[Nut-upsuser] Running NUT within an unprivileged LXD container?
Linus Lüssing
linus.luessing at c0d3.blue
Mon Jul 18 23:53:36 BST 2022
On Mon, Jul 18, 2022 at 02:29:18AM +0200, Linus Lüssing wrote:
> Hi,
>
> I'm trying to set up NUT within an unprivileged LXD container.
> So within the container there is its own user namespace with
> a root user with UID 0, which does not actually have overall
> system root rights.
>
> Both the host and the container run Debian Bullseye.
> NUT is version 2.7.4-13.
> [...]
Found my issue: I wasn't aware that when /lib/nut/usbhid-ups is
started as root that it drops its user privileges from root to
the "nut" user:
```
root at nut:~# ps -Af | grep usb
nut 91 1 0 22:10 ? 00:00:02 /lib/nut/usbhid-ups -a apc-back-ups-rs-900g
```
So I needed to add the "uid" and "gid" attributes here:
```
$ lxc start nut
[ nut needs to be installed in the container before, so that the user+group "nut"
are available ]
$ lxc config device add nut apcusbhid usb vendorid=051d productid=0002 uid="$(lxc exec nut -- /bin/id -u nut)" gid="$(lxc exec nut -- /bin/id -g nut)"
$ lxc exec nut -- /usr/bin/systemctl enable nut-server
$ lxc restart nut
```
upsc now returns just fine, with valid values:
```
$ lxc exec nut -- /usr/bin/upsc apc-back-ups-rs-900g at localhost battery.charge
Init SSL without certificate database
100
```
Some more background information from my debugging, especially
the output from strace, can be found here in the forum post:
https://discuss.linuxcontainers.org/t/issue-usb-passthrough-using-network-ups-tools-nut-within-a-container-for-an-apc-ups/14641/1
Regards, Linus
More information about the Nut-upsuser
mailing list