If you've firewalled off everything on your server, and only left the necessary ports for HLDS or L4D open. There is no real way to get access to the system unless the HLDS was exploited, even if the attacker was able to spawn a shell somehow they're limited to the user that the process was running as. From there, they can either try and exploit an out of date kernel.
The tty's shouldn't be changed, they' are apart of /dev and will be generated each time you log in, and removed when you log out. So next reboot or log out, you will have to do it again. Honestly I don't know what the impact would be with chmod'ing the tty, but why would you want to do something that gives access to all the users on the machine? It might be fine for now, but its a lazy way to do it. Do it right the first time, just ssh [EMAIL PROTECTED] and run what you need to run. On Fri, Nov 14, 2008 at 3:42 PM, Crazy Canucks <[EMAIL PROTECTED]>wrote: > I am the master of not getting around to what I wanted to say. The only > thing I was worried about is, on the off chance that my server was > hacked when I was logged in to the hlds/srcds console, with the root tty > chmodded to 666, would there be any chance that they could gain root > access to the server box through the tty? hlds/srcds do not run as the > root user, although I am embarrassed to admit, they used to... > > Drek > > Joseph Laws wrote: > > Same with me. > > > > Root console = keyboard/mouse in front of system (or KVM/IP). > > > > Using root within SSH I'd consider su root...nobody allows root login > > via SSH and typically people force a su to root, sudo or something else > > to get root privileges. > > > > My setup is symlinked for all files except those which clients need the > > ability to write/update to. So I would give them write access to quite > > a few folders but not allow overwrite on anything linked. The symlink > > ownership really doesn't seem to matter but the launch scripts are > > chowned to root.root w/ 755 chmod so the user can execute the script in > > their environment. We typically have a start/stop script..the start > > script simply sets the SCREEN variables and launches the actual server > > script. If I ever want to debug the console I will launch the server > > script as user...I don't mess around with intercepting and closing > > screens. Anything that is going to happen is going to happen live on a > > re-execute. > > > > J T wrote: > > > >> Depends on what terminology you're using. The root console usually means > >> that you're logged in as root on the console "keyboard and mouse". If > you're > >> on the console, you haven't logged in and have to login as root with > your > >> login and password. > >> > >> On Fri, Nov 14, 2008 at 2:21 PM, Crazy Canucks < > [EMAIL PROTECTED]>wrote: > >> > >> > >> > >>> Just out of curiosity, if you have access to the root console, is that > >>> the same thing as having root access? > >>> > >>> Drek > >>> > >>> J T wrote: > >>> > >>> > >>>> There is a reason why the tty is owned by the user and with specific > >>>> permissions. Changing this is basically allowing any user on the > system > >>>> access to the screen. > >>>> > >>>> If you do make these changes, there will be security implications. > >>>> > >>>> On Fri, Nov 14, 2008 at 1:33 PM, Crazy Canucks < > [EMAIL PROTECTED] > >>>> wrote: > >>>> > >>>> > >>>> > >>>> > >>>>> I figured out what my problem was. I needed to "screen -r xxx" as > the > >>>>> user I started the screen as. Anyway, I wrote a simple script that > >>>>> chmods /dev/pts/0 to 666 then su's the "screen -r" command. Works > >>>>> perfectly. > >>>>> > >>>>> Had nothing to do with su, as usual with my problems with Linux, it > was > >>>>> permissions and ignorance.... :) > >>>>> > >>>>> Drek > >>>>> > >>>>> Anthal wrote: > >>>>> > >>>>> > >>>>> > >>>>>> Why not just create a user, like l4d, and run the process from that > >>>>>> account. Whenever you need to re-attach, just su to l4d, and 'screen > -r > >>>>>> $game' (whatever $game may be) > >>>>>> > >>>>>> Crazy Canucks wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>> I use su to run screen to run my servers under a different user, > and I > >>>>>>> nice the process. It works well, but when I do this I am unable to > >>>>>>> reattach to the console. Does anyone have any suggestions on how I > >>>>>>> could get around this problem? > >>>>>>> > >>>>>>> These are the relevant lines from my startup script: > >>>>>>> > >>>>>>> server_command="screen -A -m -d -S $game ./$game"_run" -tos -game > $mod > >>>>>>> +map `cat ./$mod/starting_map` +maxplayers $server_size -heapsize > >>>>>>> $heap_size +ip 192.168.0.101 -pidfile $game.pid > >>>>>>> > >>>>>>> > >>>>>>> > >>>>> -debug$extra_config_options" > >>>>> > >>>>> > >>>>> > >>>>>>> nice -n -20 su -c "$server_command" cc-server > >>>>>>> > >>>>>>> It may look a bit complicated, but I think the variable names make > it > >>>>>>> pretty clear what is going on. > >>>>>>> > >>>>>>> Drek > >>>>>>> > >>>>>>> P.S.: I'm a Linux nub, so go easy on me... ;) > >>>>>>> > >>>>>>> Ronny Schedel wrote: > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> Hi, i am now using screen to start my server as daemon. > >>>>>>>>> But i know that professional hosters uses diferent ways. > >>>>>>>>> > >>>>>>>>> i have reasons to think that screen is freezing my servers. > >>>>>>>>> > >>>>>>>>> so... How do you start your server? > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> With screen. No, screen does not freeze your servers, plugins do. > >>>>>>>> > >>>>>>>> _______________________________________________ > >>>>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>>>> > >>>>>>>> > >>> archives, > >>> > >>> > >>>>> please visit: > >>>>> > >>>>> > >>>>> > >>>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> To unsubscribe, edit your list preferences, or view the list > archives, > >>>>>>> > >>>>>>> > >>>>>>> > >>>>> please visit: > >>>>> > >>>>> > >>>>> > >>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> _______________________________________________ > >>>>>> To unsubscribe, edit your list preferences, or view the list > archives, > >>>>>> > >>>>>> > >>>>>> > >>>>> please visit: > >>>>> > >>>>> > >>>>> > >>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>> _______________________________________________ > >>>>> To unsubscribe, edit your list preferences, or view the list > archives, > >>>>> please visit: > >>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >>>>> > >>>>> > >>>>> > >>>>> > >>>> > >>>> > >>> _______________________________________________ > >>> To unsubscribe, edit your list preferences, or view the list archives, > >>> please visit: > >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >>> > >>> > >>> > >> > >> > >> > > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > -- --------- [EMAIL PROTECTED] _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
