Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

drivers/main.c: allow to specify a user for each driver via ups.conf #1293

Merged
merged 9 commits into from
Feb 17, 2022
Merged

drivers/main.c: allow to specify a user for each driver via ups.conf #1293

merged 9 commits into from
Feb 17, 2022

Conversation

jimklimov
Copy link
Member

@jimklimov jimklimov commented Feb 15, 2022
edited
Loading

Closes: #1288

Enhances earlier ability to start ALL drivers as a non-built-in account, by setting user = "name" in ups.conf global section, adding a similar ability to override this further at each driver's level.

Tested to accept and report the flag (along with debug-level passthrough from upsdrvctl, done by #1287), e.g.:

# ./drivers/upsdrvctl -DDDd start nutdev1
Network UPS Tools - UPS driver controller 2.7.4-4660-gc31748b
   0.000000     [D1] Starting UPS: nutdev1
   0.000859     [D2] 1 remaining attempts
   0.001456     [D2] exec:  /usr/local/ups/bin/usbhid-ups -DDD -a nutdev1
Network UPS Tools - Generic HID driver 0.45 (2.7.4-4660-gc31748b)
USB communication driver (libusb 1.0) 0.42
   0.000000     [D3] main_arg: var='driver' val='usbhid-ups'
   0.000673     [D3] main_arg: var='port' val='auto'
...
   0.005066     [D3] main_arg: var='user' val='root'
   0.005440     [D1] Overriding previously specified user 'nobody' with 'root' specified for driver section
...

Anticipated as most-useful when counter-acting non-persistent device filesystem node permissions, so local-media drivers (USB, maybe serial).

Additionally, this fixes a possible issue with earlier global-level user setting, where the filesystem socket could be created by the driver as not accessible to unprivileged upsd process. Now this should behave better by default, and can be twisted explicitly with new group setting in global and/or driver level configuration.

@jimklimov jimklimov added service/daemon start/stop General subject for starting and stopping NUT daemons (drivers, server, monitor); also BG/FG/Debug permissions USB labels Feb 15, 2022
@jimklimov
Copy link
Member Author

Testing with a user = ... specified at both global level and in the driver section:

   0.000000     [D1] Overriding previously specified user 'nobody' with 'default' specified in global section
...
   0.005517     [D1] Overriding previously specified user 'default' with 'root' specified for driver section
...
...

And for command-line option having precedence (though apparently the order of processing differs from my expectations when writing the message texts):

# ./drivers/upsdrvctl -DDDd -u www-data start nutdev1
...
   0.000000     [D1] Overriding previously specified user 'nobody' with 'default' specified in global section
...
   0.005441     [D1] Overriding previously specified user 'default' with 'root' specified for driver section
   0.005598     [D1] Built-in default user for drivers 'root' was ignored due to 'www-data' specified on command line
...

@lgtm-com

This comment was marked as duplicate.

Sign in to view
@jimklimov
configure.ac: report default/detected RUN_AS_USER/RUN_AS_GROUP values…
a954d30 
… in help; check if "nobody" group is not resolvable when "nogroup" us to use it as default RUN_AS_GROUP instead
@lgtm-com

This comment was marked as outdated.

Sign in to view
@lgtm-com

This comment was marked as duplicate.

Sign in to view
@lgtm-com

This comment was marked as outdated.

Sign in to view
@jimklimov jimklimov mentioned this pull request Feb 16, 2022
Closed
@jimklimov jimklimov merged commit 0063cdc into networkupstools:master Feb 17, 2022
@jimklimov jimklimov deleted the upsdrvmain-user branch February 17, 2022 13:38
This was referenced Feb 18, 2022
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
permissions service/daemon start/stop General subject for starting and stopping NUT daemons (drivers, server, monitor); also BG/FG/Debug USB
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow to persistently run certain drivers as certain user accounts
1 participant
@jimklimov