User that’s runs the server: userrun belongs to group grouprun, has only write acess to some dirs. User that’s updates the server: userupdate belongs to group groupupdate and has write acess to all dirs.
Have tried to understand the different manuals and tutorials online. Does this seem okey? groupadd grouprun useradd -G grouprun userrun passwd userrun groupadd groupupdate useradd -G groupupdate userupdate passwd userupdate Goto dir: chown userrun:groupupdate –R . chmod u+rwX -R . userupdate chmod ugo-r -R . userrun Goto log/other writable dirs: chmod u+rwX -R . userrun //Daniel 2010/4/13 Tomé Duarte <tome.dua...@gmail.com>: > Hello Daniel, > > You should be able to do that by creating: > - users: userRunGS & userUpdateGS > - groups: groupUpdateGS - add userUpdateGS to this one > > Then change ownership of every dir/file to userRunGS:groupUpdateGS. > After that, change permissions on every dir/file to: > - remove userRunGS write permission, leaving it only on the files you want > - set writable permission for group groupUpdateGS > > That way, you can: > - run the gameserver with userRunGS; exploits can't write to any file you > don't want > - update the gameserver with userUpdateGS; since he belongs to > groupUpdateGS there won't be any permission problems. > > If you have any questions on how to add this, I suggest reading the > following man pages: chown(1), chmod(1), groupadd(8) and useradd(8). For > reference, this > <http://tldp.org/HOWTO/Security-HOWTO/file-security.html>might come in > handy too. > > Cheers, > Tomé Duarte > > Connect with me via: > Twitter: http://twitter.com/tomeduarte > LinkedIn: http://www.linkedin.com/in/tduarte > > > On 13 April 2010 15:54, Cc2iscooL <cc2isc...@gmail.com> wrote: > >> Because there are exploits that allow clients to upload to the server >> directories. >> >> To op, there's plenty of stuff if you google around for chmod. >> >> On Apr 13, 2010 11:49 AM, "f0rkz" <h...@f0rkznet.net> wrote: >> >> Sounds like a prickly spider web to me. Why do you need UserX and >> UserY, why not just have a user that writes and runs. >> >> -f0rkz >> >> >> On Tue, 2010-04-13 at 17:29 +0200, Daniel Nilsson wrote: >> > Have read some info about how to host a ... >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
