[Tux4kids-tuxtype-dev] [Tuxmath-devel] t4k_common problem in tuxtype and tuxmath

[David Bruce]

Hi,

> I'm having a small problem with tuxtype library's editor that I have already
> 'solved'.
> The creation of libraries occurs in the folder var/tuxtype/words that has
> root as owner.
> So, only root can create and edit libraries. This is so purposefully ?

The purpose was to have a location that could be written to and read
by the tuxtype program irrespective of the current user, so that (for
example) a teacher or other admin could edit the word lists, and all
users could use the resultant lists.  The normal location for bundled
program data (e.g. /usr/local/share/tuxtype/) isn't supposed to be
modified in the normal course of program operation.

It turns out that the "right way" to do this is tricky.  From what I
learned, the traditional way would be to have the tuxtype binary
belong to the "games" group with the setgid bit set, allowing it to
modifiy locations that members of the "games" group can modify, and
setting up the /var/games/tuxtype location accordingly.  Hence they
get set to "root:games" (although I see the binary isn't yet set to
the "games" group upon "make install").

However, setuid and setgid binaries can be security risks, so modern
security-conscious distros (e.g. Fedora) have policies to prohibit or
at least strongly deprecate them.  I was told that to use a location
like this, we should write a dedicated tuxtype daemon program to
handle these file operations.

So, this feature is sort of stalled awaiting further development.

Best,

David Bruce