[ServerManager] Dev Blog.
Offline
Marcell: Yeah that. I'm gonna be honest, I'm a ridiculously greedy man. Forum
CS2D
Scripts [ServerManager] Dev Blog. Marcell: Yeah that. I'm gonna be honest, I'm a ridiculously greedy man. Marcell: Wait, you don't get Unreal Software data? You put it all in manually? Yates: If that's the case, I really recommend him to not do that .__________________. Also make sure it works with AJAX requests so it's a live filter.
Yates has writtenHow will you protect servers from each other Lua based? Linux permissions can't stop Lua from going outside its own directory and into another.
Say I find out what dir a client uses, I could basically ruin their whole server without you knowing.
Just asking, I never was able to resolve that.
Say I find out what dir a client uses, I could basically ruin their whole server without you knowing.
Just asking, I never was able to resolve that.
I'm no security expert, but isn't that the point of Linux permissions?
How would you read/write to a file owned by another user which has its flags set to 000, for example?
A lot of the solution I've seen online involve making wwwuser into a sudoer (Example 1, Example 2).
I'm interested to see how
Marcell will deal with this. Apache uwu: If he ran the dedicated server with an unprivigilied user (only write and read permissions to its directory), wouldn't os.execute be limited also ? _Yank: Then give the dedicated server executable execute permissions too ._______________. (and also make sure that its owner is the the server user of course) edited 1×, last 26.09.15 03:44:59 pm
http://cs2dservices.com/cm_forum/
To me it shows the Page is not found.
@Off-Topic: @
_Yank: Why you're addressing yourself in the last reply? ._. GeoB99: My bad, that was directed to Marcell. _Yank has written@ Apache uwu: If he ran the dedicated server with an unprivigilied user (only write and read permissions to its directory), wouldn't os.execute be limited also ?
Apache uwu: If he ran the dedicated server with an unprivigilied user (only write and read permissions to its directory), wouldn't os.execute be limited also ?Yep but that's not the problem that's bothering me, it's what Yates brought up in his post on page 1.
Yates has writtenHow will you protect servers from each other Lua based? Linux permissions can't stop Lua from going outside its own directory and into another.
If wwwuser/httpd/apache2 has read/write access to:
/home/CS2D_1
/home/CS2D_2
/home/CS2D_3
Where _1, _2, _3 are severs owned by different people, scripts on _2 can always create and remove files from _1 and _3.
Apache uwu: That's why I said he could create a user for each server (kinda ridiculous but ermh...). 
when you create a client, its create a linux user, then you make servers for that client only 
Users: wwwuser + servermanager + server1/2/3...
Folders: servermanager (wwwuser and servermanager have rw rights to) and server1/2/3... in their respective home folders
wwwuser writes a .txt file to servermanager/ with <serverID>.txt and startup arguments inside the file
servermanager is a SU, checks the servermanager/ folder periodically and starts servers <serverID>.txt under other users
(most important argument is -path <PATH>)
server1/2/3 have only rw permissions to their own home folders where is all CS2D data besides the executable itself
This way:
wwwuser is not a SuperUser servermanager is SU and is secure as long as you check <serverID>.txt to not contain any shell commands server1/2/3 are in their own sandbox and have no access to the executableCorrect me if any of the points are wrong, I am not a Linux user (yet
) When you create a server under the manager page, it creates an user (serverXuser) that only has R/W permissions over its directory (/home/cs2d/serverX) and R/W/X permissions on its dedicated server executable, gives it a password and then saves it (the password) on /home/cs2d/serverXKey (and this file will be owned by the wwwuser, so that only this user can R/W to it). Then, when you start it (the server), the page runs su command (su /home/cs2d/serverX/runScript.sh serverXuser) to run the server.
Example:
Users: wwwuser, server1, server2, server3
Directory tree:
/home/cs2d that contains
server1 (owned by server1user with R/W permissions)
server2 (owned by server2user with R/W permissions)
server3 (owned by server3user with R/W permissions)
(each one having cs2d_dedicated with execute permissions also)
I really can't see why this wouldn't work.