diff options
| author | Marc Heerdink <gimli@linuxfromscratch.org> | 2002-01-23 18:24:44 +0000 |
|---|---|---|
| committer | Marc Heerdink <gimli@linuxfromscratch.org> | 2002-01-23 18:24:44 +0000 |
| commit | 062461b217f60eb64b5f43a2ffcad1af634d6682 (patch) | |
| tree | 93fc35056bba94e2d7c00b50878a17e08047a9d4 | |
| parent | 93dba6aba6b5b53738a436ea6bbecfd8e4c9c46e (diff) | |
[Bug 149] Addition and Removal of files to resolve bug 149 (Install all software as an unprivileged user)
git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@1470 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
| -rw-r--r-- | chapter03/creatingdirs.xml | 77 | ||||
| -rw-r--r-- | chapter05/creatingdirs.xml | 66 | ||||
| -rw-r--r-- | chapter05/installasroot.xml | 20 | ||||
| -rw-r--r-- | chapter05/installasuser.xml | 55 | ||||
| -rw-r--r-- | chapter06/changingowner.xml | 19 |
5 files changed, 140 insertions, 97 deletions
diff --git a/chapter03/creatingdirs.xml b/chapter03/creatingdirs.xml deleted file mode 100644 index fb6d61244..000000000 --- a/chapter03/creatingdirs.xml +++ /dev/null @@ -1,77 +0,0 @@ -<sect1 id="ch04-creatingdirs"> -<title>Creating directories</title> -<?dbhtml filename="creatingdirs.html" dir="chapter04"?> - -<para>Before we start creating directories, we need to check the base -system's umask setting. To do this, we run -<userinput>umask</userinput>. The result should be 022. If it isn't, -then run the following command to ensure that the directories will be -created with the correct permissions:</para> - -<para><screen><userinput>umask 022</userinput></screen></para> - -<para>We would advise you to make sure that the umask is set to 022 -throughout your LFS installation.</para> - -<para>Let's now create the directory tree on the LFS partition based on the FHS -standard, which can be found at <ulink -url="http://www.pathname.com/fhs/">http://www.pathname.com/fhs/</ulink>. -Issuing the following commands will create a default directory layout:</para> - -<para><screen><userinput>cd $LFS &&</userinput> -<userinput>mkdir -p bin boot dev/pts etc/opt home lib mnt proc root sbin tmp var opt &&</userinput> -<userinput>for dirname in $LFS/usr $LFS/usr/local</userinput> -<userinput><literal> do</literal></userinput> -<userinput> mkdir $dirname</userinput> -<userinput> cd $dirname</userinput> -<userinput> mkdir bin etc include lib sbin share src var</userinput> -<userinput> ln -s share/man</userinput> -<userinput> ln -s share/doc</userinput> -<userinput> ln -s share/info</userinput> -<userinput> cd $dirname/share</userinput> -<userinput> mkdir dict doc info locale man nls misc terminfo zoneinfo</userinput> -<userinput> cd $dirname/share/man</userinput> -<userinput> mkdir man{1,2,3,4,5,6,7,8}</userinput> -<userinput>done &&</userinput> -<userinput>cd $LFS/var &&</userinput> -<userinput>mkdir -p lock log mail run spool tmp opt cache lib/misc local &&</userinput> -<userinput>cd $LFS/opt &&</userinput> -<userinput>mkdir bin doc include info lib man &&</userinput> -<userinput>cd $LFS/usr &&</userinput> -<userinput>ln -s ../var/tmp</userinput></screen></para> - -<para>Normally, directories are created with permission mode 755, which isn't -desired for all directories. The first change is a mode 0750 for the -$LFS/root directory. This is to make sure that not just everybody can -enter the /root directory (the same a user would do with /home/username -directories). The second change is a mode 1777 for the tmp -directories. This way, any user can write data to the /tmp or /var/tmp -directory but cannot remove another user's files (the latter is caused -by the so-called "sticky bit" - bit 1 of the 1777 bit mask).</para> - -<para><screen><userinput>cd $LFS &&</userinput> -<userinput>chmod 0750 root &&</userinput> -<userinput>chmod 1777 tmp var/tmp</userinput></screen></para> - -<para>Now that the directories are created, copy the source files that were -downloaded in chapter 3 to some subdirectory under $LFS/usr/src (you -will need to create the desired directory yourself).</para> - -<sect2> -<title>FHS compliance notes</title> - -<para>The FHS stipulates that the /usr/local directory should contain the -bin, games,include, lib, man, sbin, and share subdirectories. You can -alter your /usr/local directory yourself if you want your system -to be FHS-compliant.</para> - -<para>Also, the standard says that there should exist a /usr/share/games -directory, which we don't much like for a base system. But feel free to -make your system FHS-compliant if you wish. The FHS isn't precise as -to the structure of the /usr/local/share subdirectories, so we took the -liberty of creating the directories that we felt needed.</para> - -</sect2> - -</sect1> - diff --git a/chapter05/creatingdirs.xml b/chapter05/creatingdirs.xml new file mode 100644 index 000000000..8c0c369a5 --- /dev/null +++ b/chapter05/creatingdirs.xml @@ -0,0 +1,66 @@ +<sect1 id="ch05-creatingdirs"> +<title>Creating directories</title> +<?dbhtml filename="creatingdirs.html" dir="chapter05"?> + +<para>Let's now create the directory tree on the LFS partition based on +the FHS standard, which can be found at +<ulink url="http://www.pathname.com/fhs/">http://www.pathname.com/fhs/</ulink>. +Issuing the following commands will create a default directory layout:</para> + +<para><screen><userinput>cd $LFS && +mkdir -p bin boot dev/pts etc/opt home lib mnt proc root sbin tmp var opt && +for dirname in $LFS/usr $LFS/usr/local +<literal> do</literal> + mkdir $dirname + cd $dirname + mkdir bin etc include lib sbin share src var + ln -s share/man + ln -s share/doc + ln -s share/info + cd $dirname/share + mkdir dict doc info locale man nls misc terminfo zoneinfo + cd $dirname/share/man + mkdir man{1,2,3,4,5,6,7,8} +done && +cd $LFS/var && +mkdir -p lock log mail run spool tmp opt cache lib/misc local && +cd $LFS/opt && +mkdir bin doc include info lib man && +cd $LFS/usr && +ln -s ../var/tmp</userinput></screen></para> + +<para>Normally, directories are created with permission mode 755, which isn't +desired for all directories. The first change is a mode 0750 for the +$LFS/root directory. This is to make sure that not just everybody can +enter the /root directory (the same a user would do with /home/username +directories). The second change is a mode 1777 for the tmp +directories. This way, any user can write data to the /tmp or /var/tmp +directory but cannot remove another user's files (the latter is caused +by the so-called "sticky bit" - bit 1 of the 1777 bit mask).</para> + +<para><screen><userinput>cd $LFS && +chmod 0750 root && +chmod 1777 tmp var/tmp</userinput></screen></para> + +<para>Now that the directories are created, copy the source files that were +downloaded in chapter 3 to some subdirectory under $LFS/usr/src (you +will need to create the desired directory yourself).</para> + +<sect2> +<title>FHS compliance notes</title> + +<para>The FHS stipulates that the /usr/local directory should contain the +bin, games,include, lib, man, sbin, and share subdirectories. You can +alter your /usr/local directory yourself if you want your system +to be FHS-compliant.</para> + +<para>Also, the standard says that there should exist a /usr/share/games +directory, which we don't much like for a base system. But feel free to +make your system FHS-compliant if you wish. The FHS isn't precise as +to the structure of the /usr/local/share subdirectories, so we took the +liberty of creating the directories that we felt needed.</para> + +</sect2> + +</sect1> + diff --git a/chapter05/installasroot.xml b/chapter05/installasroot.xml deleted file mode 100644 index e959ca853..000000000 --- a/chapter05/installasroot.xml +++ /dev/null @@ -1,20 +0,0 @@ -<sect1 id="ch05-installasroot"> -<title>Install all software as user root</title> -<?dbhtml filename="installasroot.html" dir="chapter05"?> - -<para>It's best to log in as root or su's to root when installing the -packages. That way you are assured that all files are owned by user and -group root (and not owned by the userid of the non-root user), and if a -package wants to set special permissions, it can do so without problems -due to non-root access.</para> - -<para>The documentation that comes with Glibc, Gcc, and other -packages recommend not to compile the packages as user root. We -feel it's safe to ignore that recommendation and compile as user root -anyway. Hundreds of people using LFS have done so without any problems -whatsoever, and we haven't encountered any bugs in the compile processes -that cause harm. So it's pretty safe (never can be 100% safe though, so -it's up to you what you end up doing).</para> - -</sect1> - diff --git a/chapter05/installasuser.xml b/chapter05/installasuser.xml new file mode 100644 index 000000000..4fff1a36e --- /dev/null +++ b/chapter05/installasuser.xml @@ -0,0 +1,55 @@ +<sect1 id="ch05-installasuser"> +<title>Install all software as an unprivileged user</title> +<?dbhtml filename="installasuser.html" dir="chapter05"?> + +<para>When you are logged in as root during chapter 5, it is possible +that some files of your host system will be overwritten by the ones +you'll build in chapter 5. There can be all kinds of reasons for this +to happen, for example because the $LFS environment variable is not +set. Overwriting some files from your host system will most likely +cause all kinds of problems, so it's a good idea to be logged in as +an unprivileged user during chapter 5. To make sure the environment +is as clean as possible, we'll create a new user lfs that can be +used while building the static installation. Issuing the following +commands as root will create a new user "lfs":</para> + +<para><screen><userinput>useradd -s /bin/bash -m lfs +passwd lfs</userinput></screen></para> + +<para>Now it's time to change the permissions on your LFS partitions +so user "lfs" will have write access to it. Run the following command +as root to change the ownership of the LFS partition to user "lfs":</para> + +<para><screen><userinput>chown lfs $LFS</userinput></screen></para> + +<para>Now you can login as user "lfs". You can do this two ways: either +the normal way through the console or the display manager, or with +<userinput>su - lfs</userinput>. When you're working as user "lfs", type +the following commands to setup a good environment to work in:</para> + +<para><screen><userinput>cat >~/.bash_profile <<"EOF" +#!/bin/sh +umask 022 + +LFS=/mnt/lfs +LC_ALL=POSIX +export LFS LC_ALL +EOF +source ~/.bash_profile</userinput></screen></para> + +<para>This profile makes sure the umask is set to 022 so newly created +files and directories will have the correct permission. It is advisable +to keep this setting throughout your LFS installation. Also, the $LFS +and $LC_ALL environment variables are set. $LFS has been explained in +previous chapters already. $LC_ALL is a variable that is used for +internationalization.</para> + +<para>When your host distribution uses a glibc version older than 2.2.4, +having $LC_ALL set to something else than "C" or "POSIX" while working +through chapter 5 may cause trouble when you've exited the chrooted +environment of chapter 6 and try to return to it. By setting this to +"POSIX" ("C" is an alias for "POSIX") we ensure that everything will +work as expected in the chrooted environment.</para> + +</sect1> + diff --git a/chapter06/changingowner.xml b/chapter06/changingowner.xml new file mode 100644 index 000000000..9a1592007 --- /dev/null +++ b/chapter06/changingowner.xml @@ -0,0 +1,19 @@ +<sect1 id="ch06-changingowner"> +<title>Changing ownership of the LFS partition</title> +<?dbhtml filename="changingowner.html" dir="chapter06"?> + +<para>Now we're in chroot, it is a good time to change the ownership of +all files and directories that were installed in chapter 5 back to root. +Run the following commands to do so:</para> + +<para><screen><userinput>chown 0.0 / /proc && +chown -R 0.0 /bin /boot /dev /etc /home /lib /mnt /opt /root /sbin /tmp /usr /var</userinput></screen></para> + +<para>These commands will change the ownership of the root partition and +the <filename>/proc</filename> directory to root, plus everything under +the directories mentioned in the second line. In these commands, 0.0 is +used instead of the usual root.root, because the username root can't be +resolved because glibc is not yet installed.</para> + +</sect1> + |