Games need to be all owned by root and in the games group. There is apparently no real user "games;" it is a pseudo-user which has the same permissions as a regular user, and which games should not be run setuid as. To satisfy Trusted Path Execution, games' binaries should be root owned and in the games group. This seems to work fine for quake3, bsd-games, and armagetron. I believe it worked for Planeshift, but I really don't remember if I tried it.
Guys? So do we change the games.eclass to make everything owned root:games? I can see the benefit in this, and it is a requirement for TPE, as the poster mentioned.
Well, I have changed the games to be owned root:games via the eclass since I got no response... ;] I also think that there is little need for the games user now. However, I would much rather we depracate the games-ded user and use the games user for things like dedicated servers. Objections?
I forgot to mark this resolved
i thought i commented on this :) i'm good with this except the way you fixed the eclass is wrong you really need to change the GAMES_USER var rather than the subfunction since a lot of ebuilds use that variable
OK. I changed the GAMES_USER to root, changed GAMES_USER_DED to games, and reverted the change to the gamesowners function. Sound good?
