Thanks Arujei, if users want to know how to protect this as well, here it is, copy everything Arujei updated:
Since it isn't a great idea to run this script as root, specifying which user to update it would be a better and ideal way to do this. To run this script in a chrooted environment, one can do the following:
So we have to keep in mind that a server might have multiple users, so I said user "tf2dev" owns the server files.
So in the sudoers file
One thing to change is to add an item to the sudoers file
Add this to the end:
That says, any person in group "tf2dev" can run any script inside "/usr/local/games/tf2dev/" with the user "tf2dev" of course with no password.
That will restrict only users in tf2dev group to execute anything in that directory.
Then you will create a tunnel script so that you can run that file with sudo tf2dev
Server-launch is the original script.
Now inside the current (original) script, only one thing needs to be modified... would be this area:
Find this:
Replace with this:
That will force the user to run under the script under $USER. So now anyone with tf2dev as their group could start, run, and execute it.
Now the question would be, how would we allow different users to screen into that server?
Since it isn't a great idea to run this script as root, specifying which user to update it would be a better and ideal way to do this. To run this script in a chrooted environment, one can do the following:
So we have to keep in mind that a server might have multiple users, so I said user "tf2dev" owns the server files.
So in the sudoers file
One thing to change is to add an item to the sudoers file
Code:
sudo visudo /etc/sudoersAdd this to the end:
Code:
%tf2dev ALL=(tf2dev) NOPASSWD: /usr/local/games/tf2dev/That says, any person in group "tf2dev" can run any script inside "/usr/local/games/tf2dev/" with the user "tf2dev" of course with no password.
That will restrict only users in tf2dev group to execute anything in that directory.
Then you will create a tunnel script so that you can run that file with sudo tf2dev
Code:
#! /bin/sh
sudo -u tf2dev /usr/local/games/tf2dev/server-launch $@Server-launch is the original script.
Now inside the current (original) script, only one thing needs to be modified... would be this area:
Find this:
Code:
# Screen command
CURRENT_USER=$(/usr/bin/whoami)
if [ "$CURRENT_USER" = "$USER" ]; then
INTERFACE="/usr/bin/screen -A -m -d -S $NAME"
else
INTERFACE="sudo -u $USER /usr/bin/screen -A -m -d -S $NAME"
fiReplace with this:
Code:
INTERFACE="/usr/bin/screen -A -m -d -S $NAME"
# Screen command
CURRENT_USER=$(/usr/bin/whoami)
if [ "$CURRENT_USER" != "$USER" ]; then
echo "$TITLE cannot run on user ($CURRENT_USER)";
exit
fiThat will force the user to run under the script under $USER. So now anyone with tf2dev as their group could start, run, and execute it.
Now the question would be, how would we allow different users to screen into that server?