[Nut-upsuser] Apple Mac slave
Charles Lepple
clepple at gmail.com
Fri Jun 16 02:21:55 UTC 2017
On Jun 15, 2017, at 4:09 PM, Robbie van der Walle <rvanderwalle at gmail.com> wrote:
> What is the purpose of Boolean: SuccessfulExit?
>
All I remember is the comment on the next line: <!-- Do not respawn at shutdown time -->
>>>> I did have to fiddle with permissions of config files - Fink currently builds NUT to run as user "nobody", so I have the following non-default permissions:
>>>>
>>>> $ ls -l /sw/etc/nut
>>>> ...
>>>> -rw-r-----+ 1 root nobody 2177 Jun 15 08:42 upsd.users
>>>> -rw-r-----+ 1 root nobody 15455 Jun 15 08:50 upsmon.conf
>
> /sw/etc/nut
>
> -rw-r--r-- 1 root admin 12199 Jun 10 16:22 upsmon.conf
>
> This are default permissions.
Well, technically the Fink package doesn't install the *.conf files, just the *.conf.sample versions.
>
> I# For best results, you should create a new normal user like "nutmon",
> # and make it a member of a "nut" group or similar. Then specify it
> # here and grant read access to the upsmon.conf for that group.
> #
> # This user should not have write access to upsmon.conf.
> #
> # RUN_AS_USER nutmon
>
> RUN_AS_USER root
>
> For security reasons you should change root to another user?
>
> which other rights are needed for this user to make it work?
Not a lot - upsmon keeps a copy around that runs as root (in order to execute the shutdown command), but it parses the files and network traffic under the lesser RUN_AS_USER privileges. So the Fink default of "nobody" could work, if you change the group of the configuration file as well. I don't know if many other processes in OS X use "nobody".
See http://networkupstools.org/docs/man/upsmon.html#_reloading_nuances and http://networkupstools.org/docs/man/upsmon.conf.html
More information about the Nut-upsuser
mailing list