Crossfire - nonroot daemon user/group

yerp · Post by **yerp** » Thu Feb 17, 2005 4:01 am

As with some of the mainstream daemons, they tend to come with privuser:privuser permission, as is the case with apache/httpd it may run as apache:apache.

I donot wish for the crossfire server to run as root:root.

It seems like this would be a nice feature, but I have no clue how much changes this may entail and whether or not this is truly good practice.

I can see an issue coming in with people installing the server not knowing that they need to pass something like:

Code: Select all

groupadd crossfire &&
useradd -c 'crossfire -detach' -d /dev/null -g crossfire -s /bin/false -u 134 crossfire &&
chown -R crossfire:crossfire /usr/local/{share/crossfire,etc/crossfire,var/crossfire}

If that were a case, could you put this as a feature that is by default off with autoconf??

poof · Post by **poof** » Thu Feb 17, 2005 10:33 am

I just make a user "crossfire" on our in-house game server and then set compile time switches to use the /home/crossfire directory as the root directory. Then I run the daemon as that user.group from inside that directory tree. You (or anyone on a *n?x box) can do the same. Works fine.

Perhaps this should be the suggested way of compiling and running the crossfire daemon in the README. But leave the "traditional" *n?x tree structure the default.

cavesomething · Post by **cavesomething** » Thu Feb 17, 2005 10:45 am

poof wrote: But leave the "traditional" *n?x tree structure the default.

Leave? The crossfire server at the moment defaults to somewhere rather weird, in /usr/games/crossfire but with var/ bin/ share/, etc under them.

It might be close to the traditional tree structure, but it is certainly not typical of it. (and debian changes the paths noticably through a whole series of flags to the configure script)

poof · Post by **poof** » Thu Feb 17, 2005 3:19 pm

Heh. Note the word traditional is in quotes. That was intended to be dry humor. Apparently too dry. =P

Avion · Post by **Avion** » Sat Feb 19, 2005 8:06 pm

Who ever said crossfire had to be run as root?

It doesn't use a low port (like apache) so it certainly does not have to be run as root and it doesn't need a special group or anything.

bort · Post by **bort** » Mon Feb 21, 2005 6:55 am

True, I run it with the user daemon. That account has pseudo-root privs, but very few real root privs. I even ran crossfire with my normal user acct after I chowned the cf dirs for writing.

cavesomething · Post by **cavesomething** » Mon Feb 21, 2005 7:14 am

Easiest way to run as non root user is to ./configure --prefix=somewhere_in_your_home

and then run as the user you compiled as, it works fine without permissions hassles then (although you do use a user with access to cc, which might not be such a good thing depending on how paranoid you are)

bort · Post by **bort** » Tue Feb 22, 2005 12:55 am

I have compiled whole multimedia apps under user. The crossfire server is not very bad, there should be an ssh tunneled cf.