Provided by: nut-server_2.8.3-2_amd64 
NAME
upsd.users - Administrative user definitions for NUT upsd data server
DESCRIPTION
Administrative commands such as setting variables and the instant commands are powerful, and access to
them needs to be restricted. This file defines who may access them, and what is available.
IMPORTANT NOTES
• Contents of this file should be pure ASCII (character codes not in range would be ignored with a
warning message).
• Balance the run-time user permissions to access the file (and perhaps the directory it is in) for
only upsd to be able to read it; write access is not needed. It is common to use chown root:nut and
chmod 640 to set up acceptable file permissions.
• Packages (and build recipes) typically prepare one set of user and group accounts for NUT. Custom
builds with minimal configuration might even use nobody:nogroup or similar, which is inherently
insecure.
• On systems with extra security concerns, NUT drivers and data server should run as separate user
accounts which would be members of one same group for shared access to local Unix socket files
and the directory they are in, but different groups for configuration file access. This would
need some daemons to use customized user, group, RUN_AS_USER and/or RUN_AS_GROUP settings to
override the single built-in value.
• Note that the monitoring, logging, etc. clients are networked-only. They do not need access to
these files and directories, and can run as an independent user and group altogether.
• Keep in mind the security of also any backup copies of this file, e.g. the archive files it might
end up in.
SECTIONS
Each user gets its own section. The fields in that section set the parameters associated with that user’s
privileges. The section begins with the name of the user in brackets, and continues until the next user
name in brackets or EOF. These users are independent of /etc/passwd or other OS account databases.
Here are some examples to get you started:
[admin]
password = mypass
actions = set
actions = fsd
instcmds = all
[pfy]
password = duh
instcmds = test.panel.start
instcmds = test.panel.stop
[upswired]
password = blah
upsmon primary
[observer]
password = abcd
upsmon secondary
FIELDS
password
Set the password for this user.
actions
Allow the user to do certain things with upsd. To specify multiple actions, use multiple instances of
the actions field. Valid actions are:
SET
change the value of certain variables in the UPS
FSD
set the forced shutdown flag in the UPS. This is equivalent to an "on battery + low battery"
situation for the purposes of monitoring.
The list of actions is expected to grow in the future.
instcmds
Let a user initiate specific instant commands. Use "ALL" to grant all commands automatically. To
specify multiple commands, use multiple instances of the instcmds field. For the full list of what
your UPS supports, use upscmd -l.
The cmdvartab file supplied with the NUT distribution contains a list of most of the generally known
command names.
upsmon
Add the necessary actions for an upsmon process, and can be viewed as a role of a particular client
instance to work with this data server instance. This is either set to primary (may request FSD) or
secondary (follows critical situations to shut down when needed).
Do not attempt to assign actions to upsmon by hand, as you may miss something important. This method
of designating a "upsmon user" was created so internal capabilities could be changed later on without
breaking existing installations (potentially using actions that are not exposed for direct
assignment).
SEE ALSO
upsd(8), upsd.conf(5)
Internet resources:
The NUT (Network UPS Tools) home page: https://www.networkupstools.org/historic/v2.8.3/
Network UPS Tools 2.8.3 07/08/2025 UPSD.USERS(5)