[3f8be484] | 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
[aa18ac0] | 2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
---|
[3f8be484] | 4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
| 5 | %general-entities;
|
---|
| 6 | ]>
|
---|
| 7 |
|
---|
| 8 | <sect1 id="ch-chroot-changingowner">
|
---|
| 9 | <?dbhtml filename="changingowner.html"?>
|
---|
| 10 |
|
---|
| 11 | <title>Changing Ownership</title>
|
---|
| 12 |
|
---|
[5215448] | 13 | <note>
|
---|
| 14 | <para>This step is not optional as some of the binaries in
|
---|
| 15 | <filename class="directory">/tools</filename> are set u+s.
|
---|
| 16 | leaving the permissions as is could cause some commands,
|
---|
| 17 | mount in particular, to fail later.</para>
|
---|
| 18 | </note>
|
---|
| 19 |
|
---|
[6bfe833] | 20 | <para os="a">Currently, the <filename class="directory">/tools</filename>
|
---|
[fa6e750] | 21 | and <filename class="directory">/cross-tools</filename> directories
|
---|
[ca77da8] | 22 | are owned by the user <emphasis>clfs</emphasis>, a user that
|
---|
[fa6e750] | 23 | exists only on the host system. Although the <filename
|
---|
| 24 | class="directory">/tools</filename> and <filename
|
---|
| 25 | class="directory">/cross-tools</filename> directories can be deleted
|
---|
[fb40919] | 26 | once the CLFS system has been finished, they can be retained to build
|
---|
| 27 | additional CLFS systems. If the <filename class="directory">/tools</filename>
|
---|
[fa6e750] | 28 | and <filename class="directory">/cross-tools</filename> directories are
|
---|
| 29 | kept as is, the files are owned by a user ID without a corresponding
|
---|
| 30 | account. This is dangerous because a user account created later could
|
---|
| 31 | get this same user ID and would own the <filename
|
---|
[9c127a8] | 32 | class="directory">/tools</filename> directory and all the files therein,
|
---|
[fa6e750] | 33 | thus exposing these files to possible malicious manipulation.</para>
|
---|
[3f8be484] | 34 |
|
---|
[6bfe833] | 35 | <para os="b">To avoid this issue, add the <systemitem
|
---|
[ca77da8] | 36 | class="username">clfs</systemitem> user to the new CLFS system later when
|
---|
[6bfe833] | 37 | creating the <filename>/etc/passwd</filename> file, taking care to assign
|
---|
| 38 | it the same user and group IDs as on the host system. Alternatively,
|
---|
| 39 | assign the contents of the <filename class="directory">/tools</filename>
|
---|
| 40 | and <filename class="directory">/cross-tools</filename> directories to
|
---|
| 41 | user <systemitem class="username">root</systemitem> by running the
|
---|
| 42 | following commands:</para>
|
---|
[3f8be484] | 43 |
|
---|
[6bfe833] | 44 | <screen os="c"><userinput>chown -Rv 0:0 /tools
|
---|
[94e6142] | 45 | chown -Rv 0:0 /cross-tools</userinput></screen>
|
---|
[3f8be484] | 46 |
|
---|
[6bfe833] | 47 | <para os="d">The commands use <parameter>0:0</parameter> instead of
|
---|
[fa6e750] | 48 | <parameter>root:root</parameter>, because <command>chown</command>
|
---|
[9b65b70] | 49 | is unable to resolve the name <quote>root</quote> until the
|
---|
| 50 | <filename>passwd</filename> file has been created.</para>
|
---|
[3f8be484] | 51 |
|
---|
| 52 | </sect1>
|
---|