Being such a beginner, I didn't realize I was creating a problem with root...I took your advice and removed "sudo"...is that enough, or is there something else I should do for security? On 3/7/2021 5:06 AM, Roger Price wrote:> On Sat, 6 Mar 2021, Jon Kinne via Nut-upsuser wrote: > >> I created a script called "reboot_notify" and saved it in >> usr/local/bin, and it looks like this: > > Yes, good approach to the problem.? In my solution there was an > error.? Instead of "@reboot root ups-report &", I should have said > "@reboot nut ups-report &". It was bad security to execute as superuser. > >> # Have the system pause while all the mail elements load, >> ? sleep 60 >> # and then run the script: >> ? sudo /usr/local/bin/reboot_notify > > Do you need to get root involved?? If a hacker can substitute his > reboot_notify for yours, he gets full control. > > Roger > > _______________________________________________ > Nut-upsuser mailing list > Nut-upsuser at alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://alioth-lists.debian.net/pipermail/nut-upsuser/attachments/20210307/9fadb114/attachment.htm>
Roger Price
2021-Mar-07 16:40 UTC
[Nut-upsuser] Request For Additional Status Confirmation
On Sun, 7 Mar 2021, Jon Kinne via Nut-upsuser wrote:> # Have the system pause while all the mail elements load, > ? sleep 60 > # and then run the script: > ? sudo /usr/local/bin/reboot_notify > > Do you need to get root involved?? If a hacker can substitute his > reboot_notify for yours, he gets full control.> Being such a beginner, I didn't realize I was creating a problem with root...I > took your advice and removed "sudo"...is that enough, or is there something > else I should do for security?Hello Jon, Any script in rc.local is probably called by root, so it's best to follow the example of NUT itself and drop to a non-privileged with something like sudo -u nut /usr/local/bin/reboot_notify This list is relaxed about top posting versus bottom posting, but as you venture futher into the Linux world, you will meet lists which expect bottom posting, so it's helpful to get into the habit. Roger