[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [LCFC] templates://nethack/{nethack-common.templates}

Esko Arajärvi wrote:
>> After a great deal of picking at it I've ended up with this:
>>
>>  _Description: Use setgid bit with NetHack's recover utility?
>>   The "recover" program in the package nethack-common is traditionally
>>   installed with the "setgid" bit set, so that all users can use it to
>>   recover their own save files after a crash (with "games" group
>>   privileges). This is a potential source of security problems.
>>   .
>>   This package includes a script that runs during system boot, invoking
>>   recover on any broken save files it finds. This makes it less likely
>>   that users will need to run it themselves, so the default is to install
>>   recover without special permission bits.
>>   .
>>   If you choose this option, normal users will be able to run "recover".
>>
>> Is this an improvement?
> 
> I like this version. The only comment is that first and last chapters both 
> tell how the recovery works if this option is chosen. This version doesn't 
> tell what the situation is if this option is not chosen. Therefore I would
> either keep the last chapter intact or combine the last chapters of old and 
> new.

The simplest fix would be to add a few words to the middle paragraph:

     [...], so the default is to install
     recover without the special permission bits required for that.

Revised template with that and Christian's tweak attached.

> Another thing, which doesn't really concern the template, is that run during 
> system boot probably doesn't help very many people (I would think). It helps 
> if Nethack crashed because the playing server booted, but in other situations 
> that recovery would be too late. If my connection drops I would like to 
> continue playing as soon as I get the connection up, not when the server is 
> booted for kernel upgrade five months later. :-)

There's always "sudo /etc/init.d/nethack-common start".
-- 
JBR
Hurrah!  A unicorn horn, now I can fight Juiblex...

Template: nethack-common/recover-setgid
Type: boolean
Default: false
_Description: Use setgid bit with NetHack's recover utility?
 The "recover" program in the package nethack-common is traditionally
 installed with the "setgid" bit set, so that all users can use it to
 recover their own save files after a crash (with "games" group
 privileges). This is a potential source of security problems.
 .
 This package includes a script that runs during system boot, invoking
 recover on any broken save files it finds. This makes it less likely
 that users will need to run it themselves, so the default is to install
 recover without the special permission bits required for that.
 .
 If you choose this option, unprivileged users will be able to run "recover".
Reply to: