Penguin
Recent Changes
Blame: upsd.conf(5)
EditPageHistoryDiffInfoLikePages
Annotated edit history of upsd.conf(5) version 2, including all changes. View license author blame.
Rev Author # Line
1 perry 1 UPSD.CONF
2 !!!UPSD.CONF
3 NAME
4 DESCRIPTION
5 ACCESS CONTROL CONFIGURATION
6 ACCESS CONTROL EXAMPLES
7 ACCESS CONTROL MATCHING
8 ACCESS CONTROL: POTENTIAL PROBLEMS TO AVOID
9 OTHER CONFIGURATION DIRECTIVES
10 SEE ALSO
11 ----
12 !!NAME
13
14
15 upsd.conf - Configuration for Network UPS Tools upsd
16 !!DESCRIPTION
17
18
19 upsd uses this file to control access to the server and set
20 some other miscellaneous configuration values. This file
21 will contain passwords for your upsmon(8) clients, so
22 keep it secure. Ideally, only the upsd process should be
23 able to read it.
24 !!ACCESS CONTROL CONFIGURATION
25
26
27 ACL ''name netblock''
28
29
30 Define an Access Control List (ACL) called ''name'' that
31 contains the network ''netblock''. The netblock can be
32 either the old style, such as this for a traditional
33 ''
34
35
36 ACL mynet 192.168.50.0/255.255.255.0
37
38
39 Or, you can use new-style
40
41
42 ACL mynet 192.168.50.0/24
43
44
45 To just list one host, it would look like one of
46 these:
47
48
49 ACL mybox 192.168.50.1/255.255.255.255
50
51
52 ACL mybox 192.168.50.1/32
53
54
55 ACLs are used whenever you need to refer to a network or
56 host, such as in ACCESS definitions (below) and with
57 upsd.users__(5).
58
59
60 ACCESS ''action level aclname''
61 ''password''''
62
63
64 Define the access to commands at level ''level'' by
65 clients in the network defined by ACL ''aclname'',
66 optionally requiring a password
67 ''password''.
68
69
70 The ''action'' can be one of three values:
71
72
73 grant - allow the clients to perform commands at this
74 level.
75
76
77 deny - deny the clients access to commands at this
78 level.
79
80
81 drop - like deny, but don't even respond to their
82 query.
83
84
85 The ''level'' relates to the complexity of the command.
86 More important functions like editing variables inside the
87 UPS require more privileges than merely checking the status.
88 Each level includes the powers of the one before it. Here
89 are the valid levels:
90
91
92 base - Allows TCP connections and very simple queries. Valid
93 commands are VER and HELP.
94
95
96 monitor -
97
98
99 login -
100 upsmon__(8) process know how many slaves are
101 connected.
102
103
104 master -
105 upsmon__(8) process. MASTER is allowed so upsmon can
106 check its privileges, and FSD allows it to set the
107 __
108
109
110 manager -
111 upsd.users__(5).
112
113
114 all - match any level. This really only should be used for
115
116
117 The ''aclname'' is just one of your ACL definitions, as
118 explained above.
119
120
121 Finally, the ''password'' is optional, and only applies
122 to the higher level functions. The client is required to
123 send this password to the server before any
124 ''
125 !!ACCESS CONTROL EXAMPLES
126
127
128 Here is an example configuration to show some of what is
129 possible.
130
131
132 -
133
134
135 -
136
137
138 -
139
140
141 - an abuser is silently dropped
142
143
144 - everyone not yet covered is denied nicely
145
146
147 ACL server 10.20.30.1/32
148 ACL workstation 10.20.30.2/32
149 ACL webserver 10.20.30.3/32
150 ACL abuser 192.168.255.128/32
151 ACL all 0.0.0.0/0
152 ACCESS grant master server magicpass
153 ACCESS grant login workstation anotherpass
154 ACCESS grant monitor webserver
155 ACCESS drop all abuser
156 ACCESS deny all all
157 !!ACCESS CONTROL MATCHING
158
159
160 Access controls should go from most specific to least
161 specific. The first match with a sufficient access level is
162 the one used when applying permissions.
163
164
165 Along the same lines, everyone is a member of
166
167
168 If you don't have a final
169 !!ACCESS CONTROL: POTENTIAL PROBLEMS TO AVOID
170
171
172 You can get into a bit of trouble if things are defined out
173 of order. Take the following example:
174
175
176 ACCESS grant master myhost pass2
177 ACCESS grant login myhost pass1
178
179
180 That looks fine at a glance, but will cause problems
181 whenever someone on
182
183
184 The solution is to put the most powerful lines last, so they
185 don't match too early.
186
187
188 ACCESS grant login myhost pass1
189 ACCESS grant master myhost pass2
190
191
192 This way, the manager functions miss the first line entirely
193 and instead match the second one, which has the right
194 password.
195 !!OTHER CONFIGURATION DIRECTIVES
196
197
198 MAXAGE ''seconds''
199
200
201 upsd usually allows the data from a driver to go up to 15
202 seconds without an update before declaring it
203
204
205 You should only use this if your model program has
206 difficulties keeping the data fresh within the normal 15
207 second interval. Watch the syslog for notifications from
208 upsd about staleness.
209
210
211 STATEPATH ''path''
212
213
214 Tell upsd to look for the state files in ''path'' rather
215 than the default that was compiled into the
216 program.
217 !!SEE ALSO
218
219
220 upsd(8), nutupsdrv(8),
2 perry 221 upsd.users(5)
1 perry 222
223
224 __Internet resources:__
225
226
227 The NUT (Network UPS Tools) home page:
228 http://www.exploits.org/nut/
229
230
231 NUT mailing list archives and information:
232 http://lists.exploits.org/
233 ----
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.