[Nut-upsuser] Debian 9 : Can't open /etc/nut/upsd.users: Permission denied

Roger Price roger at rogerprice.org
Mon Dec 11 10:57:39 UTC 2017

On Sun, 10 Dec 2017, Jim Klimov wrote:

> I am not sure the rights offered in that bug are fully ok: generally you 
> wouldn't want the configs to be writable by the service daemon if you 
> can avoid it (so if it's hacked - it can be abused to a lesser extent). 
> I think the only writable bit is the killpower file, which might better 
> belong in /var/run/nut or state-dir or something like that. Maybe 
> something for nut-cgi needs writes? Otherwise root:nut 640 should be 
> good, IMHO. Maybe even different users for server/driver/clients, for 
> paranoid setups...

Perhaps a more general review of ownership and permissions would be 
useful.  For example, on my Debian 9 box, command « ls -alF /sbin/ups* » 

   -rwxr-xr-x 1 root root   425 Jan 25  2017 /sbin/upsd*
   -rwxr-xr-x 1 root root 30816 Jan 25  2017 /sbin/upsdrvctl*
   -rwxr-xr-x 1 root root   429 Jan 25  2017 /sbin/upsmon*
   -rwxr-xr-x 1 root root 30808 Jan 25  2017 /sbin/upssched*

Wouldn't owner root:nut and permissions 750 be better?


More information about the Nut-upsuser mailing list