-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Dec 04, 2007 at 09:10:45AM -0500, Douglas A. Tutty wrote: > On Mon, Dec 03, 2007 at 11:47:54AM -0500, Michael Pobega wrote: > > > Using sudo the way Jostein suggested is just as open to problems as > > logging in as root is, and should be avoided at all costs. Sudo was made > > to save the user from hassle, for example, to play Wesnoth I need to > > have access to the SDL framebuffer, but since you need to have root > > permissions to access it I granted myself permissions just to Wesnoth. > > > > pobega ALL=NOPASSWD /usr/games/wesnoth > > > > And aliased in my shell: > > > > alias wesnoth 'sudo /usr/games/wesnoth' > > > > So when I run `wesnoth`, the framebuffer is automagically started and > > I'm granted root permissions just for this one operation. > > However, then the whole game is being run with root privleges. Is it > audited for use by root; what else is that binary doing while you're > gaming? Sudo only limits what commands you can issue > from the shell; it does't limit what those commands can do. It would be > better to do one of the following: > > 1. Have a separate game machine that you can reload > periodically. It should have not public keys on it or > any other sensitive info. Use a non-gaming box for real > work. > > 2. Find an alternative to the SDL framebuffer. Perhaps > there's a permissions thing that could give members of > a 'gaming' group or something access to the SDL. Then > the game could run under that normal user. > > 3. Choose a different game. > > Note that I have sdl installed as dependencies of vlc. However, I can > play vlc as a normal user. Perhaps its a group thing. > > Are you in the video group? >
Yes, I am. And I should have access to the framebuffer, but for some reason it doesn't work with SDL; Would CHMODing the file in /dev/ be enough to grant me rw permissions to the fb? - -- If programmers deserve to be rewarded for creating innovative programs, by the same token they deserve to be punished if they restrict the use of these programs. - Richard Stallman -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHVXiDg6qL2BGnx4QRAmkKAKCfLXp3mBm3u7NFO073lSuSmM5WkACfTHbf lIUWBsVv/FatCO3v4w+63x0= =NzKE -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
