games user and group
Michael Thomas
wart at kobold.org
Thu Mar 2 00:09:48 UTC 2006
Michael H. Warfield wrote:
> On Wed, 2006-03-01 at 09:20 -0800, Michael Thomas wrote:
>
>>Rudolf Kastl wrote:
>>
>>>id personally suggest to treat gamedaemons like other daemons and
>>>create seperate system users for the game server processes.
>>>A server is a server. Functionality differs but is rather irrelevant
>>>in my eyes regarding the system users for the services.
>
>
>>I won't argue that it would be more secure, but couldn't security also
>>be accomplished with an appropriate set of selinux policies?
>
>
> Only if you have selinux enabled.
>
> Make it (more) secure FIRST. Then add additional security from
> selinux. What you don't want is someone ending up insecure just because
> they have selinux turned off. That's a wrong answer. That's then
> depending on selinux for your security rather than using selinux to
> enhance your security. Too many eggs in one basket.
Right. It seems the concensus is to use different users, and selinux,
if used, would be layered on top of that.
So what is the use of the 'games' user on the system if it isn't used
for game servers? I can't see how setuid games would be acceptible for
similar reasons. Or is this user legacy cruft that should just be ignored?
--Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3820 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20060301/39f17fe7/attachment.bin>
More information about the fedora-devel-list
mailing list