Run Updates as root / another user

Would you like to see a feature added into GSP-Panel? Post it here
Post Reply
Cidvond
Posts: 31
Joined: Tue Dec 17, 2013 5:00 am

Run Updates as root / another user

Post by Cidvond » Thu Feb 11, 2016 11:58 am

Hey Guys,

Wanted to suggest being able to run updates as root. When doing game installs it runs as root so it would be nice to have a check box to run updates as root. The reason for this is SteamCMD has to auth using steam guard for each user. Rather then having it to where I download the files into a folder and then make it able to copy over I wrote the update commands into the update button so users can update their servers when the newest patch releases. The problem I am having is it runs as user gsp_#. This means I have to auth each gsp user to be able to use steamCMD via logging into them and running it once so I can enter the steam guard code. Its only a minor inconvenience but would be very helpful to have a check box in the update area to run as root or another user you define that is already on the remote server. The game installer does this already and just thought it be nice to have that option for the game updated without it having to script the root log in. Let me know what you think!

Thanks,
Cidvond

William
Posts: 201
Joined: Fri Jun 04, 2010 10:29 pm

Re: Run Updates as root / another user

Post by William » Thu Feb 11, 2016 8:07 pm

We will take a look into this. From a security aspect it's better to have the update run as a user and not as root.

Cidvond
Posts: 31
Joined: Tue Dec 17, 2013 5:00 am

Re: Run Updates as root / another user

Post by Cidvond » Fri Feb 12, 2016 8:42 am

I understand the security aspect of this and you wouldn't want to run it as root. Would it be possible to add a new user to the remote client called gspadmin or gspupdater and have that account do all the updates rather then the gsp_# number account. This way there is 1 account doing everything and you can still keep the steam account security with steam guard. Really this just matters for steamcmd updates so I had another idea about it. If possible you might be able to add a 2nd updater account for just steamcmd and have a check box in the update template for stating if it is a steamcmd update or not and then if it is have a new box open that would ask for the steamcmd command line that would point to the /usr/local/gsp-games/steamcmd/steamcmd.sh file (or where ever your game install dir is) to run the command rather then scripting all that out again. Basically what I'm getting at is I would like the see the control panel become a little more steamcmd friendly. I know a lot of this is easier said then done but thought it might be a good idea / feature to have. Let me know what you think.

Thanks for your help,
Cidvond

William
Posts: 201
Joined: Fri Jun 04, 2010 10:29 pm

Re: Run Updates as root / another user

Post by William » Fri Feb 12, 2016 9:13 am

Thanks for the input, we certainly want to make our software as SteamCMD friendly as possible and are always looking into ways to make this happen. The biggest issue we have is with Steam Guard, so that is where our focus is right now.

Another issue with doing it as another user (root, gspadmin, etc) is that the new/updated files will no longer be owned by the user, so for example if a new config is added by steamcmd the user will not be able to edit it.

Cidvond
Posts: 31
Joined: Tue Dec 17, 2013 5:00 am

Re: Run Updates as root / another user

Post by Cidvond » Fri Feb 12, 2016 10:53 am

I noticed you have a global identifier for game server root {GameHomeDir} you might be able to use the same technique to find the user that owns the gsp_# dir and have it do chown -R {DirOwner}:{DirOwner} {GameHomeDir} after the install is finished running but that seems like that might be a little bit out there to do. Another Idea would be changing the folder permissions to 770 or 774 and making it so the installer user (gspupdater, gspadmin, etc) is in the same group as gsp_#. Lastly the last idea for this would add a fix permissions button to the FTP or to the main control panel area. I have seen other control panels have this but was never sure why until now. Also that would resolve any issues if someone uploads a file to the server and the permissions are not updated on it.

Post Reply