Unix/Linux Go Back    

RedHat 9 (Linux i386) - man page for upsd.conf (redhat section 5)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

UPSD.CONF(5)			     Network UPS Tools (NUT)			     UPSD.CONF(5)

       upsd.conf - Configuration for Network UPS Tools upsd

       upsd  uses this file to control access to the server and set some other miscellaneous con-
       figuration values.  This file will contain passwords for your upsmon(8) clients,  so  keep
       it secure.  Ideally, only the upsd process should be able to read it.

       ACL name netblock

	      Define an Access Control List (ACL) called name that contains the network netblock.
	      The netblock can be either the old style, such as this for a traditional "class C":

		   ACL mynet

	      Or, you can use new-style "CIDR format":

		   ACL mynet

	      To just list one host, it would look like one of these:

		   ACL mybox

		   ACL mybox

	      ACLs are used whenever you need to refer to a network or host, such  as  in  ACCESS
	      definitions (below) and with "allowfrom" in upsd.users(5).

       ACCESS action level aclname [password]

	      Define  the  access to commands at level level by clients in the network defined by
	      ACL aclname, optionally requiring a password password.

	      The action can be one of three values:

		   grant - allow the clients to perform commands at this level.

		   deny - deny the clients access to commands at this level.

		   drop - like deny, but don't even respond to their query.

	      The level relates to the complexity of the command.  More important functions  like
	      editing  variables  inside the UPS require more privileges than merely checking the
	      status.  Each level includes the powers of the one before it.  Here are  the  valid

		   base - Allows TCP connections and very simple queries.  Valid commands are VER
	      and HELP.

		   monitor - "base", plus the ability to fetch variables  from	the  UPS.   Valid
	      commands are LISTRW, LISTVARS, and REQ.

		   login  -  Deprecated.  Implies monitor and base.  This is used by old versions
	      of upsmon in slave mode.	Newer versions of upsmon (1.1 and up) that send usernames
	      are granted access in upsd.users(5).

		   master  -  Deprecated.  Implies login, monitor and base.  Used by old versions
	      in master mode.  See login above.

		   all - match any level.  This really only should be used for "drop all all"  or
	      similar.	Granting "all" access to any host is not recommended.

	      The aclname is just one of your ACL definitions, as explained above.

	      The  password is only used for "login" or "master", and should not be set for lower
	      access levels.

       Here is an example configuration to show some of what is possible.

	    - "bigserver" has a UPS attached to a serial port.	It runs  the  driver,  upsd,  and
       upsmon  in  master  mode.   This  definition  is  also  referenced  with an "allowfrom" in

	    - "workstation" draws from the same UPS as "bigserver", but has to	monitor  it  over
       the network.  It runs upsmon in slave mode.   It is also referenced with an "allowfrom" in

	    - "webserver" doesn't get power from this UPS at all, but it runs the CGI programs so
       it can make nice status displays.

	    - an abuser is silently dropped

	    - everyone not yet covered is denied nicely

		   ACL bigserver
		   ACL workstation
		   ACL webserver
		   ACL abuser
		   ACL all

		   ACCESS grant monitor bigserver
		   ACCESS grant monitor workstation
		   ACCESS grant monitor webserver
		   ACCESS drop all abuser
		   ACCESS deny all all

       Access  controls  should  go from most specific to least specific.  The first match with a
       sufficient access level is the one used when applying permissions.

       Along the same lines, everyone is a member of "all", but we want to match everything  else
       first so they don't hit the deny at the bottom.

       If  you don't have a final "all" match at the bottom, it will force one for you as a deny.
       This means that you have to explicitly add an allow in order to allow the whole	world  to
       have access.

       Just think of it as a big repeating "if-then-else" structure.

       MAXAGE seconds

	      upsd usually allows the data from a driver to go up to 15 seconds without an update
	      before declaring it "stale".  If your driver can't reliably update  the  data  that
	      often but is otherwise working, you can use MAXAGE to make upsd wait longer.

	      You  should  only  use  this if your driver has difficulties keeping the data fresh
	      within the normal 15 second interval.  Watch the syslog for notifications from upsd
	      about staleness.

       STATEPATH path

	      Tell upsd to look for the state files in path rather than the default that was com-
	      piled into the program.

       upsd(8), nutupsdrv(8), upsd.users(5)

   Internet resources:
       The NUT (Network UPS Tools) home page: http://www.exploits.org/nut/

       NUT mailing list archives and information: http://lists.exploits.org/

					 Wed Oct 16 2002			     UPSD.CONF(5)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 02:44 PM.