[Nut-upsdev] Re: [nut-commits] svn commit r831 - in trunk: .
Peter Selinger
selinger at mathstat.dal.ca
Sat Mar 3 05:08:52 CET 2007
Arnaud,
the problem was: we want to install the hotplug scripts automatically
with "make install". However, we cannot assume that a group "ups"
exists (and if it doesn't, then there will be error messages during
system boot). Even if there is a user called "ups", this does not
guarantee that there is a group called "ups".
So we either have to make the group name configurable, or else not use
a group at all.
-- Peter
Arnaud Quette wrote:
>
> 2007/3/2, Charles Lepple <clepple at gmail.com>:
> > On 2/27/07, Peter Selinger <selinger at mathstat.dal.ca> wrote:
> > > Perhaps a simple solution is to make the ups group, as well as the ups
> > > user, configurable.
> >
> > No objections here.
>
> I've not followed the thread, but why this would be simpler?
> if it's in order to get a "wide devices range" group (including serial
> and USB nodes), there is no simple solution.
>
> > > Actually, I don't understand why the hotplugging
> > > script uses these permissions:
> > >
> > > -rw-rw---- 1 root ups 52 Feb 27 17:32 002
>
> even 664 now, to allow standard user to call lsusb
>
> > > and not these other, more portable ones:
> > >
> > > -rw------- 1 ups root 52 Feb 27 17:32 002
> > >
> > > Here "ups" will be replaced by the configured user, of course.
> > >
> > > Is there a reason for these permissions, anyone? Would it break the
> > > Debian packaging (from which the hotplug scripts were originally
> > > taken) if we used a user instead of a group?
> >
> > In general, when you want to isolate the amount of damage that a
> > process can do, you don't give that process ownership of a file,
> > device node or socket - you just give it group read-write permission.
>
> exactly
>
> Arnaud
More information about the Nut-upsdev
mailing list