[Buildroot] [PATCH 2/2] package/nut: specify --with-user/group when building NUT

[Buildroot] [PATCH 2/2] package/nut: specify --with-user/group when building NUT

[Jens Maus]

This commit fixes a problem where the NUT package couldn't be
used as a NUT server due to the fact that the default group for
nobody is "nogroup" and not "nobody" like the internal default
of NUT. Thus, when starting a NUT server daemon the daemon starts
with incorrect group permissions and generated some error messages.
This commit fixes this shortcoming by specifying --with-user/group
when running configure.

Signed-off-by: Jens Maus <mail@jens-maus.de>
---
 package/nut/nut.mk | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/package/nut/nut.mk b/package/nut/nut.mk
index 332ccf907..ab8a17868 100644
--- a/package/nut/nut.mk
+++ b/package/nut/nut.mk
@@ -18,7 +18,9 @@ NUT_AUTORECONF = YES
 # since the default location (/var/state/ups) maybe readonly.
 NUT_CONF_OPTS = \
 	--with-altpidpath=/var/run/upsd \
-	--without-hal
+	--without-hal \
+	--with-user=nobody \
+	--with-group=nogroup
 
 # For uClibc-based toolchains, nut forgets to link with -lm
 ifeq ($(BR2_TOOLCHAIN_USES_UCLIBC),y)
-- 
2.11.0

[Buildroot] [PATCH 2/2] package/nut: specify --with-user/group when building NUT

[Yann E. MORIN]

Jens, All,

On 2017-06-08 17:35 +0200, Jens Maus spake thusly:
> This commit fixes a problem where the NUT package couldn't be
> used as a NUT server due to the fact that the default group for
> nobody is "nogroup" and not "nobody" like the internal default
> of NUT. Thus, when starting a NUT server daemon the daemon starts
> with incorrect group permissions and generated some error messages.
> This commit fixes this shortcoming by specifying --with-user/group
> when running configure.
> 
> Signed-off-by: Jens Maus <mail@jens-maus.de>
> ---
>  package/nut/nut.mk | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/package/nut/nut.mk b/package/nut/nut.mk
> index 332ccf907..ab8a17868 100644
> --- a/package/nut/nut.mk
> +++ b/package/nut/nut.mk
> @@ -18,7 +18,9 @@ NUT_AUTORECONF = YES
>  # since the default location (/var/state/ups) maybe readonly.
>  NUT_CONF_OPTS = \
>  	--with-altpidpath=/var/run/upsd \
> -	--without-hal
> +	--without-hal \
> +	--with-user=nobody \

'nobody' is the default for the user, so it does not seem to be needed
to specify it, as we do have nobody. Being explicit is probably better.

> +	--with-group=nogroup

Yup.

Note however that nut does not recommend running as nobody/nogroup.

Instead, I would suggest we do add a user definition for nut, and
use that for configure.

    define NUT_USER
        nut -1 nut -1 * - - - Nut user
    endef

Regards,
Yann E. MORIN.

>  # For uClibc-based toolchains, nut forgets to link with -lm
>  ifeq ($(BR2_TOOLCHAIN_USES_UCLIBC),y)
> -- 
> 2.11.0
> 

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [PATCH 2/2] package/nut: specify --with-user/group when building NUT

[Jens Maus]

Hi Yann, All,

> Am 08.06.2017 um 21:20 schrieb Yann E. MORIN <yann.morin.1998@free.fr>:
> 
> On 2017-06-08 17:35 +0200, Jens Maus spake thusly:
>> This commit fixes a problem where the NUT package couldn't be
>> used as a NUT server due to the fact that the default group for
>> nobody is "nogroup" and not "nobody" like the internal default
>> of NUT. Thus, when starting a NUT server daemon the daemon starts
>> with incorrect group permissions and generated some error messages.
>> This commit fixes this shortcoming by specifying --with-user/group
>> when running configure.
>> 
>> Signed-off-by: Jens Maus <mail@jens-maus.de>
>> ---
>> package/nut/nut.mk | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>> 
>> diff --git a/package/nut/nut.mk b/package/nut/nut.mk
>> index 332ccf907..ab8a17868 100644
>> --- a/package/nut/nut.mk
>> +++ b/package/nut/nut.mk
>> @@ -18,7 +18,9 @@ NUT_AUTORECONF = YES
>> # since the default location (/var/state/ups) maybe readonly.
>> NUT_CONF_OPTS = \
>> 	--with-altpidpath=/var/run/upsd \
>> -	--without-hal
>> +	--without-hal \
>> +	--with-user=nobody \
> 
> 'nobody' is the default for the user, so it does not seem to be needed
> to specify it, as we do have nobody. Being explicit is probably better.
> 
>> +	--with-group=nogroup
> 
> Yup.
> 
> Note however that nut does not recommend running as nobody/nogroup.
> 
> Instead, I would suggest we do add a user definition for nut, and
> use that for configure.
> 
>    define NUT_USER
>        nut -1 nut -1 * - - - Nut user
>    endef

Thanks for your comments. Indeed I could remove ?with-user=nobody from my patchset. And of course it would be better to run NUT with a new user. But IMHO for the time being the patch I submitted should be sufficient and we can apply an additional patch later. Or is my patch rejected now and I need to rework it for being accepted? Sorry for asking, but I am fairly new to submitting patches to buildroot and I am not fully confident to the procedure. In addition, I cannot see my initial patch at patchwork anymore?!?!

regards,
jens
-- 
Jens Maus, Dresden/Germany
http://jens-maus.de/

*** Content is authentic only with digital signature  ***

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3745 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20170610/0a08b2fb/attachment.p7s>

[Buildroot] [PATCH 2/2] package/nut: specify --with-user/group when building NUT

[Yann E. MORIN]

On June 10, 2017 9:04:47 AM GMT+02:00, Jens Maus <mail@jens-maus.de> wrote:
[snip]
> Thanks for your comments. Indeed I could remove ?with-user=nobody from
> my patchset. And of course it would be better to run NUT with a new
> user. But IMHO for the time being the patch I submitted should be
> sufficient and we can apply an additional patch later. Or is my patch
> rejected now and I need to rework it for being accepted?

Yes, please resubmit your patch that defines a nut user, and uses
that during configure.

Keep both --with-user and --with-group.

> Sorry for
> asking, but I am fairly new to submitting patches to buildroot and I am
> not fully confident to the procedure.

No problem. You did correct so far. :-)

> In addition, I cannot see my
> initial patch at patchwork anymore?!?!

Indeed, because it was marked "changes requested".

Regards,
Yann E. MORIN..

Jens, All,
-- 
Sent from my phone. Please excuse my brevity.

[Buildroot] [PATCH v2] package/nut: package/nut: specify --with-user/group when building NUT

[Jens Maus via buildroot]

This commit fixes a problem where the NUT package couldn't be
used as a NUT server due to the fact that the default group for
nobody is "nogroup" and not "nobody" like the internal default
of NUT. Thus, when starting a NUT server daemon the daemon starts
with incorrect group permissions. This commit fixes this
shortcoming by introducing a dedicated 'nut' user and 'nut' group
to drop priviledges to it.

Signed-off-by: Jens Maus <mail@jens-maus.de>

---
Changes v1 -> v2:
  - added NUT_USERS with nut/nut user and group (Yann)

Signed-off-by: Jens Maus <mail@jens-maus.de>
---
 package/nut/nut.mk | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/package/nut/nut.mk b/package/nut/nut.mk
index fb98ba04f0..4c322aeb85 100644
--- a/package/nut/nut.mk
+++ b/package/nut/nut.mk
@@ -24,7 +24,9 @@ NUT_POST_PATCH_HOOKS += NUT_FIX_CONFIGURE
 NUT_CONF_OPTS = \
 	--with-altpidpath=/var/run/upsd \
 	--with-dev \
-	--without-doc
+	--without-doc \
+	--with-user=nut \
+	--with-group=nut
 
 NUT_CONF_ENV = \
 	ax_cv_check_cflags__Werror__Wno_unknown_warning_option=no \
@@ -34,6 +36,10 @@ NUT_CONF_ENV = \
 	ac_cv_func_strncasecmp=yes \
 	ax_cv__printf_string_null=yes
 
+define NUT_USERS
+	nut -1 nut -1 * - - - NUT user
+endef
+
 ifeq ($(call qstrip,$(BR2_PACKAGE_NUT_DRIVERS)),)
 NUT_CONF_OPTS += --with-drivers=auto
 else
-- 
2.34.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v2] package/nut: package/nut: specify --with-user/group when building NUT

[Yann E. MORIN]

Jens, All,

On 2023-09-23 18:52 +0200, Jens Maus via buildroot spake thusly:
> This commit fixes a problem where the NUT package couldn't be
> used as a NUT server due to the fact that the default group for
> nobody is "nogroup" and not "nobody" like the internal default
> of NUT. Thus, when starting a NUT server daemon the daemon starts
> with incorrect group permissions. This commit fixes this
> shortcoming by introducing a dedicated 'nut' user and 'nut' group
> to drop priviledges to it.
> 
> Signed-off-by: Jens Maus <mail@jens-maus.de>

Applied to master, thanks.

Regards,
Yann E. MORIN.

> ---
> Changes v1 -> v2:
>   - added NUT_USERS with nut/nut user and group (Yann)
> 
> Signed-off-by: Jens Maus <mail@jens-maus.de>
> ---
>  package/nut/nut.mk | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/package/nut/nut.mk b/package/nut/nut.mk
> index fb98ba04f0..4c322aeb85 100644
> --- a/package/nut/nut.mk
> +++ b/package/nut/nut.mk
> @@ -24,7 +24,9 @@ NUT_POST_PATCH_HOOKS += NUT_FIX_CONFIGURE
>  NUT_CONF_OPTS = \
>  	--with-altpidpath=/var/run/upsd \
>  	--with-dev \
> -	--without-doc
> +	--without-doc \
> +	--with-user=nut \
> +	--with-group=nut
>  
>  NUT_CONF_ENV = \
>  	ax_cv_check_cflags__Werror__Wno_unknown_warning_option=no \
> @@ -34,6 +36,10 @@ NUT_CONF_ENV = \
>  	ac_cv_func_strncasecmp=yes \
>  	ax_cv__printf_string_null=yes
>  
> +define NUT_USERS
> +	nut -1 nut -1 * - - - NUT user
> +endef
> +
>  ifeq ($(call qstrip,$(BR2_PACKAGE_NUT_DRIVERS)),)
>  NUT_CONF_OPTS += --with-drivers=auto
>  else
> -- 
> 2.34.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v2] package/nut: package/nut: specify --with-user/group when building NUT

[Peter Korsgaard]

>>>>> "Jens" == Jens Maus via buildroot <buildroot@buildroot.org> writes:

 > This commit fixes a problem where the NUT package couldn't be
 > used as a NUT server due to the fact that the default group for
 > nobody is "nogroup" and not "nobody" like the internal default
 > of NUT. Thus, when starting a NUT server daemon the daemon starts
 > with incorrect group permissions. This commit fixes this
 > shortcoming by introducing a dedicated 'nut' user and 'nut' group
 > to drop priviledges to it.

 > Signed-off-by: Jens Maus <mail@jens-maus.de>

 > ---
 > Changes v1 -> v2:
 >   - added NUT_USERS with nut/nut user and group (Yann)

 > Signed-off-by: Jens Maus <mail@jens-maus.de>

Committed to 2023.02.x, 2023.05.x and 2023.08.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot