Page 1 of 1

Crossfire - nonroot daemon user/group

Posted: Thu Feb 17, 2005 4:01 am
by yerp
As with some of the mainstream daemons, they tend to come with privuser:privuser permission, as is the case with apache/httpd it may run as apache:apache.

I donot wish for the crossfire server to run as root:root.

It seems like this would be a nice feature, but I have no clue how much changes this may entail and whether or not this is truly good practice.

I can see an issue coming in with people installing the server not knowing that they need to pass something like:

Code: Select all

groupadd crossfire &&
useradd -c 'crossfire -detach' -d /dev/null -g crossfire -s /bin/false -u 134 crossfire &&
chown -R crossfire:crossfire /usr/local/{share/crossfire,etc/crossfire,var/crossfire}
If that were a case, could you put this as a feature that is by default off with autoconf??

Posted: Thu Feb 17, 2005 10:33 am
by poof
I just make a user "crossfire" on our in-house game server and then set compile time switches to use the /home/crossfire directory as the root directory. Then I run the daemon as that user.group from inside that directory tree. You (or anyone on a *n?x box) can do the same. Works fine.

Perhaps this should be the suggested way of compiling and running the crossfire daemon in the README. But leave the "traditional" *n?x tree structure the default.

Posted: Thu Feb 17, 2005 10:45 am
by cavesomething
poof wrote: But leave the "traditional" *n?x tree structure the default.
Leave? The crossfire server at the moment defaults to somewhere rather weird, in /usr/games/crossfire but with var/ bin/ share/, etc under them.

It might be close to the traditional tree structure, but it is certainly not typical of it. (and debian changes the paths noticably through a whole series of flags to the configure script)

Posted: Thu Feb 17, 2005 3:19 pm
by poof
Heh. Note the word traditional is in quotes. That was intended to be dry humor. Apparently too dry. =P

Posted: Sat Feb 19, 2005 8:06 pm
by Avion
Who ever said crossfire had to be run as root?

It doesn't use a low port (like apache) so it certainly does not have to be run as root and it doesn't need a special group or anything.

Posted: Mon Feb 21, 2005 6:55 am
by bort
True, I run it with the user daemon. That account has pseudo-root privs, but very few real root privs. I even ran crossfire with my normal user acct after I chowned the cf dirs for writing.

Posted: Mon Feb 21, 2005 7:14 am
by cavesomething
Easiest way to run as non root user is to ./configure --prefix=somewhere_in_your_home

and then run as the user you compiled as, it works fine without permissions hassles then (although you do use a user with access to cc, which might not be such a good thing depending on how paranoid you are)

Posted: Tue Feb 22, 2005 12:55 am
by bort
I have compiled whole multimedia apps under user. The crossfire server is not very bad, there should be an ssh tunneled cf. :P