[Nut-upsuser] Running NUT within an unprivileged LXD container?

Linus Lüssing linus.luessing at c0d3.blue
Mon Jul 18 23:53:36 BST 2022

On Mon, Jul 18, 2022 at 02:29:18AM +0200, Linus Lüssing wrote:
> Hi,
> I'm trying to set up NUT within an unprivileged LXD container.
> So within the container there is its own user namespace with
> a root user with UID 0, which does not actually have overall
> system root rights.
> Both the host and the container run Debian Bullseye.
> NUT is version 2.7.4-13.
> [...]

Found my issue: I wasn't aware that when /lib/nut/usbhid-ups is
started as root that it drops its user privileges from root to
the "nut" user:

root at nut:~# ps -Af | grep usb
nut           91       1  0 22:10 ?        00:00:02 /lib/nut/usbhid-ups -a apc-back-ups-rs-900g

So I needed to add the "uid" and "gid" attributes here:

$ lxc start nut
[ nut needs to be installed in the container before, so that the user+group "nut"
  are available ]
$ lxc config device add nut apcusbhid usb vendorid=051d productid=0002 uid="$(lxc exec nut -- /bin/id -u nut)" gid="$(lxc exec nut -- /bin/id -g nut)"
$ lxc exec nut -- /usr/bin/systemctl enable nut-server
$ lxc restart nut

upsc now returns just fine, with valid values:

$ lxc exec nut -- /usr/bin/upsc apc-back-ups-rs-900g at localhost battery.charge
Init SSL without certificate database

Some more background information from my debugging, especially
the output from strace, can be found here in the forum post:


Regards, Linus

More information about the Nut-upsuser mailing list