[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [Fwd: games user and group]

From: Michael Schwendt <bugs michael gmx net>
To: Discussion related to Fedora Extras <fedora-extras-list redhat com>
Subject: Re: [Fwd: games user and group]
Date: Wed, 1 Mar 2006 10:03:08 +0100

On Tue, 28 Feb 2006 16:47:27 -0800, Michael Thomas wrote:

> Daemon processes
> ================
> Some games such as wesnoth and xpilot-ng come with server daemons.  I
> see three choices for the owner of these daemon processes:
> 
> 1) root (ick!)
> 2) Allocate a separate '<gamename>' user for each package/daemon
> 3) Piggyback on the 'games' user
> 
> My preference would be #3.  Are there any drawbacks to reusing the
> 'games' user to run various game daemons?

Do you like to predict for the future that game no.1 should be able
to access files and directories from game no.2 and vice versa without
any security risks?

> File ownership
> ==============
> Almost every package that I see in FE uses %defattr(-,root,root,-).  Is
> there any reason why we shouldn't be using %defattr(-,games,games,-) for
> game packages (including documentation, manpages and such)?

This would be inherently insecure as any compromised game server using the
uid/gid games.games could alter the other executables and files.

Follow-Ups:
- Re: [Fwd: games user and group]
  - From: Michael Thomas

References:
- [Fwd: games user and group]
  - From: Michael Thomas

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]