diff options
Diffstat (limited to 'chapter06/changingowner.xml')
-rw-r--r-- | chapter06/changingowner.xml | 31 |
1 files changed, 21 insertions, 10 deletions
diff --git a/chapter06/changingowner.xml b/chapter06/changingowner.xml index 8be1d39f0..f984f47d6 100644 --- a/chapter06/changingowner.xml +++ b/chapter06/changingowner.xml @@ -2,20 +2,31 @@ <title>Changing ownership</title> <?dbhtml filename="changingowner.html" dir="chapter06"?> -<para>The first thing we'll do, now that we're <emphasis>root</emphasis>, -is change the ownership of the files and directories installed in Chapter 5 -to root -- because when later we don't delete the -<filename class="directory">/static</filename> directory and start adding -new users, one of these users might end up owning the statically linked -programs, which is not a good idea.</para> +<para>Right now the /static directory is owned by the lfs user. However, +this user account exists only on the host system. Although you may delete +the <filename class="directory">/static</filename> directory once you have +finished your LFS system, you might want to keep it around, e.g. for +building more LFS systems. But if you keep the +<filename class="directory">/static</filename> directory you will end up +with files owned by a user id without a corresponding account. This is +dangerous because a user account created later could get this user id and +would suddenly own the <filename class="directory">/static</filename> +directory and all of the files therein. This could open the +<filename class="directory">/static</filename> directory to manipulation by +an untrusted user.</para> -<para>Run the following command to make root the owner of all the statically -linked programs:</para> +<para>To avoid this issue, you can add the +<emphasis>lfs</emphasis> user to the new LFS system later when creating +the <filename>/etc/passwd</filename> file, taking care to assign it the +same user and group id. Alternatively, you can (and the book will assume +you do) run the following command now, to assign the contents of the +<filename class="directory">/static</filename> directory to user +<emphasis>root</emphasis> by running the following command:</para> <para><screen><userinput>chown -R 0:0 /static</userinput></screen></para> -<para>The command uses "0:0" instead of "root:root", because there is no way -to resolve the name "root", as glibc hasn't been installed yet.</para> +<para>The command uses "0:0" instead of "root:root", because chown is unable +to resolve the name "root" until glibc has been installed.</para> </sect1> |