From Bugzilla Helper: User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;) Gecko/20020913 Description of problem: The NUT UPS tools require that the 'nobody' user - used for various untrusted servies to prevent breakin - be given privilages. In pariticular NUT requires thet the serial line be owned or group writeable by this untrusted user. Instead, NUT should be configured to use it's own user (preventing a malicious 'nobody' program from killing it etc) and be group 'uucp' for access to the serial line (This will allow the UPS to function with just config file setup, not changes to /dev) Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Install NUT 2. Configure 3. Attempt to start Actual Results: NUT reqesting that an unprivaged user, used by programs that want to give up privilages, be given privages that would allow (say) a mallilous poweroff Expected Results: NUT to function with existing permissions Additional info: Once I fixed the spec file (as per patch) it works quite well. Patch also corrects an issue at shutdown - the OPTIONS is not used.
Created attachment 89278 [details] Patch to correct these issues This patch corrects the issues mentioned in this bug. The patch is slightly munged - I removed the uid number for the 'ups' user. Please replace ??? with a validly allocated UID. Andrew Bartlett
1.2.0-5 has this fix. Thanks for your infos. bbrock: could you please test it again, if it's really fixed. I don't have hardware for testing. Thanks