NUT sudo make install creates paths not chown'ed to run-time user accounts
#1298
Labels
CI
Entries related to continuous integration infrastructure (historically also recipes like Makefiles)
packaging
portability
We want NUT to build and run everywhere possible
service/daemon start/stop
General subject for starting and stopping NUT daemons (drivers, server, monitor); also BG/FG/Debug
Milestone
Comments
jimklimov
added
CI
This was referenced Feb 15, 2022
jimklimov
added
packaging
portability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
(Related to #1296 and #1297)
Filesystem objects created by plain
make installremain owned by the user who made them (unprivileged in test installs to a scratch DESTDIR, root in "custom production" builds). NUT daemons are pre-configured to run as an unprivileged account (nobody:nogroup,nut:nut, etc.) and corresponding paths get that ownership (andchmodaccess constraints) in package metadata - but not in a plain local installation that bypasses packaging, so e.g./var/state/upsowned byroot:root(and in fact not created bymake install) can not house state, pid (#1299) and pipe files for drivers and upsd; the /usr/local/ups/etc is not protected from the world reading it, etc.Proposed solution: add a recipe like
make install-own(depends oninstall, and separated to avoid conflicts for existing use-cases in dist, packaging, etc.) that would try to apply ownership+permissions according toconfigurescript choices. Or revise if existinginstallrecipe tries to do the right thing but for some reason fails to (without faulting themakecall)?..The text was updated successfully, but these errors were encountered: