[Nut-upsdev] Re: [nut-commits] svn commit r831 - in trunk: .

Charles Lepple clepple at gmail.com
Sat Mar 3 20:30:22 CET 2007


On 3/3/07, Arjen de Korte <nut+devel at de-korte.org> wrote:
> Charles Lepple wrote:
>
> >> Is there a reason for these permissions, anyone? Would it break the
> >> Debian packaging (from which the hotplug scripts were originally
> >> taken) if we used a user instead of a group?
> > In general, when you want to isolate the amount of damage that a
> > process can do, you don't give that process ownership of a file,
> > device node or socket - you just give it group read-write permission.
>
> If this is the case (and I'll take your word it), why do we recommend to
> let the NUT user own both the statepath and the serial port it connects
> to (if any) in the INSTALL file? We probably should change this as well.

Hm, hadn't checked INSTALL recently.

from 2.0.5 on Debian:

$ ls -ld /var/run/nut
drwxrwx--- 2 root nut 168 2007-02-05 20:48 /var/run/nut/

Since the state socket is created with owner "nut", there's not much
we can do there. But you're probably right about updating INSTALL.

-- 
- Charles Lepple



More information about the Nut-upsdev mailing list