[Nut-upsdev] "upsdrvctl shutdown" ignores "-u"

[Peter Selinger]

Arjen de Korte wrote:
> 
> 
> > it seems to me that "upsdrvctl shutdown" fails to pass the "-u" flag to
> > the driver.  See drivers/upsdrvctl.c:shutdown_driver(), and compare to
> > start_driver() in the same file. This has been so since ancient
> > history (I checked back to 1.5.0), so there must be a reason, but I
> > can't think of any.
> 
> I think the reason if fairly trivial, we never thought this would be needed.
> 
> > I have a good reason for passing "-u root": at the time the shutdown
> > script reaches power-off, most file systems, including the USB
> > filesystem, have been unmounted. One must remount the USB filesystem
> > to access the UPS. But at that point, hotplugging can't be relied
> > upon, and therefore I would like to run the driver as root.
> 
> You have every reason to do so and I want to take this even further. I
> don't think it is a good idea to drop privileges at all when running the
> shutdown command. So rather than appending '-u root', I would suggest to
> make dropping privileges in the main driver body depending on the command
> sent to the driver. If we're shutting down anyway, dropping privileges is
> probably a waste of effort and might even be counter productive (as you
> made very clear).

I am not sure I would go this far. We normally drop privileges to
prevent mischief, including the unintentional kind caused by
potentially-buggy software. I also think it is more confusing if the
driver with the -k option behaves differently than without the -k
option. People will not feel free to experiment much with the "-k"
option, since it is dangerous. They will therefore experiment without
the "-k" option as much as possible to determine how the driver
works. If the driver unexpectedly fails to drop privileges, a user
could potentially shut down their system when they expected a
permissions error instead. 

Appending -u root to the driver when -u root is given to upsdrvctl is
entirely logical and expected.

-- Peter