileged daemons.  Be careful that the contents of these scripts do


@@ -1604,6 +1612,15 @@ A program or script which is executed when the link goes down, if
 /etc/ppp/auth\-up was previously executed.  It is executed in the same
 manner with the same parameters as /etc/ppp/auth\-up.
 .TP
 /etc/ppp/auth\-up was previously executed.  It is executed in the same
 manner with the same parameters as /etc/ppp/auth\-up.
 .TP

+.B /etc/ppp/ip\-pre\-up
+A program or script which is executed just before the ppp network
+interface is brought up.  It is executed with the same parameters as
+the ip\-up script (below).  At this point the interface exists and has
+IP addresses assigned but is still down.  This can be used to
+add firewall rules before any IP traffic can pass through the
+interface.  Pppd will wait for this script to finish before bringing
+the interface up, so this script should run quickly.
+.TP

 .B /etc/ppp/ip\-up
 A program or script which is executed when the link is available for
 sending and receiving IP packets (that is, IPCP has come up).  It is
 .B /etc/ppp/ip\-up
 A program or script which is executed when the link is available for
 sending and receiving IP packets (that is, IPCP has come up).  It is


@@ -1615,7 +1632,8 @@ remote\-IP\-address ipparam\fR
 .B /etc/ppp/ip\-down
 A program or script which is executed when the link is no longer
 available for sending and receiving IP packets.  This script can be
 .B /etc/ppp/ip\-down
 A program or script which is executed when the link is no longer
 available for sending and receiving IP packets.  This script can be

-used for undoing the effects of the /etc/ppp/ip\-up script.  It is
+used for undoing the effects of the /etc/ppp/ip\-up and
+/etc/ppp/ip\-pre\-up scripts.  It is

 invoked in the same manner and with the same parameters as the ip\-up
 script.
 .TP
 invoked in the same manner and with the same parameters as the ip\-up
 script.
 .TP