On December 10, 2017 4:55:51 PM GMT+01:00, Roger Price <ro...@rogerprice.org> wrote: >On Sun, 10 Dec 2017, Charles Lepple wrote: > >> Either way, the default permissions are under the packager's control, >so >> I would recommend that you file a bug with Debian: >> https://www.debian.org/Bugs/Reporting (feel free to mention the bug >> number here) > >Debian Bug Tracker told me that the URL is >https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884021. > >Roger > >_______________________________________________ >Nut-upsuser mailing list >Nut-upsuser@lists.alioth.debian.org >http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser
I am not sure the rights offered in that bug are fully ok: generally you wouldn't want the configs to be writable by the service daemon if you can avoid it (so if it's hacked - it can be abused to a lesser extent). I think the only writable bit is the killpower file, which might better belong in /var/run/nut or state-dir or something like that. Maybe something for nut-cgi needs writes? Otherwise root:nut 640 should be good, IMHO. Maybe even different users for server/driver/clients, for paranoid setups... Jim -- Typos courtesy of K-9 Mail on my Android _______________________________________________ Nut-upsuser mailing list Nut-upsuser@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser
