On Thu, Oct 24, 2002 at 02:40:47AM +0200, Josef Spillner wrote: > On Wednesday 23 October 2002 04:24, H. S. Teoh wrote: > > Well, I was a bit surprised when I installed crossfire-server and it > > automatically started the server. > Wow, a server which serves by default. > Now who'd think this was the case with... Apache? :) thanks, i'm not alone in the universe :) > > Besides, game servers aren't usually designed with system security in mind > > (I know crossfire isn't particularly strong in this respect). Starting > > them by default may be a security concern. > > We all know bind and sendmail have been designed with security in mind. :)) I never really understood why "game" always seemed to be assimilated to unfinished, unmaintained, unsecure, in short _BAD_ (tm) software for a lot of guys... not that it is never like this, but it's IMHO like any other kind of software... game != evil... While we are at it, I have one question about game'servers packaging... When I packaged tetrinetx first time, I had a doubt about: - where to put the binary ? - /usr/games (ok, it's about games, but it's a daemon) - /usr/sbin (theorically most daemons goes there... but a game server ? I had some users return who thought it was a FHS violation... and either dont shock me...) - where to put pids / highscores ? - /var/{run,lib} like anty others daemons ? - /var/games like any standard run-play-quit game ? - where to put logs ? - /var/log ... etc, etc, etc... Other thing: generally, games servers like tetrinetx use non-privileged ports... so they can be run as special-but-non-root(eg games), or standard users... So what to do in both case ? I use a suid on the server as games so it can write pid, logs, and other stuff when started by a standard user of the system... But a suid binary is really not something I like, and I at start not used chuid, just the --chuid option to start-stop-daemon in the init script. Result was that only root can exec the init script... So I finally suid-ed the binary so that normal users can launch it... Shortly, I have no clue where to put and how organize the whole stuff... I've done it "instinctively", but I'd really appreciate advices on this... Any clue ? :) Cheers, -- Helios de Creisquer <creis@debian.org>
Attachment:
pgpzCbuuBU61q.pgp
Description: PGP signature