Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 81524

Summary: [PATCH] NUT runs as 'nobody' - requires 'nobody' be given privs
Product: [Retired] Red Hat Raw Hide Reporter: Andrew Bartlett <abartlet>
Component: nutAssignee: Ngo Than <than>
Status: CLOSED RAWHIDE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0CC: jorton
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-02-11 22:54:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Description Flags
Patch to correct these issues none

Description Andrew Bartlett 2003-01-10 03:34:04 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;) Gecko/20020913

Description of problem:
The NUT UPS tools require that the 'nobody' user - used for various untrusted
servies to prevent breakin - be given privilages.

In pariticular NUT requires thet the serial line be owned or group writeable by
this untrusted user.  

Instead, NUT should be configured to use it's own user (preventing 
a malicious 'nobody' program from killing it etc) and be group 'uucp'
for access to the serial line

(This will allow the UPS to function with just config file setup, not
changes to /dev)

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install NUT
2. Configure
3. Attempt to start

Actual Results:  NUT reqesting that an unprivaged user, used by programs that
want to
give up privilages, be given privages that would allow (say) a mallilous poweroff

Expected Results:  NUT to function with existing permissions

Additional info:

Once I fixed the spec file (as per patch) it works quite well.

Patch also corrects an issue at shutdown - the OPTIONS is not used.

Comment 1 Andrew Bartlett 2003-01-10 04:03:48 UTC
Created attachment 89278 [details]
Patch to correct these issues

This patch corrects the issues mentioned in this bug.

The patch is slightly munged - I removed the uid number for the 'ups' user.  
Please replace ??? with a validly allocated UID.

Andrew Bartlett

Comment 2 Ngo Than 2003-02-11 22:54:42 UTC
1.2.0-5 has this fix. Thanks for your infos.

bbrock: could you please test it again, if it's really fixed. I don't have
hardware for testing. Thanks