User called 'games' - who is he?

hnimmo · August 15, 2012, 6:31pm

My OpenSuse 12.1 installations all have a mysterious user called ‘games’. I did not install him, but I cannot delete him. He established himself at installation time as a member of the group ‘users’.

However, I do not know any password for this user and I cannot discover what permissions he has.

Does anyone know where he came from? Does anyone know how to get rid of him? Is he a security risk?:\

malcolmlewis · August 15, 2012, 6:52pm

Hi
It’s a system user…


cat /etc/passwd |grep games
games:x:12:100:Games account:/var/games:/bin/bash

–
Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 3.0.34-0.7-default
up 17 days 13:24, 5 users, load average: 1.34, 0.79, 0.76
CPU Intel i5 CPU M520@2.40GHz | Intel Arrandale GPU

nrickert · August 15, 2012, 7:07pm

This is part of a standard install. In principle, it allows some games to run as user “game” under the principle of least privilege.

There is no reason for concern.

hnimmo · August 15, 2012, 7:09pm

Thanks, Malcom, for the quick answer!!

What do you mean by a ‘system user’. Do you mean that he has all the rights of ‘root’?

Can I ditch him? How?

Cheers
hn

hnimmo · August 15, 2012, 7:11pm

Marvellous, thanks!

It would still be nice to know what permissions he has. How can I find that out?

Cheers
hn

hendersj · August 15, 2012, 7:22pm

On Wed, 15 Aug 2012 17:16:04 +0000, hnimmo wrote:

> What do you mean by a ‘system user’. Do you mean that he has all the
> rights of ‘root’?

No, only root has root’s rights.

It’s a user created by the system when installed.

I’d be inclined to leave it alone.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

hnimmo · August 15, 2012, 7:39pm

I understand that the ‘system’ installed the user ‘games’ at installation time, so that diverse games could have access to a directory owned by ‘root’. That sounds plausible, I suppose, and it makes sense not to delete him. Nevertheless, what permissions does he have. How can I find that out?

Cheers
hn

hcvv · August 15, 2012, 7:41pm

Look in /etc/passwd and you will see at least a twenty other users. User game is not alone.

Only a user with userid 0 is superuser.

System users are users that are loosely there for the benifit of the system. Several reasons. Amongst them, being owners of specific groups of files to ban them from the “normal” users to access them, but in the same time not to use root for them to enhance security.
By common usage they have userids below a certain number, not to clash with the normal “end-users”. In openSUSE they have userids < 1000.

hnimmo · August 15, 2012, 7:48pm

Many thanks, Henk! That is very helpful.

hnimmo · August 15, 2012, 7:56pm

What a great crew! I got all these answers within 1 hour and 10 minutes.

My thanks again, to all

Cheers
hn

hcvv · August 15, 2012, 7:59pm

You are welcome.

Yes, from time to time we are a great bunch alltogether And that includes you.

hendersj · August 15, 2012, 8:00pm

On Wed, 15 Aug 2012 17:46:02 +0000, hnimmo wrote:

> Nevertheless, what permissions does he have. How can I find that out?

The permissions would be based on the groups that user is in - just like
any normal non-root user. It’ll have permissions to its home directory
and any directories with group ownership set to a group it’s a member of
with the permissions set there.

*nix in the end has a very simple permissions model.

Jim

Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

geobaltz · August 15, 2012, 10:51pm

hnimmo wrote:

>
> My OpenSuse 12.1 installations all have a mysterious user called
> ‘games’. I did not install him, but I cannot delete him. He established
> himself at installation time as a member of the group ‘users’.
>
> However, I do not know any password for this user and I cannot discover
> what permissions he has.
>
> Does anyone know where he came from? Does anyone know how to get rid of
> him? Is he a security risk?:
>
>

It’s an automatically created user, with (normally) permissions to write
into /var/games - so if game binaries are installed as setuid or setgid to
‘games’, they can update the ‘High Scores’ info across the entire userbase.

At least that was the usage in all the Unices I’ve used, but it looks like
openSUSE doesn’t bother setting the setgid bits. And there is an un-
enterable password; it’s not a login userid.

So you can safely leave it alone.

please_try_again · August 16, 2012, 6:26am

Actually, It should be 499 (which is also smaller than 1000) according to my login.defs(.orig because I modify this file):

# grep ID_M /etc/login.defs.orig
# SYSTEM_UID_MIN to SYSTEM_UID_MAX inclusive is the range for
# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
SYSTEM_UID_MIN            100
SYSTEM_UID_MAX            499
UID_MIN                  1000
UID_MAX                 60000
# SYSTEM_GID_MIN to SYSTEM_GID_MAX inclusive is the range for
# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically
SYSTEM_GID_MIN            100
SYSTEM_GID_MAX            499
GID_MIN                  1000
GID_MAX                 60000

But you might wonder what users 500 to 999 are under openSUSE.