Bug#769965: minetest: please support init.d scripts and a global configuration file
Markus Koschany
apo at gambaru.de
Tue Nov 18 17:24:13 UTC 2014
On 18.11.2014 12:23, Martin Quinson wrote:
> Woot, many thanks for these changes! I'll try to fill the TODO a bit
> further to seek your help on the other points ;)
Ok, but I'm not cheap. :P
> I just pushed my local changes to the the git, sorry about that.
No problem.
> I have one main question about the server started automatically. Will
> it be given a specific user id? I would not certify the security of
> that server, and I'd like to sandbox it as much as possible. I plan
> since a long time to check how to do that, but you have just solved
> all my questions but this one.
I'm still testing the server in a real environment for my gaming
project, linuxiuvat.de and the server appears to be working fine. The
unprivileged system user is called Debian-minetest. This user is
automatically created in postinst. The shell is set to /bin/false. The
current setup is comparable to our openarena-server package. The home
directory is /var/games/minetest-server and it is owned by that user and
group games. I think this ensures reasonable security from our side and
these measures are used by other multiplayer servers in the archive too.
> Could you please check your changes to see if they are the most secure
> ones, ie the ones that do not trust the server program but sandbox it
> the most, please ?
I think I have already taken care of all necessary configuration steps.
I can't really tell how secure the Minetest server currently is but I am
sure that the server uses sane default values now.
I also plan to provide a .service and .socket file for systemd in the
future as soon as I have more time to test them.
>
> Many many thanks for your work,
> Mt.
You're welcome.
Cheers,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20141118/75930ebc/attachment.sig>
More information about the Pkg-games-devel
mailing list