0

I'm creating an install script for a Linux game. As part of the installation, I change the suid permissions of the game executable to the "games" group so that the game can update the highscore file even when its run by regular users.

Right now my Makefile.am looks like this:

AUTOMAKE_OPTIONS = foreign
SUBDIRS = src man

install-exec-hook:
    chgrp games @bindir@/xjump
    chmod +s    @bindir@/xjump

    mkdir -p    @localstatedir@/xjump
    touch       @localstatedir@/xjump/record
    chmod 660   @localstatedir@/xjump/record
    chgrp games @localstatedir@/xjump/record

The problem I am having is that the chgrp command requires administrative privileges. If I am installing the game globally using sudo make install then its all works fine but if I change the prefix to somewhere in my home directory and try to do a regular make install it fails due to the chgrp

chgrp: changing group of ‘/home/hugo/Desktop/aaa/bin/xjump’: Operation not permitted

Since the locally installed version of the game only has a single player, I don't really need to do the chgrp thing. Is there a way to detect if the makefile is being run without root privileges and skip the permission changing? Or should I add a configuration flag to my configure script instead of trying to fix this permission issue automatically?

hugomg
  • 68,213
  • 24
  • 160
  • 246
  • yes, chgrp requires root privs. otherwise you could trivially do a DoS attack on a group or user by "giving" them a bunch of files and exceeding their disk quota. only root can give away files in an arbitrary manner. or silly system hacks like creating a suid binary that you own, chown/chgrp-ing it to root/wheel, and totally subvert the system. – Marc B Apr 21 '15 at 18:09
  • My question is that if I am installing for a single user then the chgrp is not needed. So in that case I would like if the installation script didn't require root like it does now. – hugomg Apr 21 '15 at 18:26
  • if it's just for a single user, why change the group at all? put the score file into the user's homedir owned/grouped as the user. – Marc B Apr 22 '15 at 14:05
  • Its not always for a single user. I want the option to install globally or locally. – hugomg Apr 22 '15 at 14:14

2 Answers2

1

When the commands fail, you did not run as root. It seems nothing goes wrong, you just do not want the error messages. You can see who you are, but the easiest solution is redirecting the output Finish with true, so your step doesn't fail:

chgrp games @localstatedir@/xjump/record 2>/dev/null || true
hugomg
  • 68,213
  • 24
  • 160
  • 246
Walter A
  • 19,067
  • 2
  • 23
  • 43
  • This works! But a wonder if there isn't a more nuanced way to solve this problem without swallowing any other error the chgrop might throw. – hugomg Apr 21 '15 at 18:24
  • You could use something like `[ "$(id -u)" = "0" ]` but you introduce more control statements. A makefile is not a shellscript. – Walter A Apr 21 '15 at 18:31
1

If you run "whoami", you would be able to find out who the current user is.

    runner=`whoami` ; 
    if test $$runner == "root" ; 
    then 
            chgrp games @localstatedir@/xjump/record
    fi
CharlesL
  • 942
  • 5
  • 14