Open andrewvillano opened 1 year ago
jimklimov
commented
1 year ago That seems to have been raised just recently on the mailing list and fedora bug tracker, and boils down to wrong packaging (no rights to write into /var/run, there should be a NUT-owned subdirectory):
Thanks to @svarshavchik for letting us know.
jimklimov
commented
1 year ago FYI: After a bit more digging in current codebase, I can say that NUT unprivileged daemons (drivers and upsd) default to using the ALTPIDPATH in fact -- which in turn defaults to STATEPATH e.g. /var/state/ups since both daemon types exchange pipe files there so may write there, but some package recipes configure it to e.g. /var/run/nut.
This can be seen by code lines preparing a pidfn (usually) with altpidpath() (see common/common.c) in drivers/main.c, drivers/upsdrvctl.c and server/upsd.c.
And then it gets messy in same common/common.c with:
writepid() which optionally uses PIDPATH (as defined, no ./nut subdir) if file name is not absolute, and withsendsignal() which combines PIDPATH (as defined, no ./nut subdir) and the progname to wrap sendsignalfn() (which reads PID from that absolute filename and signals the process in OS-dependent manner).These latter usages imply that PIDPATH is expected to be writable by nut processes and should not be the root-secured system location (e.g. /var/run directly) unless NUT tools and daemons run as root; can be /tmp however.
I'll post a clean-up PR to clarify this in configure script comments and docs, and "reference" init-scripts and packaging templates which use $PIDPATH/nut to confuse matters more.
Also linking to #123 which creeps out to other big discussions on PID files :)
Checking references to the methods mentioned above wit a focus on PIDPATH usage in current state of master branch:
:; git grep -E '(writepid|sendsignal|altpidpath) *\('clients/upslog.c
writepid(pidfilebase); just before become_user() so expected to be root at that point and may use even a privileged PIDPATH location. The pidfilebase is prog name or set by argument.clients/upsmon.c -- the one explicitly documented consumer of configure --with-pidpath
sendsignal(prog) (under PIDPATH) in some caseswritepid(prog) just before become_user() (if running as parent-child pipe and changing privileges at all; saving child PID then), so expected to be root at that point and may use even a privileged PIDPATH location.shutdowncmd (as root which is the purpose of this split). There is no separate PID file for the parent process.drivers/main.c
buffer with absolute driver PID file name under altpidpath(), used in https://github.com/networkupstools/nut/blob/ddbab26b5c595743bf02f9bb71b8d6ba18ce6bb2/drivers/main.c#L918 and https://github.com/networkupstools/nut/blob/ddbab26b5c595743bf02f9bb71b8d6ba18ce6bb2/drivers/main.c#L931-L933 to kill off an earlier instance if present, with full-path sendsignalfn().pidfn=buffer; writepid(pidfn); to save the PID value before possibly forking and backgrounding the driver (if backgrounding is enabled).writepid(pidfn); to save the PID value after possibly forking and backgrounding the driver (if backgrounding is enabled).sendsignal() only for WIN32 usecases (so not relying on PIDPATH for POSIX builds)drivers/upsdrvctl.c
pidfn variants under altpidpath() to stop_driver() and exits if none of those is presentstop_driver() uses the absolutely-pathed sendsignalfn() in POSIX use-casesscripts/Windows/wininit.c
sendsignal() (so not relying on PIDPATH for POSIX builds)server/upsd.c :
pidfn under altpidpath()sendsignal*() variants, with sendsignal() specifically called only for WIN32 usecases (so not relying on PIDPATH for POSIX builds)writepid(pidfn) with absolute path (so not relying on PIDPATH)
nut-driver.service as well as upsdrvctl is unable to start any of my snmp-ups devices individually or collectively.
These are the errors I'm seeing:
[root@xxxxx run]# upsdrvctl start nutdev7 Network UPS Tools - UPS driver controller 2.8.0 Network UPS Tools - Generic SNMP UPS driver 1.21 (2.8.0) writepid: fopen /var/run/snmp-ups-nutdev7.pid: Permission denied Detected Smart-UPS 2200 on host 10.100.2.49 (mib: apcc 1.6) [nutdev7] Warning: excessive poll failures, limiting error reporting (OID = .1.3.6.1.4.1.318.1.1.1.9.2.3.1.5.1.1.3) [nutdev7] Warning: excessive poll failures, limiting error reporting (OID = .1.3.6.1.4.1.318.1.1.1.9.3.3.1.6.1.1.1)
Fatal error: unable to create listener socket
bind /var/run/snmp-ups-nutdev7 failed: Permission denied
Exiting. Driver failed to start (exit status=1) [root@xxxxx run]#
Thanks in advance.