aboutsummaryrefslogtreecommitdiffstats
path: root/chapter07/changingowner.xml
diff options
context:
space:
mode:
authorBruce Dubbs <bdubbs@linuxfromscratch.org>2020-06-07 20:16:00 +0000
committerBruce Dubbs <bdubbs@linuxfromscratch.org>2020-06-07 20:16:00 +0000
commitfcc027677da55c41dcaea045f5b9ff8b088e6495 (patch)
tree42500a7858959695b971e7f28f1d0bf33185db2e /chapter07/changingowner.xml
parentd53fefab5a6772fef606392a61608fc290e6a7ae (diff)
Initial commit of alternative cross LFS
git-svn-id: http://svn.linuxfromscratch.org/LFS/branches/cross2@11897 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
Diffstat (limited to 'chapter07/changingowner.xml')
-rw-r--r--chapter07/changingowner.xml41
1 files changed, 41 insertions, 0 deletions
diff --git a/chapter07/changingowner.xml b/chapter07/changingowner.xml
new file mode 100644
index 000000000..43a902821
--- /dev/null
+++ b/chapter07/changingowner.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+ <!ENTITY % general-entities SYSTEM "../general.ent">
+ %general-entities;
+]>
+
+<sect1 id="ch-tools-changingowner">
+ <?dbhtml filename="changingowner.html"?>
+
+ <title>Changing Ownership</title>
+
+ <note>
+ <para>The commands in the remainder of this book must be performed while
+ logged in as user <systemitem class="username">root</systemitem> and no
+ longer as user <systemitem class="username">lfs</systemitem>. Also, double
+ check that <envar>$LFS</envar> is set in <systemitem
+ class="username">root</systemitem>'s environment.</para>
+ </note>
+
+ <para>Currently, the whole directory hierarchy in <filename
+ class="directory">$LFS</filename>
+ is owned by the user <systemitem class="username">lfs</systemitem>, a user
+ that exists only on the host system. If the directories under <filename
+ class="directory">$LFS</filename> are kept as they are, the files are
+ owned by a user ID without a corresponding account. This is dangerous because
+ a user account created later could get this same user ID and would own all
+ the files under <filename class="directory">$LFS</filename>, thus exposing
+ these files to possible malicious manipulation.</para>
+
+ <para>To avoid this issue, you could add the <systemitem
+ class="username">lfs</systemitem> user to the new LFS system later when
+ creating the <filename>/etc/passwd</filename> file, taking care to assign it
+ the same user and group IDs as on the host system. Better yet, change the
+ ownership of the <filename class="directory">$LFS/*</filename> directories to
+ user <systemitem class="username">root</systemitem> by running the following
+ command:</para>
+
+<screen><userinput>chown -R root:root $LFS/{usr,lib,var,etc,bin,sbin,lib64,tools}</userinput></screen>
+
+</sect1>