Re: the setgid games mess

[Joerg Sonnenberger <joerg%britannica.bec.de@localhost>]

On Sat, Nov 28, 2009 at 05:31:19PM +0000, David Holland wrote:
> On Sat, Nov 28, 2009 at 06:24:25PM +0100, Joerg Sonnenberger wrote:
>  > On Sat, Nov 28, 2009 at 08:15:21AM +0000, David Holland wrote:
>  > >    - In order to make this work, the various platform .mk files should
>  > >      be adjusted so that GAMES_GROUP (and GAMES_USER if it doesn't go
>  > >      away) is always defined, rather than being randomly commented out
>  > >      or randomly conditionalized on SETGIDGAME.
>  > 
>  > Just provide a single standard in defaults/mk.conf -- I don't see much
>  > point in duplicating this all over the place. It's mostly c&p anyway.
> 
> Well, it's not unreasonable to suppose that some platform might appear
> where there's e.g. an existing games group called something other than
> "games". But perhaps not.

I am willing to burn that bridge when we hit it.

>  > >    - GAMEMODE/GAMEDIRMODE/GAMEDATAMODE should not be defined in the
>  > >      platform .mk files but in someplace common. They should not be in
>  > >      mk/defaults/mk.conf either. Someone please tell me where the
>  > >      right place is!
>  > 
>  > Why not in mk/defaults/mk.conf?
> 
> Because these aren't things meant to be set by users in mk.conf? Or is
> that not the standard for defaults/mk.conf?

I don't see why they shouldn't be. They are overridable ATM if
SETGIDNAME=no.

> 
>  > >    - When UNPRIVILEGED=yes, GAMES_GROUP, GAMEMODE, GAMEDIRMODE, and
>  > >      GAMEDATAMODE should be adjusted accordingly, to
>  > >      UNPRIVILEGED_GROUP, 555, 755, and 644 respectively. This is at
>  > >      least partly already in place.
>  > 
>  > I don't see the point in this.
> 
> It makes most things build, install, and work when unprivileged?

chmod 664 works for unprivileged too. Whether or not it creates a
problem like "do all users share one group" is the relevant question.
I'd be careful about making assumptions in this area though.

Joerg