FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Development

 
 
LinkBack Thread Tools
 
Old 05-20-2012, 05:57 PM
Marien Zwart
 
Default Do we need games group and all that game prefixes?

+1 on getting rid of the munging. In my opinion games aren't nearly
special enough to get this kind of special treatment.

On zo, 2012-05-20 at 20:16 +0300, Maxim Kammerer wrote:
> Games are rather unique in that they sometimes keep scores across
> multiple users.

Yes, and that's frequently handled by making them setgid to some group
that actual user accounts are not in, allowing the games to write to
their own statedir without allowing users to mess with those files by
hand. Gentoo's approach actually breaks this, as it's already using the
group the game executables are in for access control (so actual user
accounts *are* in the group the game executables are in). This leads to
bug 125902, which contains a lengthy discussion on this same subject.

My personal opinion is that Gentoo's games setup only helps on systems
that have no or heavily restricted network access, no or heavily
restricted access to external media, has actual games installed
system-wide, and needs access to those restricted to some accounts
through technical means. I think such a setup is sufficiently uncommon
we shouldn't specialcase games this heavily to support them. I don't
think restricting games for resource consumption reasons makes sense, as
people will virtually always be able to uselessly consume resources some
other way. And I don't think restricting access to games because they're
offensive/a waste of time/etc makes sense on the majority of systems, as
people will be able to access similar content through other means, or
will be able to install games into their homedir.

However, when this came up in the past Gentoo's games project (which
does an outstanding job maintaining a *lot* of games ebuilds) was
opposed to changing this as the current setup isn't actually *broken*
(for the majority of games), and changing things around a lot of work.
So I'd like to request they reconsider (and start installing new/updated
games in a more normal way), but as they're the ones doing most of the
work here I think it makes sense to leave the decision with them.

--
Marien Zwart
 
Old 05-20-2012, 08:29 PM
Michael Weber
 
Default Do we need games group and all that game prefixes?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 05/20/2012 07:22 PM, Dan Douglas wrote:

> I'd put money on there not being a single admin who has ever used
> the games group to control access to games. Games really have no
> business being on a system where anything like that is a
> requirement to begin with.
We (students council) use pam_ldap for users and primary groups and
pam_group w/ /etc/security/group.conf for secondary groups like
video,sound,games.

We actually considered restricting the games group to certain login
times (i.e. after 18 pm ) to prevent our fellow students from gaming
during office hours, but that just lead to long time sessions
over-night. Since group memberships are evaluated on session creation.

I can imagine some multi-user setups (parents/children) were some user
shouldn't play games-fps/* at all.
But who actually shares a computer these days.

One real benefit of extra groups is some chmod g+s hack for e.g. skype
in combination with firewall rules restricting outbound connections.
http://soup.xmw.de/post/151673185/Restricting-Skype-on-Gentoo

Have a nice day ...

- --
Gentoo Dev
http://xmw.de/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iF4EAREIAAYFAk+5VCgACgkQknrdDGLu8JB8SwD+JARCPBmK13 Sl2/n3dsWWx/8p
LBH6j18YbfD1+IWpXaUA/iWCgTS3TI78kSTwe0hnASc+7wTygiWvIcxlPmcv9LtQ
=XXxi
-----END PGP SIGNATURE-----
 
Old 05-20-2012, 08:53 PM
Dan Douglas
 
Default Do we need games group and all that game prefixes?

On Sunday, May 20, 2012 10:29:28 PM Michael Weber wrote:
> On 05/20/2012 07:22 PM, Dan Douglas wrote:
> > I'd put money on there not being a single admin who has ever used
> > the games group to control access to games. Games really have no
> > business being on a system where anything like that is a
> > requirement to begin with.
>
> We (students council) use pam_ldap for users and primary groups and
> pam_group w/ /etc/security/group.conf for secondary groups like
> video,sound,games.
>
> We actually considered restricting the games group to certain login
> times (i.e. after 18 pm ) to prevent our fellow students from gaming
> during office hours, but that just lead to long time sessions
> over-night. Since group memberships are evaluated on session creation.
>

Yes, that's essentially what I was thinking would be the most likely
scenario. Still, as marienz pointed out, having workstations where access to
games is undesired, yet where they're installed nevertheless, isn't the most
common.

I'm in favor of the games group (per the second half of my last message and
for other reasons), just not extra unnecessary installation steps that
complicate the directory structure unless there's some real benefit to someone
(e.g. NFS).
--
Dan Douglas
 
Old 05-21-2012, 07:17 AM
"Walter Dnes"
 
Default Do we need games group and all that game prefixes?

On Sun, May 20, 2012 at 08:16:44PM +0300, Maxim Kammerer wrote
> On Sun, May 20, 2012 at 7:26 PM, Micha?? G??rny <mgorny@gentoo.org> wrote:
> > - changing ownership and permissions of all the files.
>
> As a side note: why is /usr/games owned by uid "games"? Does
> games_pkg_setup() in games.eclass do that? What's the point of user
> "games" (as opposed to group with same name)?

I don't know the current situation, but I recall that in the past,
some games pounded away directly on the VGA hardware for speed, or
called libraries that did so. This, of course might be dangerous to
allow regular-user programs to do.

--
Walter Dnes <waltdnes@waltdnes.org>
 
Old 05-21-2012, 07:26 AM
Samuli Suominen
 
Default Do we need games group and all that game prefixes?

On 05/21/2012 10:17 AM, Walter Dnes wrote:

On Sun, May 20, 2012 at 08:16:44PM +0300, Maxim Kammerer wrote

On Sun, May 20, 2012 at 7:26 PM, Micha?? G??rny<mgorny@gentoo.org> wrote:

- changing ownership and permissions of all the files.


As a side note: why is /usr/games owned by uid "games"? Does
games_pkg_setup() in games.eclass do that? What's the point of user
"games" (as opposed to group with same name)?


I don't know the current situation, but I recall that in the past,
some games pounded away directly on the VGA hardware for speed, or
called libraries that did so. This, of course might be dangerous to
allow regular-user programs to do.


I suppose you mean the "XFree86-DGA extension", USE="dga"?

$ cd $(portageq envvar PORTDIR)
$ grep -r IUSE.*dga */*/*.ebuild

http://qa-reports.gentoo.org/output/genrdeps/rindex/x11-libs/libXxf86dga

But I fail to see how that is relavent with this thread at all, using
the extension is controlled by the xorg-server (Xorg) which is suid root
and unrelated to 'games' (despite being used by some).


- Samuli
 
Old 05-21-2012, 01:13 PM
Maxim Kammerer
 
Default Do we need games group and all that game prefixes?

On Mon, May 21, 2012 at 10:17 AM, Walter Dnes <waltdnes@waltdnes.org> wrote:
> I don't know the current situation, but I recall that in the past,
> some games pounded away directly on the VGA hardware for speed, or
> called libraries that did so.

I think that the main sentiment in this thread is that, while
/usr/games have found some uses in Gentoo “because it's there”, it is
pure legacy. However, /usr/games and associated directories *are* part
of the FHS [1], and are older than X [2].

[1] http://www.pathname.com/fhs/pub/fhs-2.3.html
[2] http://unix-tree.huihoo.org/V7/

--
Maxim Kammerer
Liberté Linux (discussion / support: http://dee.su/liberte-contribute)
 
Old 05-21-2012, 10:47 PM
"Walter Dnes"
 
Default Do we need games group and all that game prefixes?

On Mon, May 21, 2012 at 10:26:14AM +0300, Samuli Suominen wrote

> I suppose you mean the "XFree86-DGA extension", USE="dga"?
>
> $ cd $(portageq envvar PORTDIR)
> $ grep -r IUSE.*dga */*/*.ebuild
>
> http://qa-reports.gentoo.org/output/genrdeps/rindex/x11-libs/libXxf86dga
>
> But I fail to see how that is relavent with this thread at all, using
> the extension is controlled by the xorg-server (Xorg) which is suid root
> and unrelated to 'games' (despite being used by some).

It was more along the lines of svgalib. See...
http://linux.die.net/man/7/svgalib Is that even in the tree anymore?
If not, that's one less reason to keep games special.

--
Walter Dnes <waltdnes@waltdnes.org>
 
Old 05-22-2012, 02:40 PM
Michał Górny
 
Default Do we need games group and all that game prefixes?

I've opened a bug for this:

https://bugs.gentoo.org/show_bug.cgi?id=417101

--
Best regards,
Michał Górny
 
Old 05-24-2012, 12:53 PM
Kent Fredric
 
Default Do we need games group and all that game prefixes?

On 21 May 2012 04:26, Michał Górny <mgorny@gentoo.org> wrote:
> Hello,
>
> In today's MythBusters™: do we actually need the whole ugly-awful
> mangling games.eclass does for games? By that I mean:
> - installing games in random pre-/postfixes rather than standard FHS-y
> *locations,
> - changing ownership and permissions of all the files.
>
> Do we really need all of this poor man's 'you shall not play our
> games'? I don't think we're using anything like /usr/office & office
> group, or /usr/random-programs-i-dont-like.
>
> Random obscurity only makes things harder. And proves no point unless
> we're going to ensure that all web browsers, ssh clients and other
> applications in danger of being used to play games. And while we're at
> it, why don't we just take the computer away and work on paper sheets?
> Oh wait, someone could play tic-tac-toe on it...
>
> So, my proposition is: finally drop that. Install games in regular
> prefixes, like all other apps. Don't pollute systems with unnecessary
> security perimeters which don't provide any real benefit.
>
> Any comments?
>

It wouldn't be so bad if it was done once, in one module, perhaps
"games-env" or similar and all games depended on that, instead of the
current scenario, where each and every games package does magic to set
up the right env bits. ( including creating profiles/groups if they
don't already exist, and stuffing paths in $PATH for all users even if
they're not in the games group, which causes bugs with git ... )

https://bugs.gentoo.org/show_bug.cgi?id=408615




--
Kent

perl -e* "print substr( "edrgmaM* SPA NOcomil.ic@tfrken", $_ * 3,
3 ) for ( 9,8,0,7,1,6,5,4,3,2 );"

http://kent-fredric.fox.geek.nz
 

Thread Tools




All times are GMT. The time now is 12:06 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org