Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 81524 - [PATCH] NUT runs as 'nobody' - requires 'nobody' be given privs
Summary: [PATCH] NUT runs as 'nobody' - requires 'nobody' be given privs
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: nut
Version: 1.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Ngo Than
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2003-01-10 03:34 UTC by Andrew Bartlett
Modified: 2007-04-18 16:49 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2003-02-11 22:54:42 UTC

Attachments (Terms of Use)
Patch to correct these issues (deleted)
2003-01-10 04:03 UTC, Andrew Bartlett
no flags Details | Diff

Description Andrew Bartlett 2003-01-10 03:34:04 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;) Gecko/20020913

Description of problem:
The NUT UPS tools require that the 'nobody' user - used for various untrusted
servies to prevent breakin - be given privilages.

In pariticular NUT requires thet the serial line be owned or group writeable by
this untrusted user.  

Instead, NUT should be configured to use it's own user (preventing 
a malicious 'nobody' program from killing it etc) and be group 'uucp'
for access to the serial line

(This will allow the UPS to function with just config file setup, not
changes to /dev)

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install NUT
2. Configure
3. Attempt to start

Actual Results:  NUT reqesting that an unprivaged user, used by programs that
want to
give up privilages, be given privages that would allow (say) a mallilous poweroff

Expected Results:  NUT to function with existing permissions

Additional info:

Once I fixed the spec file (as per patch) it works quite well.

Patch also corrects an issue at shutdown - the OPTIONS is not used.

Comment 1 Andrew Bartlett 2003-01-10 04:03:48 UTC
Created attachment 89278 [details]
Patch to correct these issues

This patch corrects the issues mentioned in this bug.

The patch is slightly munged - I removed the uid number for the 'ups' user.  
Please replace ??? with a validly allocated UID.

Andrew Bartlett

Comment 2 Ngo Than 2003-02-11 22:54:42 UTC
1.2.0-5 has this fix. Thanks for your infos.

bbrock: could you please test it again, if it's really fixed. I don't have
hardware for testing. Thanks

Note You need to log in before you can comment on or make changes to this bug.