[Nut-upsuser] hardened kernel and nut access to ttyS

Vieri rentorbuy at yahoo.com
Tue May 8 17:10:00 UTC 2007 

Here's a workaround for Gentoo's "hardened profile".

Edit /etc/udev/rules.d/50-udev.rules:
KERNEL=="ttyS0",        NAME="%k", SYMLINK="tts/%n",
GROUP="tty", MODE="0660"
KERNEL=="ttyS[1-9]*",   NAME="%k", SYMLINK="tts/%n",
GROUP="uucp", MODE="0660"

Reboot.

# ls -la /dev/ttyS0
crw-rw---- 1 root tty 4, 64 May  8  2007 /dev/ttyS0

# /etc/init.d/upsdrv start
 * Starting UPS drivers ...
Network UPS Tools - UPS driver controller 2.0.5
Network UPS Tools - Megatec protocol driver 1.5
(2.0.5)
Carlos Rodrigues (c) 2003-2006

Megatec protocol UPS detected.                        
                   [ ok ]

Another workaround would be to include the nut user in
the uucp group.

I don't know whch solution is best.

Vieri

--- Peter Selinger <selinger at mathstat.dal.ca> wrote:

> See the thread "USB problem as user" by Czuczy
> Gergely on the
> nut-upsuser list, Apr 20-26. 
> 
> Czuczy was also running grsecurity, and in his case,
> he was unable to
> access the USB port as a non-root user, although the
> permissions were
> set correctly. 
> -- Peter
> 
> Charles Lepple wrote:
> > 
> > On 5/8/07, Vieri <rentorbuy at yahoo.com> wrote:
> > >
> > > --- Carlos Rodrigues
> <carlos.efr at mail.telepac.pt>
> > > wrote:
> > >
> > > > On 5/8/07, Vieri <rentorbuy at yahoo.com> wrote:
> > > > >
> > > > > However, I just built a hardened kernel on a
> new
> > > > > gentoo machine and have no experience with
> it. NUT
> > > > > (upsdrv) is failing because it says it
> doesn't
> > > > have
> > > > > permission to access ttyS0 even though nut
> is
> > > > within
> > > > > the appropriate group. I can add user = root
> in
> > > > > ups.conf but I'd rather not.
> > > > >
> > > > > Does someone have experience with hardened
> > > > kernels?
> > > > >
> > > >
> > > > Define "hardened". Are we talking about
> something
> > > > like SELinux or AppArmor
> > > > here?
> > >
> > > a system with PaX/Grsecurity.
> > >
>
http://www.gentoo.org/proj/en/hardened/grsecurity.xml
> > 
> > You might need to give us a little more
> information on how this is set
> > up. Are you using chroot as well?
> > 
> > Version numbers, etc., will help narrow things
> down, as well as
> > configuration options.
> > 
> > This page <http://www.grsecurity.org/features.php>
> leads me to believe
> > that you don't need to use root: "Non-root access
> to special roles" -
> > but it's hard to tell without knowing exactly what
> policy is
> > preventing NUT from accessing the serial port (and
> we haven't had too
> > many posts from people who have set up similar
> environments before).
> > 
> > -- 
> > - Charles Lepple



 
____________________________________________________________________________________
Never miss an email again!
Yahoo! Toolbar alerts you the instant new Mail arrives.
http://tools.search.yahoo.com/toolbar/features/mail/

More information about the Nut-upsuser mailing list