aboutsummaryrefslogtreecommitdiffstats
path: root/chapter06/changingowner.xml
diff options
context:
space:
mode:
Diffstat (limited to 'chapter06/changingowner.xml')
-rw-r--r--chapter06/changingowner.xml31
1 files changed, 21 insertions, 10 deletions
diff --git a/chapter06/changingowner.xml b/chapter06/changingowner.xml
index 8be1d39f0..f984f47d6 100644
--- a/chapter06/changingowner.xml
+++ b/chapter06/changingowner.xml
@@ -2,20 +2,31 @@
<title>Changing ownership</title>
<?dbhtml filename="changingowner.html" dir="chapter06"?>
-<para>The first thing we'll do, now that we're <emphasis>root</emphasis>,
-is change the ownership of the files and directories installed in Chapter 5
-to root -- because when later we don't delete the
-<filename class="directory">/static</filename> directory and start adding
-new users, one of these users might end up owning the statically linked
-programs, which is not a good idea.</para>
+<para>Right now the /static directory is owned by the lfs user. However,
+this user account exists only on the host system. Although you may delete
+the <filename class="directory">/static</filename> directory once you have
+finished your LFS system, you might want to keep it around, e.g. for
+building more LFS systems. But if you keep the
+<filename class="directory">/static</filename> directory you will end up
+with files owned by a user id without a corresponding account. This is
+dangerous because a user account created later could get this user id and
+would suddenly own the <filename class="directory">/static</filename>
+directory and all of the files therein. This could open the
+<filename class="directory">/static</filename> directory to manipulation by
+an untrusted user.</para>
-<para>Run the following command to make root the owner of all the statically
-linked programs:</para>
+<para>To avoid this issue, you can add the
+<emphasis>lfs</emphasis> user to the new LFS system later when creating
+the <filename>/etc/passwd</filename> file, taking care to assign it the
+same user and group id. Alternatively, you can (and the book will assume
+you do) run the following command now, to assign the contents of the
+<filename class="directory">/static</filename> directory to user
+<emphasis>root</emphasis> by running the following command:</para>
<para><screen><userinput>chown -R 0:0 /static</userinput></screen></para>
-<para>The command uses "0:0" instead of "root:root", because there is no way
-to resolve the name "root", as glibc hasn't been installed yet.</para>
+<para>The command uses "0:0" instead of "root:root", because chown is unable
+to resolve the name "root" until glibc has been installed.</para>
</sect1>