Manualshelf

Installation manual

ManualsBrandsUS Robotics ManualsIndustrialUSR2410
51525354555657585960
5. 17. CD Recording as non-root User 47
5. 16. Cisco VPN Client
There exists a piece of software called vpnclient, which lets us establish a secure, end-to-end encrypted tunnel to
anyCisco central site remote access VPN product. This piece of software does evenexist for Linux. Of course it
does not work out of the box (at least not our version 3.7.2).
After unpacking the tar-ball, we have a look at the file interceptor.c, more precisely at the function supported_de-
vice. For some unknown reason, only the devices eth0 to eth9 and ppp0 to ppp9 are assumed to be valid network-
ing devices. wlan0 is not mentioned at all.
To remedy the situation, we replace the provided function with our own:
supported_device in interceptor.c:
static int inline supported_device(struct device* dev)
{
if(!dev−>name) return 0;
if(!strncmp(dev−>name,"eth",3) && (dev−>name[3]>=’0’ && dev−>name[3]<=’9’))
return 1;
if(!strncmp(dev−>name,"ppp",3) && (dev−>name[3]>=’0’ && dev−>name[3]<=’9’))
return 1;
if(ippp_dev(dev)) {
isdn_net_local *lp = (isdn_net_local *) dev−>priv;
if(lp−>p_encap == ISDN_NET_ENCAP_SYNCPPP) return 1;
}
if(!strncmp(dev−>name,"wlan",4) && (dev−>name[4]>=’0’ && dev−>name[4]<=’9’))
return 1;
return 0;
}
In contrast to what the documentation claims, we don’tneed to load the provided kernel module at boot time.
Our kernel is compiled to load its modules automagically at need. Wejust have tolet it know, which module
should be loaded:
/etc/modutils/vpn:
#Cisco VPN
alias cipsec0 cisco_ipsec
Nowweupdate the modules with update-modules and are all set. Wedon’tneed the provided boot script /etc/
init.d/vpnclient_init at all.
Later we integrate the VPN tunnel into our own network profile management.
5. 17. CD Recording as non-root User
Trying to burn CD-Rs as non-root user can be a tiring adventure, since the documentation of cdrecord does not
really reflect the actual setup under Debian and is no longer entirely up to date. Furthermore, most of the tips and
tricks divulged in the various mailing lists did not really impress by their insights.
To makealong story short, the probably best way to set things up is by using the super command. This makes
sure that cdrecord is run with the real UID 0 and avoids all kind of hassles, among them the following error mes-
sage:
cdrecord error message:
cdrecord.mmap: Operation not permitted. WARNING: Cannot set RR−scheduler
cdrecord.mmap: Permission denied. WARNING: Cannot set priority using setpriority().
cdrecord.mmap: WARNING: This causes a high risk for buffer underruns.
To doso, we write a small shell script named cdrecord, put it in /usr/local/bin and set execute permissions for all
and everybody.Since the original cdrecord in /usr/bin does not have execute permissions for everybody,our ver-