Bug 11886 - [FR] add properly secured /var/run/upssched/ out-of-box
Summary: [FR] add properly secured /var/run/upssched/ out-of-box
Status: NEW
Alias: None
Product: Sisyphus
Classification: Development
Component: nut (show other bugs)
Version: unstable
Hardware: all Linux
: P2 normal
Assignee: Michael Shigorin
QA Contact: qa-sisyphus
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-05-24 21:00 MSD by Michael Shigorin
Modified: 2021-12-05 19:02 MSK (History)
6 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Shigorin 2007-05-24 21:00:57 MSD
To run upssched (e.g. for early shutdowns or otherwise peculiar logic), it's
recommended/required to create separate protected directory for a pipe and a
lock; would be nice to have it in the package.

upssched.conf hints that %dir(700,upsmon,upsmon) %_var/run/upssched/ seems proper:

# ============================================================================
#
# PIPEFN <filename>
#
# This sets the file name of the FIFO that will pass communications between
# processes to start and stop timers.  This should be set to some path where
# normal users can't create the file, due to the possibility of symlinking
# and other evil.
#
# Note: if you are running Solaris or similar, the permissions that 
# upssched sets on this file *are not enough* to keep you safe.  If
# your OS ignores the permissions on a FIFO, then you MUST put this in
# a protected directory!
#
# Note 2: by default, upsmon will run upssched as whatever user you have
# defined with RUN_AS_USER in upsmon.conf.  Make sure that user can
# create files and write to files in the path you use for PIPEFN and
# LOCKFN.
#
# My recommendation: create a special directory for upssched, make it
# owned by your upsmon user, then use it for both.
#
# This is commented out by default to make you visit this file and think
# about how your system works before potentially opening a hole.
#
# PIPEFN /var/run/upssched/upssched.pipe

# ============================================================================
#
# LOCKFN <filename>
#
# REQUIRED.  This was added after version 1.2.1.
#
# upssched needs to be able to create this filename in order to avoid
# a race condition when two events are dispatched from upsmon at nearly
# the same time.  This file will only exist briefly.  It must not be
# created by any other process.
#
# You should put this in the same directory as PIPEFN.
#
# LOCKFN /var/run/upssched/upssched.lock
Comment 1 Dmitry V. Levin 2009-09-18 01:06:41 MSD
Пакет nut ищет мейнтейнера.
Comment 2 Michael Shigorin 2009-09-18 23:58:01 MSD
2 alexsid: берёмся?  У меня сейчас бесперебойник не под рукой и как буду дома -- будет скорее всего не до патчей, но проверить твои можно попробовать.
Comment 3 Alexey Sidorov 2009-09-19 09:46:34 MSD
У меня сейчас совсем нет времени.....
И когда появится - неизвестно
Comment 4 Michael Shigorin 2010-12-29 13:18:10 MSK
Пакет сборки amike@ залил в сизиф всё-таки я.
Comment 5 Anton Farygin 2021-12-05 19:02:47 MSK
В текущем пакете upssched вообще никакой не упакован, видимо в надежде что администратор сделает всё хорошо сам.

Это, конечно, не очень хорошо.