Fortress Forever

Go Back   Fortress Forever > Help & Technical > Server Administration

Reply
 
Thread Tools Display Modes
Old 07-22-2008, 09:43 PM   #1
~kev~
pmagnvs
 
~kev~'s Avatar
 
Join Date: Mar 2007
Location: East Texas
Class/Position: Engineer - D
Gametype: Free for all CTF - no stupid clan rules
Posts Rated Helpful 0 Times
User accounts and security

http://www.fortress-forever.com/foru...ad.php?t=14954
Quote:
Originally Posted by JayDee
Installing a Linux Server for Fortress Forever 2.0

This guide assumes you have basic knowledge of using a shell in Linux.

I will comment on each command so those new to Linux or are unfamiliar with certain commands .........
I started to post this as a reply to the quoted thread but changed my mind. There are a few security questions I have so lets just start a new thread.

Couple of questions and suggestions.

Why is there no mention about using an account besides root? For security reasons shouldn't another non-root account be created on the server, then that account be used to upload and execute the files? If a file is compromised, or if a security flaw is found in the server software, the hacker can only have the permissions as the owner of the file.

The instructions make it sound like you install the FF server to roots home folder. For security reasons, do you "really" want a server service running out roots home folder?

If root is used to upload the files and the FF server is compromised, the hacker might gain full control of the server.

If a non-root account is used, and the FF server is compromised, the hacker only gains access to that account and webspace.

A file can only run at the permission level of the owner. That is why root should rarely be used to install anything, unless root is required - such as updating the server.


Should a non-root account be created, and the files be uploaded to a folder above the html_root (www) directory? This would block access from html or www request for the files directory. Only if you had ftp or sftp access could the files be accessed if they are stored above the html_root (www) folder.


I would like to set a test server up, and my son (yoda) already has a non-root user account on my server for his website. So can I just log into his account and upload the FF files from there? Or do the files have to be uploaded and executed by root?
~kev~ is offline   Reply With Quote


Old 07-22-2008, 11:03 PM   #2
[AE] 82694
Retired FF Staff
 
[AE] 82694's Avatar
 
Join Date: Mar 2007
Posts Rated Helpful 0 Times
http://www.fortress-forever.com/wiki..._make_a_server

http://www.fortress-forever.com/wiki...nstall_a_SRCDS

Well thats the best I can do for ya. The seconded link is for the srcds which is the update/installer tool.
__________________
I Love GenghisTron . I miss you sooooo Much. LOL.
[AE] 82694 is offline   Reply With Quote


Old 07-23-2008, 03:50 AM   #3
Tsukasa
 
Join Date: Sep 2007
Class/Position: O
Gametype: CTF
Affiliations: mimic-
Posts Rated Helpful 0 Times
Um, what in the world are you talking about. Those instructions will work regardless of the user you use. It doesn't even tell you to log in as root (which you shouldn't), and in fact the only possibly privileged operation there is the chmod +x.

If you really care about it just do a chmod 755 -R * in the server folder.
Tsukasa is offline   Reply With Quote


Old 07-23-2008, 03:57 AM   #4
~kev~
pmagnvs
 
~kev~'s Avatar
 
Join Date: Mar 2007
Location: East Texas
Class/Position: Engineer - D
Gametype: Free for all CTF - no stupid clan rules
Posts Rated Helpful 0 Times
Quote:
Originally Posted by Tsukasa
Um, what in the world are you talking about.
If you dont understand the question....

Quote:
Originally Posted by Tsukasa
Those instructions will work regardless of the user you use. It doesn't even tell you to log in as root (which you shouldn't), and in fact the only possibly privileged operation there is the chmod +x.

If you really care about it just do a chmod 755 -R * in the server folder.
you should not post an answer.

That is what I wanted to know. Except for one more thing, do the files have to be below the html_root (www) folder? According to the instructions in the first quote, you can log in and create a folder in your home directory, which will be above www.

As long as the person is the owner of the file, they should be able to grant chmod +x, so its doubtful its not going to be a privileged command. All +x does is allow everyone to execute the file.
~kev~ is offline   Reply With Quote


Old 07-23-2008, 05:27 AM   #5
Tsukasa
 
Join Date: Sep 2007
Class/Position: O
Gametype: CTF
Affiliations: mimic-
Posts Rated Helpful 0 Times
Fortress Forever isn't html, so you can run it from wherever you please. And note I said *possibly* privileged. If you decided to create a root folder and run it from there, the +x you would sudo unless you chowned the folder.
Tsukasa is offline   Reply With Quote


Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:19 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.