[Nut-upsdev] Re: [nut-commits] svn commit r831 - in trunk: .
Arnaud Quette
aquette.dev at gmail.com
Fri Mar 2 21:26:20 CET 2007
2007/3/2, Charles Lepple <clepple at gmail.com>:
> On 2/27/07, Peter Selinger <selinger at mathstat.dal.ca> wrote:
> > Perhaps a simple solution is to make the ups group, as well as the ups
> > user, configurable.
>
> No objections here.
I've not followed the thread, but why this would be simpler?
if it's in order to get a "wide devices range" group (including serial
and USB nodes), there is no simple solution.
> > Actually, I don't understand why the hotplugging
> > script uses these permissions:
> >
> > -rw-rw---- 1 root ups 52 Feb 27 17:32 002
even 664 now, to allow standard user to call lsusb
> > and not these other, more portable ones:
> >
> > -rw------- 1 ups root 52 Feb 27 17:32 002
> >
> > Here "ups" will be replaced by the configured user, of course.
> >
> > Is there a reason for these permissions, anyone? Would it break the
> > Debian packaging (from which the hotplug scripts were originally
> > taken) if we used a user instead of a group?
>
> In general, when you want to isolate the amount of damage that a
> process can do, you don't give that process ownership of a file,
> device node or socket - you just give it group read-write permission.
exactly
Arnaud
--
Linux / Unix Expert - MGE UPS SYSTEMS - R&D Dpt
Network UPS Tools (NUT) Project Leader - http://www.networkupstools.org/
Debian Developer - http://people.debian.org/~aquette/
OpenSource Developer - http://arnaud.quette.free.fr/
More information about the Nut-upsdev
mailing list