Forum

> > CS2D > Scripts > [ServerManager] Dev Blog.
Forums overviewCS2D overview Scripts overviewLog in to reply

English [ServerManager] Dev Blog.

52 replies
Page
To the start Previous 1 2 3 Next To the start

old Re: [ServerManager] Dev Blog.

Yates
Reviewer Off Offline

Quote
Indeed. You can easily get the script names on search. This way, you encourage users to create a good title for their upload and can easily browse through every upload. This also means no need for you to fill in the uploads manually, which sucks because what if I want to install a big mod which you did not add yet? Eh.

Also make sure it works with AJAX requests so it's a live filter.

old Re: [ServerManager] Dev Blog.

Flacko
User Off Offline

Quote
user Yates has written
How will you protect servers from each other Lua based? Linux permissions can't stop Lua from going outside its own directory and into another.

Say I find out what dir a client uses, I could basically ruin their whole server without you knowing.

Just asking, I never was able to resolve that.


I'm no security expert, but isn't that the point of Linux permissions?
How would you read/write to a file owned by another user which has its flags set to 000, for example?

old Re: [ServerManager] Dev Blog.

Apache uwu
User Off Offline

Quote
I've been looking in this issue as well. Essentially because apache/httpd will be running cs2d_dedicated, you'll want to run programs as another user... that way you can enforce group permissions.

A lot of the solution I've seen online involve making wwwuser into a sudoer (Example 1, Example 2).

I'm interested to see how user Marcell will deal with this.

old Re: [ServerManager] Dev Blog.

_Yank
User Off Offline

Quote
@user _Yank: Then give the dedicated server executable execute permissions too ._______________. (and also make sure that its owner is the the server user of course)
edited 1×, last 26.09.15 03:44:59 pm

old Re: [ServerManager] Dev Blog.

Apache uwu
User Off Offline

Quote
user _Yank has written
@user Apache uwu: If he ran the dedicated server with an unprivigilied user (only write and read permissions to its directory), wouldn't os.execute be limited also ?


Yep but that's not the problem that's bothering me, it's what Yates brought up in his post on page 1.

user Yates has written
How will you protect servers from each other Lua based? Linux permissions can't stop Lua from going outside its own directory and into another.


If wwwuser/httpd/apache2 has read/write access to:

/home/CS2D_1
/home/CS2D_2
/home/CS2D_3

Where _1, _2, _3 are severs owned by different people, scripts on _2 can always create and remove files from _1 and _3.

old Re: [ServerManager] Dev Blog.

VADemon
User Off Offline

Quote
I am sure there're better solutions but there is how I would manage it:
Users: wwwuser + servermanager + server1/2/3...
Folders: servermanager (wwwuser and servermanager have rw rights to) and server1/2/3... in their respective home folders

wwwuser writes a .txt file to servermanager/ with <serverID>.txt and startup arguments inside the file

servermanager is a SU, checks the servermanager/ folder periodically and starts servers <serverID>.txt under other users
(most important argument is -path <PATH>)

server1/2/3 have only rw permissions to their own home folders where is all CS2D data besides the executable itself

This way:
• wwwuser is not a SuperUser
• servermanager is SU and is secure as long as you check <serverID>.txt to not contain any shell commands
• server1/2/3 are in their own sandbox and have no access to the executable

Correct me if any of the points are wrong, I am not a Linux user (yet )

old Re: [ServerManager] Dev Blog.

_Yank
User Off Offline

Quote
@VADemon: It could be a bit more simple:
When you create a server under the manager page, it creates an user (serverXuser) that only has R/W permissions over its directory (/home/cs2d/serverX) and R/W/X permissions on its dedicated server executable, gives it a password and then saves it (the password) on /home/cs2d/serverXKey (and this file will be owned by the wwwuser, so that only this user can R/W to it). Then, when you start it (the server), the page runs su command (su /home/cs2d/serverX/runScript.sh serverXuser) to run the server.

Example:
Users: wwwuser, server1, server2, server3

Directory tree:
/home/cs2d that contains
server1 (owned by server1user with R/W permissions)
server2 (owned by server2user with R/W permissions)
server3 (owned by server3user with R/W permissions)
(each one having cs2d_dedicated with execute permissions also)

I really can't see why this wouldn't work.
To the start Previous 1 2 3 Next To the start
Log in to reply Scripts overviewCS2D overviewForums overview