From 45e0a9bf22b6bbb52d469fc10191a176a52273f3 Mon Sep 17 00:00:00 2001
From: Jim Klimov <jimklimov+nut@gmail.com>
Date: Tue, 1 Nov 2022 21:56:52 +0100
Subject: [PATCH 1/6] common/common.c: become_user(): log change of UID/GID (or
 inability to do so)

---
 common/common.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/common/common.c b/common/common.c
index 177fc45d61..13b21d6a56 100644
--- a/common/common.c
+++ b/common/common.c
@@ -268,8 +268,12 @@ void become_user(struct passwd *pw)
 {
 #ifndef WIN32
 	/* if we can't switch users, then don't even try */
-	if ((geteuid() != 0) && (getuid() != 0))
+	if ((geteuid() != 0) && (getuid() != 0)) {
+		upsdebugx(1, "Can not become_user(%s): not root initially, "
+			"remaining UID=%jd GID=%jd",
+			pw->pw_name, (intmax_t)getuid(), (intmax_t)getgid());
 		return;
+	}
 
 	if (getuid() == 0)
 		if (seteuid(0))
@@ -283,8 +287,13 @@ void become_user(struct passwd *pw)
 
 	if (setuid(pw->pw_uid) == -1)
 		fatal_with_errno(EXIT_FAILURE, "setuid");
+
+	upsdebugx(1, "Succeeded to become_user(%s): now UID=%jd GID=%jd",
+		pw->pw_name, (intmax_t)getuid(), (intmax_t)getgid());
 #else
 	NUT_UNUSED_VARIABLE(pw);
+
+	upsdebugx(1, "Can not become_user(%s): not implemented on this platform", pw->pw_name);
 #endif
 }
 

From 5135f8bff5d0dfa2ef3db198026772a19702549e Mon Sep 17 00:00:00 2001
From: Jim Klimov <jimklimov+nut@gmail.com>
Date: Tue, 1 Nov 2022 21:59:19 +0100
Subject: [PATCH 2/6] common/common.c: chroot_start(): log entering chroot jail
 (or inability to do so)

---
 common/common.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/common/common.c b/common/common.c
index 13b21d6a56..e7171d8fb0 100644
--- a/common/common.c
+++ b/common/common.c
@@ -307,11 +307,16 @@ void chroot_start(const char *path)
 	if (chroot(path))
 		fatal_with_errno(EXIT_FAILURE, "chroot(%s)", path);
 
+#else
+	upsdebugx(1, "Can not chroot into %s: not implemented on this platform", path);
 #endif
+
 	if (chdir("/"))
 		fatal_with_errno(EXIT_FAILURE, "chdir(/)");
 
+#ifndef WIN32
 	upsdebugx(1, "chrooted into %s", path);
+#endif
 }
 
 #ifdef WIN32

From 326f90866dbf557a86928a0ab1aee3808cfd8d62 Mon Sep 17 00:00:00 2001
From: Jim Klimov <jimklimov+nut@gmail.com>
Date: Tue, 1 Nov 2022 22:06:45 +0100
Subject: [PATCH 3/6] tests/NIT/nit.sh: expand permissions for
 NUT_CONFPATH/*.conf if started as root (tested daemons cannot read them
 otherwise)

---
 tests/NIT/nit.sh | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/tests/NIT/nit.sh b/tests/NIT/nit.sh
index 04688131fb..0883f95369 100755
--- a/tests/NIT/nit.sh
+++ b/tests/NIT/nit.sh
@@ -322,7 +322,13 @@ STATEPATH "$NUT_STATEPATH"
 LISTEN localhost $NUT_PORT
 EOF
     [ $? = 0 ] || die "Failed to populate temporary FS structure for the NIT: upsd.conf"
-    chmod 640 "$NUT_CONFPATH/upsd.conf"
+
+    if [ "`id -u`" = 0 ]; then
+        log_info "Test script was started by 'root' - expanding permissions for '$NUT_CONFPATH/upsd.conf' so unprivileged daemons (after de-elevation) may read it"
+        chmod 644 "$NUT_CONFPATH/upsd.conf"
+    else
+        chmod 640 "$NUT_CONFPATH/upsd.conf"
+    fi
 
     # Some systems listining on symbolic "localhost" actually
     # only bind to IPv6, and Python telnetlib resolves IPv4
@@ -384,7 +390,13 @@ generatecfg_upsdusers_trivial() {
     upsmon secondary
 EOF
     [ $? = 0 ] || die "Failed to populate temporary FS structure for the NIT: upsd.users"
-    chmod 640 "$NUT_CONFPATH/upsd.users"
+
+    if [ "`id -u`" = 0 ]; then
+        log_info "Test script was started by 'root' - expanding permissions for '$NUT_CONFPATH/upsd.users' so unprivileged daemons (after de-elevation) may read it"
+        chmod 644 "$NUT_CONFPATH/upsd.users"
+    else
+        chmod 640 "$NUT_CONFPATH/upsd.users"
+    fi
 }
 
 ### upsmon.conf: ##################################################
@@ -398,7 +410,13 @@ generatecfg_upsmon_trivial() {
            echo "DEBUG_MIN ${NUT_DEBUG_MIN}" >> "$NUT_CONFPATH/upsmon.conf" || exit
        fi
     ) || die "Failed to populate temporary FS structure for the NIT: upsmon.conf"
-    chmod 640 "$NUT_CONFPATH/upsmon.conf"
+
+    if [ "`id -u`" = 0 ]; then
+        log_info "Test script was started by 'root' - expanding permissions for '$NUT_CONFPATH/upsmon.conf' so unprivileged daemons (after de-elevation) may read it"
+        chmod 644 "$NUT_CONFPATH/upsmon.conf"
+    else
+        chmod 640 "$NUT_CONFPATH/upsmon.conf"
+    fi
 }
 
 generatecfg_upsmon_master() {
@@ -437,8 +455,13 @@ generatecfg_ups_trivial() {
             echo "debug_min = ${NUT_DEBUG_MIN}" >> "$NUT_CONFPATH/ups.conf" || exit
         fi
     ) || die "Failed to populate temporary FS structure for the NIT: ups.conf"
-    chmod 640 "$NUT_CONFPATH/ups.conf"
 
+    if [ "`id -u`" = 0 ]; then
+        log_info "Test script was started by 'root' - expanding permissions for '$NUT_CONFPATH/ups.conf' so unprivileged daemons (after de-elevation) may read it"
+        chmod 644 "$NUT_CONFPATH/ups.conf"
+    else
+        chmod 640 "$NUT_CONFPATH/ups.conf"
+    fi
 }
 
 generatecfg_ups_dummy() {

From 2ed0162b5fd413305b3c8db275d4e43559980220 Mon Sep 17 00:00:00 2001
From: Jim Klimov <jimklimov@gmail.com>
Date: Wed, 2 Nov 2022 10:09:29 +0100
Subject: [PATCH 4/6] NEWS: we log uid/gid/chroot changes since 2.8.1 [#1694]

---
 NEWS | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index c16e1cbce3..a5ff51861a 100644
--- a/NEWS
+++ b/NEWS
@@ -60,8 +60,12 @@ https://github.com/networkupstools/nut/milestone/8
    * Fixed building of NUT man pages when just a few drivers are selected
      by `configure` script for custom builds [#1467]
 
+ - We lacked log information about changes of chroot jail (uncommon) and
+   of uid/gid (everywhere), which makes troubleshooting harder (e.g. lack
+   of access to config files or USB device nodes). Now we have it [#1694]
+
  - huawei-ups2000 is now known to support more devices, noted in docs and
-   for auto-detection [#1448]
+   for auto-detection [#1448, #1684]
 
  - nutdrv_qx updates:
    * the `voltronic_qs_protocol` should now accept both "V" (as before)

From b5b434f72f38bd32ad38941760b2833c75753533 Mon Sep 17 00:00:00 2001
From: Jim Klimov <jimklimov@gmail.com>
Date: Thu, 3 Nov 2022 13:50:22 +0100
Subject: [PATCH 5/6] Update NEWS

---
 NEWS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index a5ff51861a..6fe074f6bc 100644
--- a/NEWS
+++ b/NEWS
@@ -61,7 +61,7 @@ https://github.com/networkupstools/nut/milestone/8
      by `configure` script for custom builds [#1467]
 
  - We lacked log information about changes of chroot jail (uncommon) and
-   of uid/gid (everywhere), which makes troubleshooting harder (e.g. lack
+   of UID/GID (everywhere), which makes troubleshooting harder (e.g. lack
    of access to config files or USB device nodes). Now we have it [#1694]
 
  - huawei-ups2000 is now known to support more devices, noted in docs and

From 78f879aa072885097013b0d25332244478aff3cd Mon Sep 17 00:00:00 2001
From: Jim Klimov <jimklimov@gmail.com>
Date: Thu, 3 Nov 2022 13:50:24 +0100
Subject: [PATCH 6/6] Update nut.dict

---
 docs/nut.dict | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/nut.dict b/docs/nut.dict
index 1670fe4b85..42a587ef59 100644
--- a/docs/nut.dict
+++ b/docs/nut.dict
@@ -1,4 +1,4 @@
-personal_ws-1.1 en 3043 utf-8
+personal_ws-1.1 en 3044 utf-8
 AAS
 ABI
 ACFAIL
@@ -383,6 +383,7 @@ Fuß
 GCCVER
 GES
 GETADDRINFO
+GID
 GKrellM
 GND
 GPL