[Fwd: games user and group]
Bill Nottingham
notting at redhat.com
Wed Mar 1 01:36:10 UTC 2006
Michael Thomas (wart at kobold.org) said:
> Daemon processes
> ================
> Some games such as wesnoth and xpilot-ng come with server daemons. I
> see three choices for the owner of these daemon processes:
>
> 1) root (ick!)
> 2) Allocate a separate '<gamename>' user for each package/daemon
> 3) Piggyback on the 'games' user
>
> My preference would be #3. Are there any drawbacks to reusing the
> 'games' user to run various game daemons?
Someone who compromises one game server could compromise
any other servers running under the same user, etc.
> File ownership
> ==============
> Almost every package that I see in FE uses %defattr(-,root,root,-). Is
> there any reason why we shouldn't be using %defattr(-,games,games,-) for
> game packages (including documentation, manpages and such)?
There's no reason to really have the files owned by the games user;
in fact, it's probably more secure to leave them owned by root, and
just leave the scorefiles owned by games.
Bill
More information about the fedora-extras-list
mailing list