You could chmod 750 the executable files and chmod 640 everything else, chown as user1:runusers, and add user2 to the runusers group... Then you could run the server as user2 and update as user1.
I just didn't want to confuse myself. If I try to edit something while the server is running, I want it to tell me a can't so know it's doing its job. I can always remove protection while the server is running to add plugins or edit files, then turn it back on again without interrupting the server process. I have a tendency to forget what user I'm logged in as, and I would no doubt forget that I'm user1 and start the server up, which would break all the protection I had set up. For usability purposes, what you suggested is more friendly, and likely slightly more safe, since there are no windows of opportunity, but only if you pay attention, which I don't do a whole lot of. :) On 3/27/2010 6:47 PM, Jake Eisenman wrote: > About write permissions, could you say set ownership of /cstrike/ (or > similar) to user1 and update w/ that user, the run with user2 ? > > Sent from my iPod > > On Mar 27, 2010, at 7:42 PM, Matt > Stanton<[email protected] > > wrote: > > >> If you're renting a dedicated server from someone, generally the >> prices >> are the same for windows and linux, so there's no obvious plus or >> minus >> here. >> >> If you want to be able to automate everything without having to buy >> extra software and you have the ability to write simple shell scripts, >> then plus for linux. >> >> If you have piles of money laying around and either don't have a clue >> how to write shell scripts, or are too lazy to bother, then +1 for >> windows. >> >> If you are running source games, then you are going to have to use >> D-FENS to help protect against file upload exploits. Most source >> engines have a version of D-FENS on windows and linux, but on linux >> there is no plugin compiled for Left4Dead2, so you have to actually >> know >> what you're doing when it comes to locking down the filesystem and >> running the servers as unprivileged users. I spent a couple of hours >> working out a script to remove write access from the user directory my >> l4d2 server runs as so that when the server is running, nothing can be >> written by that server except for logs, spray files, and sourcemod >> gamedata, and it runs as part of the startup script for the server. >> When the server is shut down, everything becomes user-writeable >> again so >> that the server can be updated. It wouldn't have taken nearly as much >> time if I hadn't had to have a bunch of documentation up so that I >> knew >> what I was doing, so an experienced shell-scripter probably could have >> easily knocked it out in a few minutes. >> >> Source engine games are basically not optimized for linux, but they >> are >> mildly optimized for windows. Depending on how many servers you are >> trying to run on one box, this could become an issue. >> >> FTP is always a giant pain in the ass to secure properly, and since I >> have no idea how to do that, linux+ssh+scp for file transfers allows >> me >> to have an inherently secure method for transferring files to and from >> my server so long as the user passwords aren't easily attackable. Not >> sure how you would do this on windows. >> >> If you are trying to run anything other than game servers, more >> stuff is >> available for linux that is secure and free. Again, it goes back to >> money. >> >> Our clan runs a windows server 2k3 box that we rent from a GSP for 7 >> of >> our 8 servers. I have never had a huge amount of trouble using it or >> tweaking it, other than some issues with automatic updates and remote >> desktop. I have my own personal linux server that I run a l4d2 server >> for the clan on, also. Likewise, I have had little to no issues with >> it. It runs linux because I am familiar with it, because it's free (I >> already pay enough for the colocation without having to pay for >> windows >> and everything else), and because I am running a zimbra server on it, >> which isn't available for windows. >> >> So, basically, it's all about what you're comfortable with, what you >> plan on using it for, and what you can afford. >> >> On 3/27/2010 9:27 AM, Jake Eisenman wrote: >> >>> Just curious. Personally I use Linux because I know how to setup >>> everything quickly from ssh >>> >>> Sent from my iPod >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list >>> archives, please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >>> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list >> archives, please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
