[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Game packages starting servers?



On Thu, Oct 24, 2002 at 02:40:47AM +0200, Josef Spillner wrote:
> On Wednesday 23 October 2002 04:24, H. S. Teoh wrote:

> > Well, I was a bit surprised when I installed crossfire-server and it
> > automatically started the server.

> Wow, a server which serves by default.
> Now who'd think this was the case with... Apache?

:) thanks, i'm not alone in the universe :)

> > Besides, game servers aren't usually designed with system security in mind
> > (I know crossfire isn't particularly strong in this respect). Starting
> > them by default may be a security concern.
> 
> We all know bind and sendmail have been designed with security in mind.

:))

I never really understood why "game" always seemed to be assimilated  to
unfinished, unmaintained, unsecure, in short _BAD_ (tm) software  for  a
lot of guys... not that it is never like this, but it's  IMHO  like  any
other kind of software... game != evil...

While we are at it, I have one question about game'servers  packaging...
When I packaged tetrinetx first time, I had a doubt about:

        - where to put the binary ?
                - /usr/games (ok, it's about games, but it's a daemon)
                - /usr/sbin (theorically most daemons goes there...  but
                  a game server ? I had some users return who thought it
                  was a FHS violation... and either dont shock me...)

        - where to put pids / highscores ?
                - /var/{run,lib} like anty others daemons ?
                - /var/games like any standard run-play-quit game ?

        - where to put logs ?
                - /var/log ...

                etc, etc, etc...

Other thing: generally, games servers like tetrinetx use  non-privileged
ports... so they  can  be  run  as  special-but-non-root(eg  games),  or
standard users... So what to do in both case ?

I use a suid on the server as games so it can write pid, logs, and other
stuff when started by a standard user of the system...

But a suid binary is really not something I like, and  I  at  start  not
used chuid, just the --chuid option to  start-stop-daemon  in  the  init
script. Result was that only root can  exec  the  init  script...  So  I
finally suid-ed the binary so that normal users can launch it...

Shortly, I have no clue where to put and how organize the whole stuff...
I've done it "instinctively",  but  I'd  really  appreciate  advices  on
this...

Any clue ? :)

Cheers,
-- 
Helios de Creisquer <creis@debian.org>

Attachment: pgp5TZdGXTpKD.pgp
Description: PGP signature


Reply to: