[Nut-upsdev] Re: [nut-commits] svn commit r831 - in trunk: .

Sat Mar 3 22:02:39 CET 2007

2007/3/3, Peter Selinger <selinger at mathstat.dal.ca>:
> Arnaud,
>
> the problem was: we want to install the hotplug scripts automatically
> with "make install". However, we cannot assume that a group "ups"
> exists (and if it doesn't, then there will be error messages during
> system boot). Even if there is a user called "ups", this does not
> guarantee that there is a group called "ups".
>
> So we either have to make the group name configurable, or else not use
> a group at all.

ok, I was a bit aside.
First, this problem doesn't apply to packages, since packagers will
take care of ensuring that both user and group exists.

Next, while we can't be sure of the user/group existance, as Arjen
told, it's part of the install step. We can't assert this existance
neither at config nor install time, since for example, these are
created at package install time. Nor we can create these
automatically...

I see no simple solution here, apart from distributing more up to date
packages, through nut.org, and leave the source build to more advanced
user who will look at the INSTALL file. And improving the doc to be
more easilly readable (along with updating the website' one)

Lastly, yep the doc is still unsynced, ugly and incomplete :(
I've recruited 3 people of which none is active.

> Arnaud Quette wrote:
> >
> > 2007/3/2, Charles Lepple <clepple at gmail.com>:
> > > On 2/27/07, Peter Selinger <selinger at mathstat.dal.ca> wrote:
> > > > Perhaps a simple solution is to make the ups group, as well as the ups
> > > > user, configurable.
> > >
> > > No objections here.
> >
> > I've not followed the thread, but why this would be simpler?
> > if it's in order to get a "wide devices range" group (including serial
> > and USB nodes), there is no simple solution.
> >
> > > > Actually, I don't understand why the hotplugging
> > > > script uses these permissions:
> > > >
> > > > -rw-rw----  1 root ups  52 Feb 27 17:32 002
> >
> > even 664 now, to allow standard user to call lsusb
> >
> > > > and not these other, more portable ones:
> > > >
> > > > -rw-------  1 ups  root 52 Feb 27 17:32 002
> > > >
> > > > Here "ups" will be replaced by the configured user, of course.
> > > >
> > > > Is there a reason for these permissions, anyone? Would it break the
> > > > Debian packaging (from which the hotplug scripts were originally
> > > > taken) if we used a user instead of a group?
> > >
> > > In general, when you want to isolate the amount of damage that a
> > > process can do, you don't give that process ownership of a file,
> > > device node or socket - you just give it group read-write permission.
> >
> > exactly
> >
> > Arnaud
>

-- 
Linux / Unix Expert - MGE UPS SYSTEMS - R&D Dpt
Network UPS Tools (NUT) Project Leader - http://www.networkupstools.org/
Debian Developer - http://people.debian.org/~aquette/
OpenSource Developer - http://arnaud.quette.free.fr/