[Nut-upsuser] Debian 9 : Can't open /etc/nut/upsd.users: Permission denied
Manuel Wolfshant
wolfy at nobugconsulting.ro
Mon Dec 11 11:07:53 UTC 2017
On 12/11/2017 12:57 PM, Roger Price wrote:
> On Sun, 10 Dec 2017, Jim Klimov wrote:
>
>> I am not sure the rights offered in that bug are fully ok: generally
>> you wouldn't want the configs to be writable by the service daemon if
>> you can avoid it (so if it's hacked - it can be abused to a lesser
>> extent). I think the only writable bit is the killpower file, which
>> might better belong in /var/run/nut or state-dir or something like
>> that. Maybe something for nut-cgi needs writes? Otherwise root:nut
>> 640 should be good, IMHO. Maybe even different users for
>> server/driver/clients, for paranoid setups...
>
> Perhaps a more general review of ownership and permissions would be
> useful. For example, on my Debian 9 box, command « ls -alF /sbin/ups*
> » reports
>
> -rwxr-xr-x 1 root root 425 Jan 25 2017 /sbin/upsd*
> -rwxr-xr-x 1 root root 30816 Jan 25 2017 /sbin/upsdrvctl*
> -rwxr-xr-x 1 root root 429 Jan 25 2017 /sbin/upsmon*
> -rwxr-xr-x 1 root root 30808 Jan 25 2017 /sbin/upssched*
>
> Wouldn't owner root:nut and permissions 750 be better?
I'm including below the defaults for the redhat package:
[wolfy at wolfy tmp]$ ll /etc/ups/
total 44
-rw-r-----. 1 root nut 1538 Jan 3 2017 nut.conf
-rw-r-----. 1 root nut 4618 Jan 3 2017 ups.conf
-rw-r-----. 1 root nut 4578 Jan 3 2017 upsd.conf
-rw-r-----. 1 root nut 2131 Jan 3 2017 upsd.users
-rw-r-----. 1 root nut 15312 Jan 3 2017 upsmon.conf
-rw-r-----. 1 root nut 3891 Jan 3 2017 upssched.conf
More information about the Nut-upsuser
mailing list