[Nut-upsdev] [nut-Feature Requests][310492] Allow to specify hostnames in ACL (upsd.conf)

[Carlos Rodrigues]

On Jan 19, 2008 9:05 AM, Arjen de Korte <nut+devel at de-korte.org> wrote:
> The users may not have accounts on the box that the server is running on
> (in a networked environment for instance), so the above assumption may not
> be true. I don't think mandating that they have, is too restrictive. Also,
> since usernames and passwords are not encrypted before transmission
> (unless SSL is used, but this is not the default) I'm not too thrilled
> about the idea of using actual system accounts here. Sure its possible to
> create special system accounts for NUT use, but this pretty much defeats
> the whole purpose of making configuration easier.

The use of PAM would allow the use of local or centralized network
accounts for NUT access, but I don't think that should be a
requirement. Create a system account with nut privileges _only_ would
be a hassle to users.

> Indeed. So I propose to grant unrestricted RO access on all interfaces
> we're listening at. This means that only users with RW access need to be
> configured. Any objections?

Well, I don't think exposing information by default on a network is
ever a good idea. Even if that information seems innocent at first, at
least the fact that everyone can interact more with the server could
make small security bugs become critical.

-- 
Carlos Rodrigues