[Nut-upsuser] upsdevctl is -rwxr-xr-x

Arjen de Korte nut+users at de-korte.org
Thu Jun 7 12:11:28 UTC 2007


>> Are you saying that an unprivileged user
>> cannot execute upsdrvctl shutdown ?
> Yes. Even when ups.conf is readable by that user. The 'upsdrvctl' won't be
> able to send a signal to another process owned by another user, if it is
> not running as a privileged user ('root'). If someone manages to login as
> the user running the driver, you're toast anyway.

In retrospect, this is not entirely clear.

There are two ways to shutdown a UPS through NUT:

1) By sending a to the driver through the upsd server by means of 'upscmd'
for instance, for driver that support this. You need to be logged into the
server to do this and have appropriate privileges (set in 'upsd.users').
You don't need 'upsdrvctl' here, so its permissions are irrelevant then.

2) By issuing 'upsdrvctl shutdown'. Sending the shutdown command, is done
with a command line option for a driver. However, if a driver is already
running for a UPS, the port to which it is connected will be locked by
that driver. This means that the driver that is already connected to the
UPS must be stopped first, before you can send a shutdown command to the
UPS. The only way to do this, is by sending the running driver a SIGTERM.
As mentioned above, unprivileged users other than the user running the
driver can't do this.

If a driver is not running *and* someone has access to 'upsdrvctl' *and*
'ups.conf' *and* the port the UPS is connected to, you're in trouble
though. But you've managed to mess up the permissions on so many things by
then, that you probably also left the door to your server room unlocked,
so your equipment is unsafe anyway... :-)

Best regards, Arjen




More information about the Nut-upsuser mailing list