Part 3: Monitoring the dedicated server.

Since the game is not run as a service or as a daemon but as a program you have to stay logged on to the server as the user while the server is running,  depending on your situation this might be bothersome. Optimally a dedicated server should be run as a service,  you start it and can go do something else on the computer,  even log outof your user. This is what I wanted to achieve from the get go, but I ran into some problems that I solved in the end.


This is part 3 of a 4 part series on how to set up and config a Left 4 Dead 2 dedicated server on CentOS Linux.

Part 1 : Setting up the environment and installing the server

Part 2 : Firewall configuration

Part 3 : Monitoring the dedicated server.

Part 4 : Extras.  Host and MOTD banners, Exclusive servers and lobby.



3a) My First attempts

I tried using nohup to get the server to continue running in the background but for some reason it never worked correctly especially when I tried to Tee the output to a file it always failed. (If you don’t recognize these linux term don’t worry about it since they proved to be non-usable for our purposes, but if you’re interested in what these two commands do then there’s http://en.wikipedia.org/wiki/Nohup and http://en.wikipedia.org/wiki/Tee_%28command%29). The second thing I looked at was screen.  Screen however posed another problem for me, I restrict access to my box very tightly and I absolutely do not want a user like SteamServer to be able to log onto my server with ssh, so I always assumed it’s identity with “su SteamServer -“, this however does not allow for screen to be used since it won’t have access to the terminal. A quick and dirty way to fix this is to give the user permission to the terminal, but I don’t really like quick and dirty fixes in these matters.

3b) Solving the problem

If you have no quarrels about giving the SteamServer user ssh access to your box you should skip to 3c, you should however make sure the user has a strong password set and is not a member of Wheel :).

What was needed was a way that allows me to login to the box using ssh and create a new shell for the SteamServer user which will give me unhindered access to screen while somehow deny everyone else the privilege of using SteamServer to login to the box.   Best way that I found to achieve this is to limit his login attempts to the localhost. That way I can ssh to my box with my normal user like I always do, and from there I can ssh to localhost and use SteamServer login credentials. What allows me to do this is PAM.

*disclaimer*
Messing with PAM while not knowing what you’re doing can have unexpected consequences.  The most prominent one I think is denying yourself access to your box.  What I go over here is very basic and if you decide to follow this you do so on your own risk.
*/disclaimer*

First we need to add a Require statement to the sshd config for PAM to add extra requirements for the users,  so open up “/etc/pam.d/sshd” and add the line   “account    required     pam_access.so” after the existing Account statements (should be 2 of them in the default config) I put it at the bottom of the Account statements.  Next we need to add some rules to the pam_access module,  so open up the “/etc/security/access.conf” file in an editor of your choice.

We need to create 2 rules for the SteamServer user, one to allow his access from localhost and the other to deny him access from everywhere else.  So add these two lines to the file.

# Allow the Steam User from localhost
 +:SteamServer:127.0.0.1/24
 -:SteamServer:ALL

And to make sure your normal users still have access to the machine add rules for them like this.

+:User1:ALL
 +:User2:ALL

UPDATE : Having -:ALL:ALL at the bottom can cause unexpected problems if you were not already using the pam_access module and had it configured to your needs,  If you encounter any problems comment the line out, 

and the access ruleset should always end with to deny everyone else access

# All other users should be denied to get access from all sources.
 - : ALL : ALL

Now you can ssh to the server as the SteamServer user from localhost, but nowhere else.

3c) Starting and Monitoring the server.

now that we have normal shell access to the machine we can get down to the business of starting the server, keep it running and not worry about having to be logged on or not.. and gives us access to the program to issue server side commands or view the output.

Type

$ screen -m -S Left4Dead2

all your bash history should disappear,  try pressing ctrl-a and while holding ctrl-a press d,  this key combo should detach you from the screen session and you should see a “[detached]” message.  This meens you’ve detached the screen session,  the screen session is still running in the background.  try using the “screen -list” command,  and you should see your session listed there,  something similiar to this and the screen session you just created listed:

$ screen -list
 There is a screen on:
 19198.Left4Dead2        (Detached)
 1 Socket in /var/run/screen/S-steam.

To connect to the screen session again you use screen with the -r switch. You can either specify the ID (19198 in my example) or the name of the session we specified (the -S switch),  I find it easier to specify names, especially if you intend to run more than one Steam server.

So execute the following command to get back to the screen session.

$ screen -r Left4Dead2

Now navigate to the Left4Dead2 directory and let’s try to start the sever just like we did in part 1.

UPDATE : Do not use +exec,  see updated Part 1 for more information.

$ ./srcds_run +hostport 27015 +servercfgfile CustomServerConfig.cfg +map c5m1_waterfront -game left4dead2  -ip 10.10.10.10

you should see the server come up normally,  now when you see the

Connection to Steam servers successful.
VAC secure mode is activated.

message,  press CTRL-A+D and detach the session.  and just to prove a point, logout of the SteamServer user completely.  The server should still be running,  you can check that by using your normal user account which you should be in now, just run “ps -efw | grep srcds” and you should see two processess running with the command we used to start the server.

There you go,  now you can run the server in the background while not having to be logged on to the server.  If you want to check the status of the server or run server side commands you just ssh to the Steamserver user and attach to your screen session that is running the game.

That’s it for part 3,  make sure to check out Part 4 for some extra information about the banners and using your private server to host new lobbies.

Tagged with:
 

One Response to Left 4 Dead 2 Dedicated Server on Linux : Part 3