Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
upsd.conf(5)
Edit
PageHistory
Diff
Info
LikePages
UPSD.CONF !!!UPSD.CONF NAME DESCRIPTION ACCESS CONTROL CONFIGURATION ACCESS CONTROL EXAMPLES ACCESS CONTROL MATCHING ACCESS CONTROL: POTENTIAL PROBLEMS TO AVOID OTHER CONFIGURATION DIRECTIVES SEE ALSO ---- !!NAME upsd.conf - Configuration for Network UPS Tools upsd !!DESCRIPTION upsd uses this file to control access to the server and set some other miscellaneous configuration values. This file will contain passwords for your upsmon(8) clients, so keep it secure. Ideally, only the upsd process should be able to read it. !!ACCESS CONTROL CONFIGURATION ACL ''name netblock'' Define an Access Control List (ACL) called ''name'' that contains the network ''netblock''. The netblock can be either the old style, such as this for a traditional '' ACL mynet 192.168.50.0/255.255.255.0 Or, you can use new-style ACL mynet 192.168.50.0/24 To just list one host, it would look like one of these: ACL mybox 192.168.50.1/255.255.255.255 ACL mybox 192.168.50.1/32 ACLs are used whenever you need to refer to a network or host, such as in ACCESS definitions (below) and with upsd.users__(5). ACCESS ''action level aclname'' ''password'''' Define the access to commands at level ''level'' by clients in the network defined by ACL ''aclname'', optionally requiring a password ''password''. The ''action'' can be one of three values: grant - allow the clients to perform commands at this level. deny - deny the clients access to commands at this level. drop - like deny, but don't even respond to their query. The ''level'' relates to the complexity of the command. More important functions like editing variables inside the UPS require more privileges than merely checking the status. Each level includes the powers of the one before it. Here are the valid levels: base - Allows TCP connections and very simple queries. Valid commands are VER and HELP. monitor - login - upsmon__(8) process know how many slaves are connected. master - upsmon__(8) process. MASTER is allowed so upsmon can check its privileges, and FSD allows it to set the __ manager - upsd.users__(5). all - match any level. This really only should be used for The ''aclname'' is just one of your ACL definitions, as explained above. Finally, the ''password'' is optional, and only applies to the higher level functions. The client is required to send this password to the server before any '' !!ACCESS CONTROL EXAMPLES Here is an example configuration to show some of what is possible. - - - - an abuser is silently dropped - everyone not yet covered is denied nicely ACL server 10.20.30.1/32 ACL workstation 10.20.30.2/32 ACL webserver 10.20.30.3/32 ACL abuser 192.168.255.128/32 ACL all 0.0.0.0/0 ACCESS grant master server magicpass ACCESS grant login workstation anotherpass ACCESS grant monitor webserver ACCESS drop all abuser ACCESS deny all all !!ACCESS CONTROL MATCHING Access controls should go from most specific to least specific. The first match with a sufficient access level is the one used when applying permissions. Along the same lines, everyone is a member of If you don't have a final !!ACCESS CONTROL: POTENTIAL PROBLEMS TO AVOID You can get into a bit of trouble if things are defined out of order. Take the following example: ACCESS grant master myhost pass2 ACCESS grant login myhost pass1 That looks fine at a glance, but will cause problems whenever someone on The solution is to put the most powerful lines last, so they don't match too early. ACCESS grant login myhost pass1 ACCESS grant master myhost pass2 This way, the manager functions miss the first line entirely and instead match the second one, which has the right password. !!OTHER CONFIGURATION DIRECTIVES MAXAGE ''seconds'' upsd usually allows the data from a driver to go up to 15 seconds without an update before declaring it You should only use this if your model program has difficulties keeping the data fresh within the normal 15 second interval. Watch the syslog for notifications from upsd about staleness. STATEPATH ''path'' Tell upsd to look for the state files in ''path'' rather than the default that was compiled into the program. !!SEE ALSO upsd(8), nutupsdrv(8), upsd.users(5) __Internet resources:__ The NUT (Network UPS Tools) home page: http://www.exploits.org/nut/ NUT mailing list archives and information: http://lists.exploits.org/ ----
5 pages link to
upsd.conf(5)
:
upsd(8)
upsmon(8)
upsmon.conf(5)
upsset.conf(5)
Man5u
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.
