net/nut: Fix '/var/run' world readable warning

Use /var/run/nut as statepath and set appropriate owner
and permissions on /var/run/nut in order to avoid pidfile
for nut being world-readable.

Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>

diff --git a/net/nut/Makefile b/net/nut/Makefile
index c2c38da984b4e05caf555d421c78e06ec42c0747..bd450a4699acd65d199656eaecd0901897a4a9b0 100644 (file)
--- a/net/nut/Makefile
+++ b/net/nut/Makefile
@@ -506,7 +506,7 @@ CONFIGURE_ARGS += \
        --without-freeipmi \
        --$(if $(CONFIG_NUT_SSL),with,without)-ssl $(if $(CONFIG_NUT_SSL),--with-openssl) \
        --without-libltdl \
-       --with-statepath=/var/run \
+       --with-statepath=/var/run/nut \
        --with-drvpath=/lib/nut \
        --with-user=root \
        --with-group=root

diff --git a/net/nut/files/nut-monitor.init b/net/nut/files/nut-monitor.init
index a629f91bf155b4efdec0cd53670aa74a32d8e528..388c376ee9e5d048942470db900926a253b80ca6 100755 (executable)
--- a/net/nut/files/nut-monitor.init
+++ b/net/nut/files/nut-monitor.init
@@ -143,9 +143,6 @@ nut_upsmon_add() {
 }
 
 start_service() {
-       [ -d $RUN_D ] || mkdir -p $RUN_D
-        mkdir -p /var/etc/nut
-        chmod 640 /var/etc/nut
        rm -f $UPSMON_C
 
        config_load nut_monitor
@@ -159,6 +156,11 @@ start_service() {
        chmod 640 $UPSMON_C
        chmod 640 /var/etc/nut/nut.conf
 
+       [ -d /var/run/nut ] || {
+               mkdir -m 0750 -p /var/run/nut
+               chown ${runas:-root}:$(id -gn ${runas:-root}) /var/run/nut
+       }
+
        chown ${runas:-root}:$(id -gn ${runas:-root}) $UPSMON_C
        $DEBUG /usr/sbin/upsmon $UPSMON_OPTIONS
 }

diff --git a/net/nut/files/nut-server.init b/net/nut/files/nut-server.init
index 0d6a06915206228f7ae8d7054d019ada760ce612..e064dd721358bb31681fca75f8ccb4146e31e9a6 100755 (executable)
--- a/net/nut/files/nut-server.init
+++ b/net/nut/files/nut-server.init
@@ -22,6 +22,11 @@ listen_address() {
     echo "LISTEN $address $port" >>$UPSD_C
 }
 
+upsd_statepath() {
+    local cfg="$1"
+    config_get statepath "$cfg" statepath
+}
+
 upsd_config() {
     local cfg="$1"
     local maxage maxconn certfile
@@ -116,6 +121,10 @@ start_service() {
        chmod 0640 $UPS_C
        chmod 0640 $UPSD_C
        chmod 0640 /var/etc/nut/nut.conf
+       [ -d "${statepath:-/var/run/nut}" ] || {
+               mkdir -m 0750 -p "${statepath:-/var/run/nut}"
+               chown $runas:$(id -gn $runas) "${statepath:-/var/run/nut}"
+       }
 
        if [ -n "$runas" ]; then
                chown -R $runas:$(id -gn $runas) /var/etc/nut
@@ -134,12 +143,13 @@ nut_driver_stop() {
 
        config_get driver "$cfg" driver
 
-       [ -r /var/run/$driver-$cfg ] && /usr/sbin/upsdrvctl stop $cfg
+       [ -r ${statepath:-/var/run/nut}/$driver-$cfg ] && /usr/sbin/upsdrvctl stop $cfg
 }
 
 stop_service() {
        [ -r $PID_F ] && /usr/sbin/upsd -c stop
        config_load ups
+       config_foreach upsd_statepath upsd
        config_foreach nut_driver_stop driver
 }