From d0669248317c450ef2c0d983499181194eb93a4f Mon Sep 17 00:00:00 2001 From: Gerard Beekmans Date: Fri, 18 Oct 2002 18:08:39 +0000 Subject: reworded git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@2179 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689 --- chapter06/changingowner.xml | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) (limited to 'chapter06/changingowner.xml') diff --git a/chapter06/changingowner.xml b/chapter06/changingowner.xml index 8be1d39f0..f984f47d6 100644 --- a/chapter06/changingowner.xml +++ b/chapter06/changingowner.xml @@ -2,20 +2,31 @@ Changing ownership -The first thing we'll do, now that we're root, -is change the ownership of the files and directories installed in Chapter 5 -to root -- because when later we don't delete the -/static directory and start adding -new users, one of these users might end up owning the statically linked -programs, which is not a good idea. +Right now the /static directory is owned by the lfs user. However, +this user account exists only on the host system. Although you may delete +the /static directory once you have +finished your LFS system, you might want to keep it around, e.g. for +building more LFS systems. But if you keep the +/static directory you will end up +with files owned by a user id without a corresponding account. This is +dangerous because a user account created later could get this user id and +would suddenly own the /static +directory and all of the files therein. This could open the +/static directory to manipulation by +an untrusted user. -Run the following command to make root the owner of all the statically -linked programs: +To avoid this issue, you can add the +lfs user to the new LFS system later when creating +the /etc/passwd file, taking care to assign it the +same user and group id. Alternatively, you can (and the book will assume +you do) run the following command now, to assign the contents of the +/static directory to user +root by running the following command: chown -R 0:0 /static -The command uses "0:0" instead of "root:root", because there is no way -to resolve the name "root", as glibc hasn't been installed yet. +The command uses "0:0" instead of "root:root", because chown is unable +to resolve the name "root" until glibc has been installed. -- cgit v1.2.3-54-g00ecf