[Nut-upsuser] Apple Mac slave

Charles Lepple clepple at gmail.com
Fri Jun 16 02:21:55 UTC 2017

On Jun 15, 2017, at 4:09 PM, Robbie van der Walle <rvanderwalle at gmail.com> wrote:
> What is the purpose of Boolean:  SuccessfulExit?
All I remember is the comment on the next line: <!-- Do not respawn at shutdown time -->

>>>> I did have to fiddle with permissions of config files - Fink currently builds NUT to run as user "nobody", so I have the following non-default permissions:
>>>> $ ls -l /sw/etc/nut
>>>> ...
>>>> -rw-r-----+ 1 root  nobody   2177 Jun 15 08:42 upsd.users
>>>> -rw-r-----+ 1 root  nobody  15455 Jun 15 08:50 upsmon.conf
> /sw/etc/nut
> -rw-r--r--   1 root  admin  12199 Jun 10 16:22 upsmon.conf
> This are default permissions. 

Well, technically the Fink package doesn't install the *.conf files, just the *.conf.sample versions.
> I# For best results, you should create a new normal user like "nutmon",
> # and make it a member of a "nut" group or similar.  Then specify it
> # here and grant read access to the upsmon.conf for that group.
> #
> # This user should not have write access to upsmon.conf.
> #
> # RUN_AS_USER nutmon
> RUN_AS_USER root
> For security reasons you should change root to another user? 
> which other rights are needed for this user to make it work? 

Not a lot - upsmon keeps a copy around that runs as root (in order to execute the shutdown command), but it parses the files and network traffic under the lesser RUN_AS_USER privileges. So the Fink default of "nobody" could work, if you change the group of the configuration file as well. I don't know if many other processes in OS X use "nobody".

See http://networkupstools.org/docs/man/upsmon.html#_reloading_nuances and http://networkupstools.org/docs/man/upsmon.conf.html

More information about the Nut-upsuser mailing list