Mailinglist Archive: opensuse-buildservice (311 mails)

< Previous Next >
[opensuse-buildservice] Want to package tuxtype with setgid bit for shared data files
  • From: David Bruce <davidstuartbruce@xxxxxxxxx>
  • Date: Tue, 24 Nov 2009 14:16:27 -0600
  • Message-id: <9a3504f50911241216w5151f189i7b560cd807231092@xxxxxxxxxxxxxx>
Hello,

I maintain tuxmath and tuxtype (upstream and also as packager in my
home project - dbruce), and have been working on making them work in
closer accordance with proper unix practices.

Both games have a use for modifiable files that are shared by all
users - a high score table in tuxmath, and custom word list files in
tuxtype.

I have been told by a knowledgable person that the shared variable
data should go in /var/games/tuxtype and that this directory should be
created setgid and belong to the games group (i.e. "%attr(2755, root,
games)"). This would allow users who belong to the "games" group to
modify these data. Other users would only be able to read the data.

The openSUSE docs say I need to get specific permission for using
setgid (at least if the package is ever going into official
repositories), and that the source needs to drop the setgid privileges
as soon as possible to minimize any security exposure
(http://en.opensuse.org/Packaging/Games). The guidelines give an
example of how to do this for a single high score file, which is fine.

However, tuxtype has an in-game word list editor to support the
creation of custom word lists so teachers don't have to edit text
files with a separate editor. I don't see how I can "drop" setgid on
program setup and still be able to let users save new word list files
in the shared location.

What's the proper unix way to set this up without creating security problems?

Thanks for any help,

David Bruce
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups