[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /var/games/package must be 770

On Fri, 1 Mar 2002 15:04, Bill Allombert wrote:
> When you run a setgid binary you still own the files you create. When you
> own a file you overwrite it *unless* it is in a directory you can not chdir
> in.
> There is no way to allow a user to read a file he own but to disallow him
> to overwrite it.
> So either highscore files are created owned by root at the installation of
> the game and there is no reaon to have the directory writable by games,
> either they are created by the first user who play the game and then they
> should in a 770 (or 774) directory.

For best possible operation the file should have been created as root-owned.  
If a previous version of the game didn't do that then the file should be 
chown()'d to root to correct this.

Only if the game is creating new files all the time will it be necessary to 
have the directory mode 770.

The benefit of having the file owned by root instead of by the user is in 
systems that have quotas enabled.  Consider the case where the user runs out 
of disk space but can't free any space because it's taken up by files in 
directories they can't read.  Also consider the case where the quotas of user 
A (who owns the file) prevent user B from playing the game because the file 
can't be extended (could be a DOS attack against high score files - do
"cat /dev/zero > ~/big-file" in your .logout to stop someone from beating 
your high score).

If you send email to me or to a mailing list that I use which has >4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.

Reply to: