source: BOOK/chroot/common/changingowner.xml@ 55581cc

clfs-3.0.0-systemd clfs-3.0.0-sysvinit systemd sysvinit
Last change on this file since 55581cc was 5215448, checked in by Joe Ciccone <jciccone@…>, 15 years ago

Add a note that chowning /tools and /cross-tools is not optional when chrooting. Utilities like mount are set u+s and require root privileges.

  • Property mode set to 100644
File size: 2.5 KB
RevLine 
[3f8be484]1<?xml version="1.0" encoding="ISO-8859-1"?>
[aa18ac0]2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
[3f8be484]4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ch-chroot-changingowner">
9 <?dbhtml filename="changingowner.html"?>
10
11 <title>Changing Ownership</title>
12
[5215448]13 <note>
14 <para>This step is not optional as some of the binaries in
15 <filename class="directory">/tools</filename> are set u+s.
16 leaving the permissions as is could cause some commands,
17 mount in particular, to fail later.</para>
18 </note>
19
[6bfe833]20 <para os="a">Currently, the <filename class="directory">/tools</filename>
[fa6e750]21 and <filename class="directory">/cross-tools</filename> directories
[ca77da8]22 are owned by the user <emphasis>clfs</emphasis>, a user that
[fa6e750]23 exists only on the host system. Although the <filename
24 class="directory">/tools</filename> and <filename
25 class="directory">/cross-tools</filename> directories can be deleted
[fb40919]26 once the CLFS system has been finished, they can be retained to build
27 additional CLFS systems. If the <filename class="directory">/tools</filename>
[fa6e750]28 and <filename class="directory">/cross-tools</filename> directories are
29 kept as is, the files are owned by a user ID without a corresponding
30 account. This is dangerous because a user account created later could
31 get this same user ID and would own the <filename
[9c127a8]32 class="directory">/tools</filename> directory and all the files therein,
[fa6e750]33 thus exposing these files to possible malicious manipulation.</para>
[3f8be484]34
[6bfe833]35 <para os="b">To avoid this issue, add the <systemitem
[ca77da8]36 class="username">clfs</systemitem> user to the new CLFS system later when
[6bfe833]37 creating the <filename>/etc/passwd</filename> file, taking care to assign
38 it the same user and group IDs as on the host system. Alternatively,
39 assign the contents of the <filename class="directory">/tools</filename>
40 and <filename class="directory">/cross-tools</filename> directories to
41 user <systemitem class="username">root</systemitem> by running the
42 following commands:</para>
[3f8be484]43
[6bfe833]44<screen os="c"><userinput>chown -Rv 0:0 /tools
[94e6142]45chown -Rv 0:0 /cross-tools</userinput></screen>
[3f8be484]46
[6bfe833]47 <para os="d">The commands use <parameter>0:0</parameter> instead of
[fa6e750]48 <parameter>root:root</parameter>, because <command>chown</command>
[9b65b70]49 is unable to resolve the name <quote>root</quote> until the
50 <filename>passwd</filename> file has been created.</para>
[3f8be484]51
52</sect1>
Note: See TracBrowser for help on using the repository browser.