NUT, devd and USB interface of UPS

cy@ said:
Do you use VirtualBox on this machine to run any VMs?
Click to expand...
I have not yet lost the ability to compile the package I need and run it on the server without using virtual machine hypervisors, dockers with kubernetes, and even jail.
 
ogogon said:
I have not yet lost the ability to compile the package I need and run it on the server without using virtual machine hypervisors, dockers with kubernetes, and even jail.
Click to expand...
That didn't answer the question.

Let's rephrase the question. The virtualbox-ose package makes an incompatible change to devfs forcing USB devices to be owned by root. Is virtualbox-ose installed on the machine? If you did, virtualbox-ose will change ownership of devices back to root after nut's devfs has chowned them to "nut." Private emails with a nut user this spring with virtualbox-ose installed showed us that virtualbox-ose put the following in devfs.rules:

Code: 
[system=10]
add path 'usb/*' mode 0660 group operator

Anything like the above will override anything devd does on the behalf of nut to change ownership and/or permissions of USB devices.

There are other packages that alter devfs.conf or devfs.rules or have instructions to tell the user to alter these files to allow the package to function properly, just like vritualbox-ose. devfs rules are applied *after* devd has established them.

A quick scan through the ports tree shows the following packages altering devfs.rule in some way to override nut's devd file.

audio/beep
audio/playumidi
comms/ebusd
deskutils/calibre
devel/libburn
devel/openocd
emulators/qemu
emulators/qemu
emulators/qemu
emulators/qemu-devel
emulators/qemu-devel
emulators/qemu-devel
emulators/qemu7
emulators/qemu7
emulators/qemu7
emulators/virtualbox-ose
emulators/virtualbox-ose-legacy
graphics/entangle
graphics/epsonscan2
graphics/sane-backends
misc/digitemp
misc/pyobd
multimedia/libcec
multimedia/plexmediaserver
multimedia/plexmediaserver
multimedia/plexmediaserver
multimedia/plexmediaserver
multimedia/plexmediaserver-plexpass
multimedia/plexmediaserver-plexpass
multimedia/plexmediaserver-plexpass
multimedia/plexmediaserver-plexpass
security/fprint_demo
security/fprint_demo
security/vuxml/vuln/2016.xml
security/vuxml/vuln/2016.xml
security/vuxml/vuln/2022.xml
sysutils/appjail
sysutils/appjail-devel
sysutils/auto-admin
sysutils/cbsd
sysutils/dvdisaster
sysutils/dvdisaster
sysutils/dvdisaster
sysutils/jailrc
sysutils/jailrc
sysutils/jailrc
sysutils/jailrc
sysutils/k3b
sysutils/k3b
sysutils/py-qmk
sysutils/qjail
sysutils/qjail54
sysutils/reggae
sysutils/runit-faster

Any one of these packages may conflict with nut's devd configuration.

What other packages are installed on the machine?

A workaround might be to change usb/* mode to 0666 in a hand-crafted devfs.rules entry.
 
cy@ said:
That didn't answer the question.

Let's rephrase the question. The virtualbox-ose package makes an incompatible change to devfs forcing USB devices to be owned by root. Is virtualbox-ose installed on the machine? If you did, virtualbox-ose will change ownership of devices back to root after nut's devfs has chowned them to "nut." Private emails with a nut user this spring with virtualbox-ose installed showed us that virtualbox-ose put the following in devfs.rules:

Code: 
[system=10]
add path 'usb/*' mode 0660 group operator
Click to expand...
I apologize if my answer was not specific.
I have never installed the 'virtualbox-ose' package on this server.

Just in case:
Code: 
ogogon@server:/etc# grep usb /etc/devd.conf /usr/local/etc/devd/*
/etc/devd.conf:# script is called pccard_ether. We omit the usbus devices because those
/etc/devd.conf:# allow usb traffic to be captured with usbdump(8).
/etc/devd.conf:    match "subsystem"    "!(usbus|wlan)[0-9]+";
/etc/devd.conf:# by usb_template(4).
ogogon@server:/etc# grep operator /etc/devd.conf /usr/local/etc/devd/*
ogogon@server:/etc# grep 0660 /etc/devd.conf /usr/local/etc/devd/*
ogogon@server:/etc#

cy@ said:
Anything like the above will override anything devd does on the behalf of nut to change ownership and/or permissions of USB devices.

There are other packages that alter devfs.conf or devfs.rules or have instructions to tell the user to alter these files to allow the package to function properly, just like vritualbox-ose. devfs rules are applied *after* devd has established them.

A quick scan through the ports tree shows the following packages altering devfs.rule in some way to override nut's devd file.

audio/beep
audio/playumidi
comms/ebusd
deskutils/calibre
devel/libburn
devel/openocd
emulators/qemu
emulators/qemu
emulators/qemu
emulators/qemu-devel
emulators/qemu-devel
emulators/qemu-devel
emulators/qemu7
emulators/qemu7
emulators/qemu7
emulators/virtualbox-ose
emulators/virtualbox-ose-legacy
graphics/entangle
graphics/epsonscan2
graphics/sane-backends
misc/digitemp
misc/pyobd
multimedia/libcec
multimedia/plexmediaserver
multimedia/plexmediaserver
multimedia/plexmediaserver
multimedia/plexmediaserver
multimedia/plexmediaserver-plexpass
multimedia/plexmediaserver-plexpass
multimedia/plexmediaserver-plexpass
multimedia/plexmediaserver-plexpass
security/fprint_demo
security/fprint_demo
security/vuxml/vuln/2016.xml
security/vuxml/vuln/2016.xml
security/vuxml/vuln/2022.xml
sysutils/appjail
sysutils/appjail-devel
sysutils/auto-admin
sysutils/cbsd
sysutils/dvdisaster
sysutils/dvdisaster
sysutils/dvdisaster
sysutils/jailrc
sysutils/jailrc
sysutils/jailrc
sysutils/jailrc
sysutils/k3b
sysutils/k3b
sysutils/py-qmk
sysutils/qjail
sysutils/qjail54
sysutils/reggae
sysutils/runit-faster

Any one of these packages may conflict with nut's devd configuration.

What other packages are installed on the machine?
Click to expand...
None of the listed packages were installed on the machine.
(About vuxml - was that a joke? This is a vulnerability database, why does it need to change the rights in the /dev/usb directory?)

cy@ said:
A workaround might be to change usb/* mode to 0666 in a hand-crafted devfs.rules entry.
Click to expand...
At the time of the unsuccessful launch, the device is already readable using group rights, but this leads to nothing.
Is it correct that the package is installed with the owner 'root:wheel' and not 'nut:nut'? Why then, all these preparations?
Code: 
ogogon@server:/etc# ls -alg /usr/local/sbin/upsmon /usr/local/libexec/nut/usbhid-ups /usr/local/sbin/upsd
-rwxr-xr-x  1 root  wheel  288624 11 Feb. 05:48 /usr/local/libexec/nut/usbhid-ups
-rwxr-xr-x  1 root  wheel  100088 11 Feb. 05:48 /usr/local/sbin/upsd
-rwxr-xr-x  1 root  wheel   72344 11 Feb. 05:47 /usr/local/sbin/upsmon
ogogon@server:/etc# ls -alg /usr/local/libexec/nut/

And one more question - from which user does run the package from rc-script /usr/local/etc/rc.d/nut?
The user 'nut' is not explicitly indicated there anywhere, but in a number of calls the user 'uucp' is clearly indicated.
This is right? Does the system know that it needs to run the package from the 'nut' user?

sh: 
#!/bin/sh

# PROVIDE: nut
# REQUIRE: NETWORKING NETWORK devfs devd syslogd
# BEFORE: LOGIN
# KEYWORD: shutdown

# Define these nut_* variables in one of these files:
#       /etc/rc.conf
#       /etc/rc.conf.local
#       /etc/rc.conf.d/nut
#
# DO NOT CHANGE THESE DEFAULT VALUES HERE
#
nut_enable=${nut_enable:-"NO"}
nut_prefix=${nut_prefix:-"/usr/local"}
nut_upsshut=${nut_upsshut:-"NO"}

. /etc/rc.subr

name="nut"
rcvar=nut_enable

load_rc_config $name

required_dirs="/var/db/nut"
required_files="${nut_prefix}/etc/nut/ups.conf ${nut_prefix}/etc/nut/upsd.conf ${nut_prefix}/etc/nut/upsd.users"
command="${nut_prefix}/sbin/upsd"
pidfile="/var/db/nut/upsd.pid"

start_precmd="nut_prestart"
stop_postcmd="nut_poststop"

nut_file_fixup=${nut_file_fixup:-"YES"}

nut_prestart() {
        #
        # As of PR/268960 UID/GID uucp is no longer used by nut.
        # Instead UID/GID nut is used. Make sure preexisting nut files
        # and directories are owned by nut instead of uucp.
        #
        if [ "${nut_file_fixup}" == "YES" ]; then
                find ${nut_prefix}/etc/nut -user uucp -exec chown nut {} \;
                find ${nut_prefix}/etc/nut -group uucp -exec chgrp nut {} \;
                find /var/db/nut -user uucp -exec chown nut {} \;
                find /var/db/nut -group uucp -exec chgrp nut {} \;
        fi

        ${nut_prefix}/sbin/upsdrvctl start
}


nut_poststop() {
        if ${nut_prefix}/sbin/upsdrvctl stop && checkyesno nut_upsshut; then
                if ${nut_prefix}/sbin/upsmon -K; then
                        ${nut_prefix}/sbin/upsdrvctl shutdown
                fi
        fi

}

extra_commands=reload
reload()
{
 kill -HUP `cat $pidfile`
}

run_rc_command "$1"
 
Something has changed USB permissions. Insert a logger command in nut's devd.conf file to log the permissions change. Then note in /var/log/messages when devd has acted on the event.

The the rc script runs under the root account but nut itself will setuid(2) to its own account after it has initialized.

To make sure, list the USB vendor and product IDs for your UPS. It may show up as an HID device. The nut devd rule excludes HID devices, because UPS's are not HID devices.
 
cy@ said:
Something has changed USB permissions. Insert a logger command in nut's devd.conf file to log the permissions change. Then note in /var/log/messages when devd has acted on the event.
Click to expand...
What arguments should I give to the acction 'logger' to get the necessary information? What exactly should he report to the log?

cy@ said:
To make sure, list the USB vendor and product IDs for your UPS. It may show up as an HID device. The nut devd rule excludes HID devices, because UPS's are not HID devices.
Click to expand...
I'm sorry, but there's some kind of misunderstanding here. As I understand it, my UPS is defined precisely as HID. And to work with it, the 'usbhid-ups' module is used.
The UPS model, how it is detected by the NUT scanner and the config for it are fully given in my first post on this topic.
 
Before we apply a logger "patch" to the nut devd.conf, post output from usbconfig dump_device_desc for your ups, please.
 
cy@ said:
Before we apply a logger "patch" to the nut devd.conf, post output from usbconfig dump_device_desc for your ups, please.
Click to expand...
Here it is:
Code: 
ogogon@server:/etc/devd# usbconfig dump_device_desc ugen0.2
ugen0.2: <POWERCOM Co.,LTD Unknown UPS (off)> at usbus0, cfg=0 md=HOST spd=LOW (1.5Mbps) pwr=ON (100mA)

  bLength = 0x0012
  bDescriptorType = 0x0001
  bcdUSB = 0x0110
  bDeviceClass = 0x0000  <Probed by interface class>
  bDeviceSubClass = 0x0000
  bDeviceProtocol = 0x0000
  bMaxPacketSize0 = 0x0008
  idVendor = 0x0d9f
  idProduct = 0x00a3
  bcdDevice = 0x0001
  iManufacturer = 0x0003  <POWERCOM Co.,LTD  >
  iProduct = 0x0001  <SRT-2000   SRTV1.8   >
  iSerialNumber = 0x0002  <4A3-0000-0001  >
  bNumConfigurations = 0x0001

ogogon@server:/etc/devd#
 
I can see it in the quirks table.

Now put a logger command into /usr/local/etc/devd/nut-usb.conf. man 1 logger will give you the syntax.
 
You must log in or register to reply here.
Back
Top