Re: Running a game server using start-stop-daemon and /etc/init.d

To: <debian-user@lists.debian.org>
Subject: Re: Running a game server using start-stop-daemon and /etc/init.d
From: "Adar Dembo" <a@darr.com>
Date: Thu, 1 Aug 2002 06:46:40 -0700
Message-id: <[🔎] 006f01c23961$dd539ad0$0400a8c0@adar>
References: <[🔎] 003301c23955$f48a4160$0400a8c0@adar> <[🔎] 20020801131215.GA21251@pinky.its.adelaide.edu.au>

That is a good question, and normally I'd agree, but by just adding sudo
priveledges to the exec, I force more work on the sudoers as follows:

1) In my original script, notice there was quite a long set of arguments
following the --exec statement. Typing all this by hand would be painful
and difficult to remember.

2) I need to run multiple instances of this process, each with a
slightly different set of arguments. For example, one server needs to
bind to UDP port 27910, and the other to 27920. This would complicate
things.

3) I want a quick, painless way to take down or restart a server, as
simple as "<scriptname> stop", rather than having to find it in the
process list. Furthermore, if I want to shut it down, the original
sudoer would somehow need to gain permission to kill a process now owned
by the user quake2. I am not sure quite how group priveledges work, but
I'd have to make a group, which all sudoers are part of, and get the
process to be run as part of that group as well, in order for an
original sudoer to have the necessary permissions to take down the
process.

4) I want the servers to all activate on boot time. When it's all
working I'll use rcconf and take care of that.

After some more thought, however, I wonder whether a "su quake2 -c..."
solution would work. The problem I'm getting with start-stop-daemon is
that --background isn't working. With an su -c solution, I'd have to
somehow force the process to fork, and I'm not sure how. Maybe prefixing
su -c with "sh" would open a separate shell. But I don't know for sure.

Also, do you think adding a chroot jail to the setup would be a good
idea? I know vaguely what it does, but it's such a pain to setup. Since
the default shell for the quake2 user would be /bin/false in the end
anyway, would a buffer overflow or similar exploit still be able to give
the hacker access to a shell? Or to anything for that matter? My
knowledge on security exploits is severely lacking...

-Adar Dembo
----- Original Message -----
From: "Tom Cook" <tom.cook@adelaide.edu.au>
To: <debian-user@lists.debian.org>
Sent: Thursday, August 01, 2002 6:12 AM
Subject: Re: Running a game server using start-stop-daemon and
/etc/init.d

Reply to:

Follow-Ups:
- Re: Running a game server using start-stop-daemon and /etc/init.d
  - From: Tom Cook <tom.cook@adelaide.edu.au>

References:
- Running a game server using start-stop-daemon and /etc/init.d
  - From: "Adar Dembo" <a@darr.com>
- Re: Running a game server using start-stop-daemon and /etc/init.d
  - From: Tom Cook <tom.cook@adelaide.edu.au>

Prev by Date: Debmirror error msg...
Next by Date: AltGr key not working anywhere in X
Previous by thread: Re: Running a game server using start-stop-daemon and /etc/init.d
Next by thread: Re: Running a game server using start-stop-daemon and /etc/init.d
Index(es):
- Date
- Thread