[Nut-upsuser] hardened kernel and nut access to ttyS

Peter Selinger selinger at mathstat.dal.ca
Tue May 8 16:28:08 UTC 2007


See the thread "USB problem as user" by Czuczy Gergely on the
nut-upsuser list, Apr 20-26. 

Czuczy was also running grsecurity, and in his case, he was unable to
access the USB port as a non-root user, although the permissions were
set correctly. My guess is that you have to tell grsecurity to enable
the access explicitly.

Czuczy never reported to the list that he had solved the problem, but
since he disappeared very suddenly, I assume that he probably solved
it or gave up.

-- Peter

Charles Lepple wrote:
> 
> On 5/8/07, Vieri <rentorbuy at yahoo.com> wrote:
> >
> > --- Carlos Rodrigues <carlos.efr at mail.telepac.pt>
> > wrote:
> >
> > > On 5/8/07, Vieri <rentorbuy at yahoo.com> wrote:
> > > >
> > > > However, I just built a hardened kernel on a new
> > > > gentoo machine and have no experience with it. NUT
> > > > (upsdrv) is failing because it says it doesn't
> > > have
> > > > permission to access ttyS0 even though nut is
> > > within
> > > > the appropriate group. I can add user = root in
> > > > ups.conf but I'd rather not.
> > > >
> > > > Does someone have experience with hardened
> > > kernels?
> > > >
> > >
> > > Define "hardened". Are we talking about something
> > > like SELinux or AppArmor
> > > here?
> >
> > a system with PaX/Grsecurity.
> > http://www.gentoo.org/proj/en/hardened/grsecurity.xml
> 
> You might need to give us a little more information on how this is set
> up. Are you using chroot as well?
> 
> Version numbers, etc., will help narrow things down, as well as
> configuration options.
> 
> This page <http://www.grsecurity.org/features.php> leads me to believe
> that you don't need to use root: "Non-root access to special roles" -
> but it's hard to tell without knowing exactly what policy is
> preventing NUT from accessing the serial port (and we haven't had too
> many posts from people who have set up similar environments before).
> 
> -- 
> - Charles Lepple
> 
> _______________________________________________
> Nut-upsuser mailing list
> Nut-upsuser at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/nut-upsuser
> 




More information about the Nut-upsuser mailing list