[Nut-upsdev] [nut-Feature Requests] Allow to specify hostnames in ACL (upsd.conf)
carlos.efr at mail.telepac.pt
Sat Jan 19 14:03:34 UTC 2008
On Jan 19, 2008 9:05 AM, Arjen de Korte <nut+devel at de-korte.org> wrote:
> The users may not have accounts on the box that the server is running on
> (in a networked environment for instance), so the above assumption may not
> be true. I don't think mandating that they have, is too restrictive. Also,
> since usernames and passwords are not encrypted before transmission
> (unless SSL is used, but this is not the default) I'm not too thrilled
> about the idea of using actual system accounts here. Sure its possible to
> create special system accounts for NUT use, but this pretty much defeats
> the whole purpose of making configuration easier.
The use of PAM would allow the use of local or centralized network
accounts for NUT access, but I don't think that should be a
requirement. Create a system account with nut privileges _only_ would
be a hassle to users.
> Indeed. So I propose to grant unrestricted RO access on all interfaces
> we're listening at. This means that only users with RW access need to be
> configured. Any objections?
Well, I don't think exposing information by default on a network is
ever a good idea. Even if that information seems innocent at first, at
least the fact that everyone can interact more with the server could
make small security bugs become critical.
More information about the Nut-upsdev