Running X and GL games without setuid
If you only run the X and GL versions of Quake, QuakeWorld or Quake II, you don't need to run them with
root permissions. SVGA is the only mode that must be run as root. The X versions just need access to
/dev/dsp, the sound device. The GL versions need access to the 3Dfx card as well as to /dev/dsp.
/dev/dsp needs to be readable and writeable by Quake. Most distributions give it 662 (rw−rw−−w−)
permissions by default. The simplest solution is to just chmod 666 /dev/dsp. On most systems, the
ability to read from the sound device will not pose a significant security threat. If this approach is
unacceptable for your system, create a group that owns /dev/dsp and make your Quake players members
of that group.
You need the /dev/3dfx driver from Daryll Strauss' glide page (
http://glide.xxedgexx.com/3DfxRPMS.html) in order run glide applications (like GLQuake) non−root.
Download the Device3Dfx.xxx.rpm package and install according to the instructions on the web page.
After you've installed the driver, make sure /dev/3dfx has 666 permissions (chmod 666 /dev/3dfx).
When /dev/dsp and /dev/3dfx are properly set up, you can remove the setuid bit from your
Quake/QW/Q2 executables. Just do (as root) chmod 0755 XXXXX, where XXXXX is either glquake,
quake.x11, or quake2.
If you've been playing as root prior to making these changes, many of your Quake files (like savegames) may
be owned by root and inaccessible to a normal user, so remember to change the files' ownership before you
attempt to play the game non−root.
If you only run the X and GL versions of Quake, QuakeWorld or Quake II, you don't need to run them with
root permissions. SVGA is the only mode that must be run as root. The X versions just need access to
/dev/dsp, the sound device. The GL versions need access to the 3Dfx card as well as to /dev/dsp.
/dev/dsp needs to be readable and writeable by Quake. Most distributions give it 662 (rw−rw−−w−)
permissions by default. The simplest solution is to just chmod 666 /dev/dsp. On most systems, the
ability to read from the sound device will not pose a significant security threat. If this approach is
unacceptable for your system, create a group that owns /dev/dsp and make your Quake players members
of that group.
You need the /dev/3dfx driver from Daryll Strauss' glide page (
http://glide.xxedgexx.com/3DfxRPMS.html) in order run glide applications (like GLQuake) non−root.
Download the Device3Dfx.xxx.rpm package and install according to the instructions on the web page.
After you've installed the driver, make sure /dev/3dfx has 666 permissions (chmod 666 /dev/3dfx).
When /dev/dsp and /dev/3dfx are properly set up, you can remove the setuid bit from your
Quake/QW/Q2 executables. Just do (as root) chmod 0755 XXXXX, where XXXXX is either glquake,
quake.x11, or quake2.
If you've been playing as root prior to making these changes, many of your Quake files (like savegames) may
be owned by root and inaccessible to a normal user, so remember to change the files' ownership before you
attempt to play the game non−root.
<< Home