Red Hat Bugzilla – Bug 69820
Permissions leave nut-cgi clients basically unusable
Last modified: 2007-04-18 12:44:29 EDT
Description of Problem:
In a default installation if one will attempt to execute programs supplied
in 'nut-cgi' package they will run with "apache.apache" ownership. The problem
is that before they will do something they need to get an information from
files in /etc/ups (in particular from /etc/ups/upsset.conf, to even start
to do something outside of an immediate exit, but not only) and most of these
are unreadable. They should be at least readable to an "apache" group to be of
any use and then indeed nut-cgi clients can do something.
A some rudimentary documentation would also be nice. Something which would
say, roughly, "Add in your httpd configuration an alias definition like
ScriptAlias /nut/ "/var/www/nut-cgi-bin/", restrict an access to it properly
and drop among your documents nut.html, say, with a content somewhat like that:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<!-- Background white -->
<H1 ALIGN="CENTER">NUT tools (UPS access)</H1>
The following UPS tools are available here
<A HREF="nut/multimon.cgi" >multimon.cgi</A>
<A HREF="nut/upsimage.cgi" >upsimage.cgi</A>
<A HREF="nut/upsset.cgi" >upsset.cgi</A>
<A HREF="nut/upsstats.cgi" >upsstats.cgi</A>
Then you can try what these will do."
If we could have some description explaing what these are acutally _supposed_
to do, without referring to sources, that would be a riot. 'multimon.cgi' is
quite obvious. What other are really doing, and/or what has to be configured
before they will become truly useful, is not entirely clear.
As things stand now 'rpm -qd nug-cgi' draws blank and typing 'grep -i cgi *'
in /usr/share/doc/nut-0.45.4/docs directory is not very illuminating either.
An advice there really boils down to "configure properly". Indeed.
Version-Release number of selected component (if applicable):
it's fixed 1.2.0-5 or newer.