diff options
author | Gerard Beekmans <gerard@linuxfromscratch.org> | 2003-05-13 07:31:22 +0000 |
---|---|---|
committer | Gerard Beekmans <gerard@linuxfromscratch.org> | 2003-05-13 07:31:22 +0000 |
commit | b74e415582bf90f1189d9546cfd07b902b6f8e0a (patch) | |
tree | b5ff67a35a5f7a6d67e4155064965cb8ceaad5c3 /chapter06 | |
parent | 9c713f35af3c0fafaf4ffb31775e9a83d648d650 (diff) |
Applied Zack's ownership patch which fixes bug #510 which was originall patched and submitted by Alex Groenewoud
git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@2607 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
Diffstat (limited to 'chapter06')
-rw-r--r-- | chapter06/changingowner.xml | 37 |
1 files changed, 18 insertions, 19 deletions
diff --git a/chapter06/changingowner.xml b/chapter06/changingowner.xml index 2b24fecd3..5bca385d0 100644 --- a/chapter06/changingowner.xml +++ b/chapter06/changingowner.xml @@ -2,26 +2,25 @@ <title>Changing ownership</title> <?dbhtml filename="changingowner.html" dir="chapter06"?> -<para>Right now the /stage1 directory is owned by the lfs user. However, -this user account exists only on the host system. Although you may delete -the <filename class="directory">/stage1</filename> directory once you have -finished your LFS system, you might want to keep it around, e.g. for -building more LFS systems. But if you keep the -<filename class="directory">/stage1</filename> directory you will end up -with files owned by a user id without a corresponding account. This is -dangerous because a user account created later could get this user id and -would suddenly own the <filename class="directory">/stage1</filename> -directory and all of the files therein. This could open the -<filename class="directory">/stage1</filename> directory to manipulation by -an untrusted user.</para> +<para>Right now the <filename class="directory">/stage1</filename> directory +is owned by the user <emphasis>lfs</emphasis>, a user that exists only on your +host system. Although you will probably want to delete the +<filename class="directory">/stage1</filename> directory once you have +finished your LFS system, you may want to keep it around, for example to +build more LFS systems. But if you keep the +<filename class="directory">/stage1</filename> directory as it is, you end up +with files owned by a user ID without a corresponding account. This is +dangerous because a user account created later on could get this same user ID +and would suddenly own the <filename class="directory">/stage1</filename> +directory and all the files therein, thus exposing these files to possible +malicious manipulation.</para> -<para>To avoid this issue, you can add the -<emphasis>lfs</emphasis> user to the new LFS system later when creating -the <filename>/etc/passwd</filename> file, taking care to assign it the -same user and group id. Alternatively, you can (and the book will assume -you do) run the following command now, to assign the contents of the -<filename class="directory">/stage1</filename> directory to user -<emphasis>root</emphasis> by running the following command:</para> +<para>To avoid this issue, you could add the <emphasis>lfs</emphasis> user to +your new LFS system later on when creating the <filename>/etc/passwd</filename> +file, taking care to assign it the same user and group IDs as on your host +system. Alternatively, you can (and the book assumes you do) assign the +contents of the <filename class="directory">/stage1</filename> directory to +user <emphasis>root</emphasis> by running the following command:</para> <para><screen><userinput>chown -R 0:0 /stage1</userinput></screen></para> |