Red Hat Bugzilla – Bug 81524
[PATCH] NUT runs as 'nobody' - requires 'nobody' be given privs
Last modified: 2007-04-18 12:49:39 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;) Gecko/20020913
Description of problem:
The NUT UPS tools require that the 'nobody' user - used for various untrusted
servies to prevent breakin - be given privilages.
In pariticular NUT requires thet the serial line be owned or group writeable by
this untrusted user.
Instead, NUT should be configured to use it's own user (preventing
a malicious 'nobody' program from killing it etc) and be group 'uucp'
for access to the serial line
(This will allow the UPS to function with just config file setup, not
changes to /dev)
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install NUT
3. Attempt to start
Actual Results: NUT reqesting that an unprivaged user, used by programs that
give up privilages, be given privages that would allow (say) a mallilous poweroff
Expected Results: NUT to function with existing permissions
Once I fixed the spec file (as per patch) it works quite well.
Patch also corrects an issue at shutdown - the OPTIONS is not used.
Created attachment 89278 [details]
Patch to correct these issues
This patch corrects the issues mentioned in this bug.
The patch is slightly munged - I removed the uid number for the 'ups' user.
Please replace ??? with a validly allocated UID.
1.2.0-5 has this fix. Thanks for your infos.
bbrock: could you please test it again, if it's really fixed. I don't have
hardware for testing. Thanks