[Nut-upsdev] [nut-Feature Requests][310492] Allow to specify hostnames in ACL (upsd.conf)

Arnaud Quette aquette.dev at gmail.com
Wed Jan 16 16:13:21 UTC 2008


2008/1/11, Arjen de Korte <nut+devel at de-korte.org>:
> [...]
>
> > seconded for the ACL. A comment about security should also be added
> > somewhere in the installation doc (for the doc rewrite).
>
> Shall I go ahead and remove the ACL mechanism from the server? And at the
> same time, change the default LISTEN address to 127.0.0.1 and/or ::1 if
> none is specified?

sure, please.
don't forget to update the comment in conf/upsd.conf.sample and man/upsd.conf.5

> You're right about the need for a hint on how the server should be
> secured. Both the need for a firewall and properly specifying the LISTEN
> directive are underdocumented at the moment. I'll see what I can do in
> this area, this is desireable even without the above changes.
>
> > I'm also thinking about simplifying the users definition. Though the
> > problematic is harder to solve there (PAM + access level
> > (monitoring/RO or RW/commands). But I've never got time to dig this
> > part. Any thought?
>
> I doubt that this will make the configuration easier. When it comes to
> specifying *which* users (username:password) are allowed, it might come in
> handy. But I don't think we can properly manage the RO/monitoring/slave
> and RW/commands/master through PAM. So instead of handling this all in one
> file, would mean that you'd have to configure this in two places. That
> doesn't really help to make it easier.

not really since system users already exist. We only have to declare
that for ex. root and arjen have RW right. But this only suppress the
need of the password in upsd.users.
What I'm not sure about is the need of such a fin granularity in the
command/var. settings.

> An alternative could be to grant RO/monitoring/slave universally (without
> access control) and only require setting up an administrative user for
> RW/commands/master access. If you'd be running both 'upsd' and 'upsmon' on
> the same box, we could even opt to use a file socket for that, which would
> not require any access control (other than that the user running 'upsmon'
> should have RW access to that socket). It would need no further
> authentication at all. In cases where this suits ones needs (almost
> always), 'upsd.users' would not be required anymore.

yup, I've already thought about the same: simple things when nothing
complex is required.
Still, we can't fully open the door for local RW access (command and
settings) : and there, PAM and things like the PolicyKit [1] can help
us (though the solution is not yet clear to me). Since this kind of
simple also applies to server, not only on personal systems...

Thanks,
Arnaud
-- 
[1] http://people.freedesktop.org/~david/polkit-spec.html
--
Linux / Unix Expert R&D - MGE Office Protection Systems - http://www.mgeops.com
Network UPS Tools (NUT) Project Leader - http://www.networkupstools.org/
Debian Developer - http://people.debian.org/~aquette/
Free Software Developer - http://arnaud.quette.free.fr/



More information about the Nut-upsdev mailing list