User accounts and security

[~kev~]

http://www.fortress-forever.com/foru...ad.php?t=14954

Quote:

Originally Posted by JayDee

Installing a Linux Server for Fortress Forever 2.0

This guide assumes you have basic knowledge of using a shell in Linux.

I will comment on each command so those new to Linux or are unfamiliar with certain commands .........

I started to post this as a reply to the quoted thread but changed my mind. There are a few security questions I have so lets just start a new thread.

Couple of questions and suggestions.

Why is there no mention about using an account besides root? For security reasons shouldn't another non-root account be created on the server, then that account be used to upload and execute the files? If a file is compromised, or if a security flaw is found in the server software, the hacker can only have the permissions as the owner of the file.

The instructions make it sound like you install the FF server to roots home folder. For security reasons, do you "really" want a server service running out roots home folder?

If root is used to upload the files and the FF server is compromised, the hacker might gain full control of the server.

If a non-root account is used, and the FF server is compromised, the hacker only gains access to that account and webspace.

A file can only run at the permission level of the owner. That is why root should rarely be used to install anything, unless root is required - such as updating the server.


Should a non-root account be created, and the files be uploaded to a folder above the html_root (www) directory? This would block access from html or www request for the files directory. Only if you had ftp or sftp access could the files be accessed if they are stored above the html_root (www) folder.


I would like to set a test server up, and my son (yoda) already has a non-root user account on my server for his website. So can I just log into his account and upload the FF files from there? Or do the files have to be uploaded and executed by root?

[[AE] 82694]

http://www.fortress-forever.com/wiki..._make_a_server

http://www.fortress-forever.com/wiki...nstall_a_SRCDS

Well thats the best I can do for ya. The seconded link is for the srcds which is the update/installer tool.

[Tsukasa]

Um, what in the world are you talking about. Those instructions will work regardless of the user you use. It doesn't even tell you to log in as root (which you shouldn't), and in fact the only possibly privileged operation there is the chmod +x.

If you really care about it just do a chmod 755 -R * in the server folder.

[~kev~]

Quote:

Originally Posted by Tsukasa

Um, what in the world are you talking about.

If you dont understand the question....

Quote:

Originally Posted by Tsukasa

Those instructions will work regardless of the user you use. It doesn't even tell you to log in as root (which you shouldn't), and in fact the only possibly privileged operation there is the chmod +x.

If you really care about it just do a chmod 755 -R * in the server folder.

you should not post an answer.

That is what I wanted to know. Except for one more thing, do the files have to be below the html_root (www) folder? According to the instructions in the first quote, you can log in and create a folder in your home directory, which will be above www.

As long as the person is the owner of the file, they should be able to grant chmod +x, so its doubtful its not going to be a privileged command. All +x does is allow everyone to execute the file.

[Tsukasa]

Fortress Forever isn't html, so you can run it from wherever you please. And note I said *possibly* privileged. If you decided to create a root folder and run it from there, the +x you would sudo unless you chowned the folder.