![](https://seccdn.libravatar.org/avatar/772e9bb8a9edacdba488f94fdf955f80.jpg?s=120&d=mm&r=g)
Hello, I maintain tuxmath and tuxtype (upstream and also as packager in my home project - dbruce), and have been working on making them work in closer accordance with proper unix practices. Both games have a use for modifiable files that are shared by all users - a high score table in tuxmath, and custom word list files in tuxtype. I have been told by a knowledgable person that the shared variable data should go in /var/games/tuxtype and that this directory should be created setgid and belong to the games group (i.e. "%attr(2755, root, games)"). This would allow users who belong to the "games" group to modify these data. Other users would only be able to read the data. The openSUSE docs say I need to get specific permission for using setgid (at least if the package is ever going into official repositories), and that the source needs to drop the setgid privileges as soon as possible to minimize any security exposure (http://en.opensuse.org/Packaging/Games). The guidelines give an example of how to do this for a single high score file, which is fine. However, tuxtype has an in-game word list editor to support the creation of custom word lists so teachers don't have to edit text files with a separate editor. I don't see how I can "drop" setgid on program setup and still be able to let users save new word list files in the shared location. What's the proper unix way to set this up without creating security problems? Thanks for any help, David Bruce -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org