Bug 11886 - [FR] add properly secured /var/run/upssched/ out-of-box
: [FR] add properly secured /var/run/upssched/ out-of-box
Status: NEW
: Sisyphus
(All bugs in Sisyphus/nut)
: unstable
: all Linux
: P2 normal
Assigned To:
:
:
:
:
:
  Show dependency tree
 
Reported: 2007-05-24 21:00 by
Modified: 2010-12-29 13:18 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2007-05-24 21:00:57
To run upssched (e.g. for early shutdowns or otherwise peculiar logic), it's
recommended/required to create separate protected directory for a pipe and a
lock; would be nice to have it in the package.

upssched.conf hints that %dir(700,upsmon,upsmon) %_var/run/upssched/ seems proper:

# ============================================================================
#
# PIPEFN <filename>
#
# This sets the file name of the FIFO that will pass communications between
# processes to start and stop timers.  This should be set to some path where
# normal users can't create the file, due to the possibility of symlinking
# and other evil.
#
# Note: if you are running Solaris or similar, the permissions that 
# upssched sets on this file *are not enough* to keep you safe.  If
# your OS ignores the permissions on a FIFO, then you MUST put this in
# a protected directory!
#
# Note 2: by default, upsmon will run upssched as whatever user you have
# defined with RUN_AS_USER in upsmon.conf.  Make sure that user can
# create files and write to files in the path you use for PIPEFN and
# LOCKFN.
#
# My recommendation: create a special directory for upssched, make it
# owned by your upsmon user, then use it for both.
#
# This is commented out by default to make you visit this file and think
# about how your system works before potentially opening a hole.
#
# PIPEFN /var/run/upssched/upssched.pipe

# ============================================================================
#
# LOCKFN <filename>
#
# REQUIRED.  This was added after version 1.2.1.
#
# upssched needs to be able to create this filename in order to avoid
# a race condition when two events are dispatched from upsmon at nearly
# the same time.  This file will only exist briefly.  It must not be
# created by any other process.
#
# You should put this in the same directory as PIPEFN.
#
# LOCKFN /var/run/upssched/upssched.lock
------- Comment #1 From 2009-09-18 01:06:41 -------
Пакет nut ищет мейнтейнера.
------- Comment #2 From 2009-09-18 23:58:01 -------
2 alexsid: берёмся?  У меня сейчас бесперебойник не под рукой и как буду дома
-- будет скорее всего не до патчей, но проверить твои можно попробовать.
------- Comment #3 From 2009-09-19 09:46:34 -------
У меня сейчас совсем нет времени.....
И когда появится - неизвестно
------- Comment #4 From 2010-12-29 13:18:10 -------
Пакет сборки amike@ залил в сизиф всё-таки я.