The downside to doing it this way is that autoupdate will not work.
When updates are released, you'll need to kill the server and run the
update process as userX, and then start up the server again as userY.
If you use the same user for running and updating, you can simply
restart the server and let the autoupdater do its thing.
- Dave
Daniel Nilsson wrote:
> Cool!
>
> Thanx for an good explanation :)
>
> //Daniel
>
> Tomé Duarte skrev 2010-04-13 18:45:
>> Hello Daniel,
>>
>> You should be able to do that by creating:
>> - users: userRunGS& userUpdateGS
>> - groups: groupUpdateGS - add userUpdateGS to this one
>>
>> Then change ownership of every dir/file to userRunGS:groupUpdateGS.
>> After that, change permissions on every dir/file to:
>> - remove userRunGS write permission, leaving it only on the files you want
>> - set writable permission for group groupUpdateGS
>>
>> That way, you can:
>> - run the gameserver with userRunGS; exploits can't write to any file you
>> don't want
>> - update the gameserver with userUpdateGS; since he belongs to
>> groupUpdateGS there won't be any permission problems.
>>
>> If you have any questions on how to add this, I suggest reading the
>> following man pages: chown(1), chmod(1), groupadd(8) and useradd(8). For
>> reference, this
>> <http://tldp.org/HOWTO/Security-HOWTO/file-security.html>might come in
>> handy too.
>>
>> Cheers,
>> Tomé Duarte
>>
>> Connect with me via:
>> Twitter: http://twitter.com/tomeduarte
>> LinkedIn: http://www.linkedin.com/in/tduarte
>>
>>
>> On 13 April 2010 15:54, Cc2iscooL<cc2isc...@gmail.com> wrote:
>>
>>
>>> Because there are exploits that allow clients to upload to the server
>>> directories.
>>>
>>> To op, there's plenty of stuff if you google around for chmod.
>>>
>>> On Apr 13, 2010 11:49 AM, "f0rkz"<h...@f0rkznet.net> wrote:
>>>
>>> Sounds like a prickly spider web to me. Why do you need UserX and
>>> UserY, why not just have a user that writes and runs.
>>>
>>> -f0rkz
>>>
>>>
>>> On Tue, 2010-04-13 at 17:29 +0200, Daniel Nilsson wrote:
>>>
>>>> Have read some info about how to host a ...
>>>>
>>> _______________________________________________
>>> To unsubscribe, edit your list preferences, or view the list archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>>
>> _______________________________________________
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives, please
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
--
Dave Parker
Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
