Securing a Linux Installation
From MangosWiki
I used Compile MaNGOS On Ubuntu for my debian lenny install and it worked quite good for me-instead of the Compile MaNGOS On Linux. i haven't compared them, but there must be some difference. So you can follow that guide and change something after getting it running. probably you don't need to use --enable-ra for make because you have ssh and don't realy need remote control?!
Contents |
User permissions
_NEVER_ run mangos as root! Create a new user and because this is a security guide i'll not suggest a username-but please don't use mangos ;-) Make an own group for the user and let it just in the one.
useradd {YOURPERSONALUSERNAMEFORMANGOS}
File permissions
If you go through the guide Compile MaNGOS On Ubuntu you'll install mangos to /opt/mangos so there we need to change the permissions.
chown -R {YOURPERSONALUSERNAMEFORMANGOS}:{YOURPERSONALUSERNAMEFORMANGOS} /opt/mangos More better i think is to install mangos in the homepath of {YOURPERSONALUSERNAMEFORMANGOS}.
Database permissions
Create a new user in MySQL. In the "host" field for the new user, provide the exact IP address of the server Mangos will be running on (if Mangos and MySQL are on the same computer, enter 127.0.0.1). So, for example, your user would be wow@192.168.0.100. Do not provide this user with any server-level permissions. Don't forget to use a secure password!
Using Sqlyog, go to Tools -> User Manager -> Manage Permissions. In the Username field, drop it down to the user you just created. For each of the four databases (Characters, Mangos, Realmd, and ScriptDev2), select only the following fields: Select, Insert, Update, Delete, Index
None of the other options are required.
In your mangosd.conf, realmd.conf, and ScriptDev2.conf files, use the above username and password for your database connections.
Running mangos
You can now run mangos. Login as mangos or do
sudo - {YOURPERSONALUSERNAMEFORMANGOS}
cd /opt/mangos/bin
Now it is smart to run realmd and worldd in the background but not with ./mangos-worldd &
You could use screen instead.
screen -mS mangos ./mangos-realmd Ctrl+a c ./mangos-worldd Ctrl+a d
APIs/Web-Tools permissions
It is recommended to use a different user for 3rd party apps.
E.x. you use php tools like armory, character map, (account management).
And perhaps just permissions for SELECT because they realy don't need to write data into the database.
