NUT sudo make install
creates paths not chown'ed to run-time user accounts
#1298
Labels
CI
Entries related to continuous integration infrastructure (historically also recipes like Makefiles)
packaging
portability
We want NUT to build and run everywhere possible
service/daemon start/stop
General subject for starting and stopping NUT daemons (drivers, server, monitor); also BG/FG/Debug
Milestone
(Related to #1296 and #1297)
Filesystem objects created by plain
make install
remain owned by the user who made them (unprivileged in test installs to a scratch DESTDIR, root in "custom production" builds). NUT daemons are pre-configured to run as an unprivileged account (nobody:nogroup
,nut:nut
, etc.) and corresponding paths get that ownership (andchmod
access constraints) in package metadata - but not in a plain local installation that bypasses packaging, so e.g./var/state/ups
owned byroot:root
(and in fact not created bymake install
) can not house state, pid (#1299) and pipe files for drivers and upsd; the /usr/local/ups/etc is not protected from the world reading it, etc.Proposed solution: add a recipe like
make install-own
(depends oninstall
, and separated to avoid conflicts for existing use-cases in dist, packaging, etc.) that would try to apply ownership+permissions according toconfigure
script choices. Or revise if existinginstall
recipe tries to do the right thing but for some reason fails to (without faulting themake
call)?..The text was updated successfully, but these errors were encountered: