diff options
| author | Bruce Dubbs <bdubbs@linuxfromscratch.org> | 2020-06-08 19:44:56 +0000 |
|---|---|---|
| committer | Bruce Dubbs <bdubbs@linuxfromscratch.org> | 2020-06-08 19:44:56 +0000 |
| commit | 5061bc643ae1e53cd22c1cf9c86b934481108090 (patch) | |
| tree | 3c74e13cdc58d2ed46c384e1dd55eda29150eedd /chapter07/changingowner.xml | |
| parent | eb8890f68b9d1fa49c48b6d0f0c2a58ac7a6e0cd (diff) | |
Move changingowner from Chapter 6 to Chapter 7
git-svn-id: http://svn.linuxfromscratch.org/LFS/branches/cross2@11905 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
Diffstat (limited to 'chapter07/changingowner.xml')
| -rw-r--r-- | chapter07/changingowner.xml | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/chapter07/changingowner.xml b/chapter07/changingowner.xml new file mode 100644 index 000000000..43a902821 --- /dev/null +++ b/chapter07/changingowner.xml @@ -0,0 +1,41 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ + <!ENTITY % general-entities SYSTEM "../general.ent"> + %general-entities; +]> + +<sect1 id="ch-tools-changingowner"> + <?dbhtml filename="changingowner.html"?> + + <title>Changing Ownership</title> + + <note> + <para>The commands in the remainder of this book must be performed while + logged in as user <systemitem class="username">root</systemitem> and no + longer as user <systemitem class="username">lfs</systemitem>. Also, double + check that <envar>$LFS</envar> is set in <systemitem + class="username">root</systemitem>'s environment.</para> + </note> + + <para>Currently, the whole directory hierarchy in <filename + class="directory">$LFS</filename> + is owned by the user <systemitem class="username">lfs</systemitem>, a user + that exists only on the host system. If the directories under <filename + class="directory">$LFS</filename> are kept as they are, the files are + owned by a user ID without a corresponding account. This is dangerous because + a user account created later could get this same user ID and would own all + the files under <filename class="directory">$LFS</filename>, thus exposing + these files to possible malicious manipulation.</para> + + <para>To avoid this issue, you could add the <systemitem + class="username">lfs</systemitem> user to the new LFS system later when + creating the <filename>/etc/passwd</filename> file, taking care to assign it + the same user and group IDs as on the host system. Better yet, change the + ownership of the <filename class="directory">$LFS/*</filename> directories to + user <systemitem class="username">root</systemitem> by running the following + command:</para> + +<screen><userinput>chown -R root:root $LFS/{usr,lib,var,etc,bin,sbin,lib64,tools}</userinput></screen> + +</sect1> |