###########################################################################

# This HOWTO tells you how to install the Steam for Linux Limited Beta in a separate user account without giving any root privileges to Steam.

# This gives you double security:

# 1. None of the Steam programs is ever executed as root, not even the install script

# 2. Steam is not even run with privileges of your primary user account. You are told how to generate a second user account which is a sandbox for Steam.

#

# The HOWTO was written and tested on Kubuntu 12.10 amd64 on 2012-12-07.

###########################################################################

# do the following as root (execute "sudo -i" in a terminal to get a root shell):

# add steam user account

useradd --create-home --shell / bin / bash --user-group steam

# deny terminal login for steam

passwd -l steam

# allow access to soundcard for steam

usermod -a -G audio steam

# now we allow access to the files of the steam user for our primary user account by adding it to the steam group

# notice that this is not needed for steam to work but it is nice to have

usermod -a -G steam < USERNAME OF YOUR PRIMARY USER ACCOUNT >

# give write access to steam group on steam homedir

chmod g+ w / home / steam

# inherit steam group to files which are created in the homedir of steam by your primary user

chmod g+s / home / steam

# prevent steam user from modifying bash configuration so it cannot fake a "logout". ideally, never use "logout", it is insecure. instead, close the X terminal window.

chattr +i / home / steam / .bash_logout / home / steam / .bashrc / home / steam / .profile

# now we allow our primary user account to sudo commands as the steam user

# open the file with nano editor:

nano / etc / sudoers.d / steam

# paste the following and press CTRL+X to exit, Y to save, ENTER to confirm the filename:

< USERNAME OF YOUR PRIMARY USER ACCOUNT > ALL = ( steam ) NOPASSWD: ALL

# set correct permissions:

chmod 440 / etc / sudoers.d / steam

# now the steam user account is set up and we install steam

# we must open a terminal which runs as the steam user and preserves the connection to the X-server.

# for kde-distrubtions such as kubuntu, use kdesudo:

kdesudo -u steam konsole

# for gnome-distributions such as ubuntu, use gksudo / gnome terminal (not tested, i use KDE):

gksudo -u steam gnome-terminal

# now enter the following in the terminal of the steam user:

# download the steam package:

wget http: // media.steampowered.com / client / installer / steam.deb

# extract package control information so we can look at the install scripts

dpkg -e steam.deb ~ / steam-package-control-information

# extract the actual package contents:

dpkg -x steam.deb ~ / steam-package

# now we obtain the list of packages which we need to install for steam to work:

grep Depends ~ / steam-package-control-information / control

# => use your favorite package manager to install those packages.

# after the packages are installed, continue in the steam user's terminal:

# reading the script /home/steam/steam-package-control-information/postinst shows that the primary action of the install script is to make the update notifier execute the script "/usr/lib/steam/steam-install-notify" per user

# so i looked what that script does and it tells the user to run "/usr/bin/steam"

# we had extracted this script to "/home/steam/steam-package/usr/bin/steam"

# so your job now is to edit this script and replace all absolute paths (= paths starting with "/") which reference steam stuff to be prefixed with $HOME/steam-package

# this can be done by:

# 1) listing all top level files/directories in the steam package with "ls steam-package".

# 2) searching the script for the names of those files/directories

# 3) looking carefully at each occurence and deciding whether it is steam stuff and needs to be changed or a system directory which does not need to be changed

# here is a diff of the modifications which i have done to the 2012-12-07 version of the file:

## $ diff steam.default ~/steam-package/usr/bin/steam

## 86c86

## < LAUNCHSTEAMBOOTSTRAPFILE="/usr/lib/$STEAMPACKAGE/bootstraplinux_$LAUNCHSTEAMPLATFORM.tar.xz"

## ---

## > LAUNCHSTEAMBOOTSTRAPFILE="/home/steam/steam-package/usr/lib/$STEAMPACKAGE/bootstraplinux_$LAUNCHSTEAMPLATFORM.tar.xz"

## 156c156

## < cp /usr/share/applications/$STEAMPACKAGE.desktop "$DESKTOP_DIR"

## ---

## > cp /home/steam/steam-package/usr/share/applications/$STEAMPACKAGE.desktop "$DESKTOP_DIR"

# so now we have a modified steam install script.

# it will try to generate files in the Desktop of the user account, and the directory does not exist yet, so we create it.

mkdir Desktop

# now execute the install script finally:

steam-package / usr / bin / steam

# steam is installed now :)

# now i've looked at Desktop/steam.desktop and checked for the syntax of steam. it was: "/usr/bin/steam %U"

# according to "http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s06.html" the %U is an URL, so we don't need that

# as a conclusion, the syntax to run steam from the terminal of the steam user is:

# /home/steam/steam-package/usr/bin/steam

# for being able to run steam directly from your primary user account, we can use gksudo/kdesudo:

# for kde-distrubtions such as kubuntu, use kdesudo:

kdesudo -u steam / home / steam / steam-package / usr / bin / steam

# for gnome-distributions such as ubuntu, use gksudo (not tested, i use KDE):

gksudo -u steam / home / steam / steam-package / usr / bin / steam

# of course you can create a desktop shortcut which executes this command. for kde, the following works:

# 1) browse to /usr/bin with the file manager

# 2) drag&drop the kdesudo binary to your desktop to generate a shortcut

# 3) rightclick the shortcut and select "icon settings"

# 4) in the application tab, set name to "Steam", the command to "/usr/bin/kdesudo -u steam /home/steam/steam-package/usr/bin/steam", and the work path to "/home/steam"