Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###########################################################################
- # This HOWTO tells you how to install the Steam for Linux Limited Beta in a separate user account without giving any root privileges to Steam.
- # This gives you double security:
- # 1. None of the Steam programs is ever executed as root, not even the install script
- # 2. Steam is not even run with privileges of your primary user account. You are told how to generate a second user account which is a sandbox for Steam.
- #
- # The HOWTO was written and tested on Kubuntu 12.10 amd64 on 2012-12-07.
- ###########################################################################
- # do the following as root (execute "sudo -i" in a terminal to get a root shell):
- # add steam user account
- useradd --create-home --shell /bin/bash --user-group steam
- # deny terminal login for steam
- passwd -l steam
- # allow access to soundcard for steam
- usermod -a -G audio steam
- # now we allow access to the files of the steam user for our primary user account by adding it to the steam group
- # notice that this is not needed for steam to work but it is nice to have
- usermod -a -G steam <USERNAME OF YOUR PRIMARY USER ACCOUNT>
- # give write access to steam group on steam homedir
- chmod g+w /home/steam
- # inherit steam group to files which are created in the homedir of steam by your primary user
- chmod g+s /home/steam
- # prevent steam user from modifying bash configuration so it cannot fake a "logout". ideally, never use "logout", it is insecure. instead, close the X terminal window.
- chattr +i /home/steam/.bash_logout /home/steam/.bashrc /home/steam/.profile
- # now we allow our primary user account to sudo commands as the steam user
- # open the file with nano editor:
- nano /etc/sudoers.d/steam
- # paste the following and press CTRL+X to exit, Y to save, ENTER to confirm the filename:
- <USERNAME OF YOUR PRIMARY USER ACCOUNT> ALL=(steam) NOPASSWD: ALL
- # set correct permissions:
- chmod 440 /etc/sudoers.d/steam
- # now the steam user account is set up and we install steam
- # we must open a terminal which runs as the steam user and preserves the connection to the X-server.
- # for kde-distrubtions such as kubuntu, use kdesudo:
- kdesudo -u steam konsole
- # for gnome-distributions such as ubuntu, use gksudo / gnome terminal (not tested, i use KDE):
- gksudo -u steam gnome-terminal
- # now enter the following in the terminal of the steam user:
- # download the steam package:
- wget http://media.steampowered.com/client/installer/steam.deb
- # extract package control information so we can look at the install scripts
- dpkg -e steam.deb ~/steam-package-control-information
- # extract the actual package contents:
- dpkg -x steam.deb ~/steam-package
- # now we obtain the list of packages which we need to install for steam to work:
- grep Depends ~/steam-package-control-information/control
- # => use your favorite package manager to install those packages.
- # after the packages are installed, continue in the steam user's terminal:
- # reading the script /home/steam/steam-package-control-information/postinst shows that the primary action of the install script is to make the update notifier execute the script "/usr/lib/steam/steam-install-notify" per user
- # so i looked what that script does and it tells the user to run "/usr/bin/steam"
- # we had extracted this script to "/home/steam/steam-package/usr/bin/steam"
- # so your job now is to edit this script and replace all absolute paths (= paths starting with "/") which reference steam stuff to be prefixed with $HOME/steam-package
- # this can be done by:
- # 1) listing all top level files/directories in the steam package with "ls steam-package".
- # 2) searching the script for the names of those files/directories
- # 3) looking carefully at each occurence and deciding whether it is steam stuff and needs to be changed or a system directory which does not need to be changed
- # here is a diff of the modifications which i have done to the 2012-12-07 version of the file:
- ## $ diff steam.default ~/steam-package/usr/bin/steam
- ## 86c86
- ## < LAUNCHSTEAMBOOTSTRAPFILE="/usr/lib/$STEAMPACKAGE/bootstraplinux_$LAUNCHSTEAMPLATFORM.tar.xz"
- ## ---
- ## > LAUNCHSTEAMBOOTSTRAPFILE="/home/steam/steam-package/usr/lib/$STEAMPACKAGE/bootstraplinux_$LAUNCHSTEAMPLATFORM.tar.xz"
- ## 156c156
- ## < cp /usr/share/applications/$STEAMPACKAGE.desktop "$DESKTOP_DIR"
- ## ---
- ## > cp /home/steam/steam-package/usr/share/applications/$STEAMPACKAGE.desktop "$DESKTOP_DIR"
- # so now we have a modified steam install script.
- # it will try to generate files in the Desktop of the user account, and the directory does not exist yet, so we create it.
- mkdir Desktop
- # now execute the install script finally:
- steam-package/usr/bin/steam
- # steam is installed now :)
- # now i've looked at Desktop/steam.desktop and checked for the syntax of steam. it was: "/usr/bin/steam %U"
- # according to "http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s06.html" the %U is an URL, so we don't need that
- # as a conclusion, the syntax to run steam from the terminal of the steam user is:
- # /home/steam/steam-package/usr/bin/steam
- # for being able to run steam directly from your primary user account, we can use gksudo/kdesudo:
- # for kde-distrubtions such as kubuntu, use kdesudo:
- kdesudo -u steam /home/steam/steam-package/usr/bin/steam
- # for gnome-distributions such as ubuntu, use gksudo (not tested, i use KDE):
- gksudo -u steam /home/steam/steam-package/usr/bin/steam
- # of course you can create a desktop shortcut which executes this command. for kde, the following works:
- # 1) browse to /usr/bin with the file manager
- # 2) drag&drop the kdesudo binary to your desktop to generate a shortcut
- # 3) rightclick the shortcut and select "icon settings"
- # 4) in the application tab, set name to "Steam", the command to "/usr/bin/kdesudo -u steam /home/steam/steam-package/usr/bin/steam", and the work path to "/home/steam"
- # if you liked this HOWTO, please consider donating some bitcoins to me. my address is: 1MUpLx5Y5fH7qTJdT9JvZviwAMjcc4wGWh
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement