On December 10, 2017 4:55:51 PM GMT+01:00, Roger Price <ro...@rogerprice.org> 
>On Sun, 10 Dec 2017, Charles Lepple wrote:
>> Either way, the default permissions are under the packager's control,
>> I would recommend that you file a bug with Debian: 
>> https://www.debian.org/Bugs/Reporting (feel free to mention the bug 
>> number here)
>Debian Bug Tracker told me that the URL is
>Nut-upsuser mailing list

I am not sure the rights offered in that bug are fully ok: generally you 
wouldn't want the configs to be writable by the service daemon if you can avoid 
it (so if it's hacked - it can be abused to a lesser extent). I think the only 
writable bit is the killpower file, which might better belong in /var/run/nut 
or state-dir or something like that. Maybe something for nut-cgi needs writes? 
Otherwise root:nut 640 should be good, IMHO. Maybe even different users for 
server/driver/clients, for paranoid setups...

Typos courtesy of K-9 Mail on my Android

Nut-upsuser mailing list

Reply via email to