[aur-general] Software packaging - Security question
felixonmars at gmail.com
Thu Jan 10 05:43:20 EST 2013
On Thursday, January 10, 2013 11:36:25 AM Nuno Araujo wrote:
> I am trying to create a package for the subvein game.
> Installation instructions of the game tell to simply uncompress the
> tar.gz archive in a folder and run the "Subvein" program.
> No problem with that. But then when running the game, it tries to store
> information in it's "data" folder (logs, configuration, user
> profiles...). We have a permission problem.
> To workaround this problem, I:
> - Create a group named "subvein";
> - set the setgid bit for the game "data" folder and all it's sub-folders;
> - set the game "data" folder and all it's content group writable;
> - set the group of the game "data" folder to the "subvein" group.
> - Created a wrapper bash script that changes the umask to 002 and
> launches the game.
> This way, all the contents created by the game will belong to the
> "subvein" group and will be group writable, so that anyone can use the
> Is this a valid way of doing it? Are there any security concerns I need
> to take into account?
In a multi-user environment this would fail, so the game save _should_ be
kept under $HOME. Don't know if there's a good way to do it, though,
maybe someone else could help with this.
> The game has also a "server" part. I still didn't started to handle this
> in the package, but was thinking to do the following:
> - Create a user names subvein that belongs only to the subvein group.
> - Create a systemd .service file that runs the server program as the
> subvein user.
> Does this seems OK as approach?
I think this part is OK and nice :)
> Thank you for your help.
> P.S. You can find my "draft" of the PKGBUILD, the install script and the
> bash wrapper attached.
>  http://subvein.net/
>  http://subvein.net/download.php
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: This is a digitally signed message part.
More information about the aur-general