![user](img/i_friend.png)
Forum
![>](img/i_next.png)
![>](img/icons/cs2d.png)
![>](img/i_next.png)
![>](img/i_next.png)
![user](img/i_friend.png)
![user](img/i_friend.png)
![user](img/i_friend.png)
Also make sure it works with AJAX requests so it's a live filter.
![](img/smiles/sad.gif)
![user](img/i_friend.png)
How will you protect servers from each other Lua based? Linux permissions can't stop Lua from going outside its own directory and into another.
Say I find out what dir a client uses, I could basically ruin their whole server without you knowing.
Just asking, I never was able to resolve that.
Say I find out what dir a client uses, I could basically ruin their whole server without you knowing.
Just asking, I never was able to resolve that.
I'm no security expert, but isn't that the point of Linux permissions?
How would you read/write to a file owned by another user which has its flags set to 000, for example?
A lot of the solution I've seen online involve making wwwuser into a sudoer (Example 1, Example 2).
I'm interested to see how
![user](img/i_friend.png)
![user](img/i_friend.png)
![user](img/i_friend.png)
edited 1×, last 26.09.15 03:44:59 pm
http://cs2dservices.com/cm_forum/
To me it shows the Page is not found.
@Off-Topic: @
![user](img/i_friend.png)
![user](img/i_friend.png)
![user](img/i_friend.png)
![user](img/i_friend.png)
@
Apache uwu: If he ran the dedicated server with an unprivigilied user (only write and read permissions to its directory), wouldn't os.execute be limited also ?
![user](img/i_friend.png)
Yep but that's not the problem that's bothering me, it's what Yates brought up in his post on page 1.
![user](img/i_friend.png)
How will you protect servers from each other Lua based? Linux permissions can't stop Lua from going outside its own directory and into another.
If wwwuser/httpd/apache2 has read/write access to:
/home/CS2D_1
/home/CS2D_2
/home/CS2D_3
Where _1, _2, _3 are severs owned by different people, scripts on _2 can always create and remove files from _1 and _3.
![user](img/i_friend.png)
![](img/smiles/bigsmile.gif)
![](img/smiles/smile.gif)
Users: wwwuser + servermanager + server1/2/3...
Folders: servermanager (wwwuser and servermanager have rw rights to) and server1/2/3... in their respective home folders
wwwuser writes a .txt file to servermanager/ with <serverID>.txt and startup arguments inside the file
servermanager is a SU, checks the servermanager/ folder periodically and starts servers <serverID>.txt under other users
(most important argument is -path <PATH>)
server1/2/3 have only rw permissions to their own home folders where is all CS2D data besides the executable itself
This way:
![•](img/dot.gif)
![•](img/dot.gif)
![•](img/dot.gif)
Correct me if any of the points are wrong, I am not a Linux user (yet
![](img/smiles/wink.gif)
When you create a server under the manager page, it creates an user (serverXuser) that only has R/W permissions over its directory (/home/cs2d/serverX) and R/W/X permissions on its dedicated server executable, gives it a password and then saves it (the password) on /home/cs2d/serverXKey (and this file will be owned by the wwwuser, so that only this user can R/W to it). Then, when you start it (the server), the page runs su command (su /home/cs2d/serverX/runScript.sh serverXuser) to run the server.
Example:
Users: wwwuser, server1, server2, server3
Directory tree:
/home/cs2d that contains
server1 (owned by server1user with R/W permissions)
server2 (owned by server2user with R/W permissions)
server3 (owned by server3user with R/W permissions)
(each one having cs2d_dedicated with execute permissions also)
I really can't see why this wouldn't work.