search

M3tal-Warrior / installers

Contains various bash scripts and corresponding files for installing services
GNU General Public License v3.0
3 stars 1 forks source link

cssource: owner of installdir and metamod install #5

Open ornago opened 2 years ago

ornago commented 2 years ago

In your install.sh you change owner to root in /opt/cssource/ for installing with steamcmd. I tried to get Metamod:Source running and was wondering why it doesn't load. Now i changed ownership to cssource:nogroup and it finally worked. Who should be owner of the directories? What is suggested and does changing it break the future update process?

While installing i saw a warning of steamcmd, something like: Use "force_install_dir" before logon!

Thanks for your script it makes many thing very easy. Can you add a verification of source.list? It added "contrib non-free" multiple times. Already had it added for another install.

M3tal-Warrior commented 2 years ago

Basic IT security rules state, that the user running a service should never be root nor the owner of the services binaries, libraries and config files. If it owns them, someone who's able to infiltrate the process can change the binaries to grant him remote control of a wider range. That is especially true if the service is run by root (as it's the case with a lot of howtos out there). That is why the service user is a system user, the whole directory and all therein is owned by root and all directories which the service must be able to write to are symlinked either to its home directory (/var/lib/cssource) or to /tmp/cssource (for temporary files, obviously). All Steam installation howtos that I know of violate almost every single IT sec principle, and nobody did bother doing the work to secure the installations - this is why this script was created in the first place. I have no clue how Metamod:Source works and what it writes (there's no documentation even for the original CS:S; I had to strace the process to get a grasp of it), so I sadly can't help you there apart from maybe giving you a few hints:

Regarding updates: I didn't think too much about it, I fear, as I didn't expect CS:S to change a lot in the future (and the manual steps necessary are fairly easy for me). Alas I'm atm doing a second script for Wurm Unlimited, and I already thought of making the whole thing more modular instead of redoing everything for every single server I want to install. It seems - as I now know other people find it useful too - the time has finally come to go that way. Let's see when I find the time, hope it doesn't take too long.

Yeah, I got the warning too while playing around with WU recently. It seems reversing the order is enough though, so not much of a change.

Regarding sources.list: Wow, grave oversight on my part. You're right, that is NOT good. Wait a minute...

M3tal-Warrior commented 2 years ago

Please try again.

ornago commented 2 years ago

Thanks for the reply. While getting MetaMod:Source running i may have changed a few things. So I wanted to get a fresh new install with your script. I made a backup of my configs, 'userdel cssource' and checked that '/var/lib/cssource' is removed. As I started your script it asked the question for users writable directory. While using defaults, system mentioned following:

Warning: The home dir /var/lib/cssource you specified already exists.
Adding system user `cssource' (UID 127) ...
Adding new user `cssource' (UID 127) with group `nogroup' ...
The home directory `/var/lib/cssource' already exists.  Not copying from `/etc/skel'.

Did I forget anything for a clean install?

While 'steamcmd' should install the gameserver there are two lines with warnings.

ln: failed to create symbolic link '/var/lib/cssource/.steam/root': No such file or directory
ln: failed to create symbolic link '/var/lib/cssource/.steam/steam': No such file or directory

After reinstall I run the srcds within a shell as cssource user and try to get informations why MetaMod:Source is not loading. Your cssource.service file is running 'srcds_linux' but this seems to not work in shell? I ran it with srcds_run but not sure what's the difference.

dlopen failed trying to load:
/var/lib/cssource/.steam/sdk32/steamclient.so
with error:
/var/lib/cssource/.steam/sdk32/steamclient.so: cannot open shared object file: No such file or directory

But there is another problem with '/var/lib/cssource/.steam' I think it doesn't have anything to do with the MetaMod problem but wanted to let you know.

I did a chmod 755 on the 'addon' directory in '/opt/cssource/cstrike' now MetaMod:Source and SourceMod is being loaded correctly.

M3tal-Warrior commented 2 years ago

Hi, nope, you did not miss anything; I create the directory prior to the user, so the warning message is to be expected. I'll add another parameter for adduser, so it should skip the warning not bothering people.

Yeah, that's sortof new, the symlinks can't be set if the .steam directory does not exist, as steam seems to have switched its standard directory from .steam to .local/share/Steam. I'll add that too. That should sort out your problems with steamclient.so too.

As for my service running srcds_linux and not srcds_run, that is because the former in my recollection of looking at it only checked the OS, set the environment variable LD_LIBRARY_PATH to contain the install directory and the bin dir therein and then ran srcds_linux. Nothing more to it, and I needed to do it by myself because it wasn't able to deal with the game directory not being the same as the home directory of the executing user, something like that.

Regarding your addon folder - I don't have that in vanilla css, so I can't really say something about it. But if you want to do it proper, you move the things it needs to write to the home directory of the user, link them in the addon directory of the game directory and only let the user write to stuff it really needs. That is most probably databases (search for 'sql') and/or cache.

Hope all things are clear now - If you find more bugs, I really appreciate it if you file some more issues :)