source: BOOK/chroot/common/changingowner.xml @ 5215448

clfs-1.2clfs-2.1clfs-3.0.0-systemdclfs-3.0.0-sysvinitsystemdsysvinit
Last change on this file since 5215448 was 5215448, checked in by Joe Ciccone <jciccone@…>, 14 years ago

Add a note that chowning /tools and /cross-tools is not optional when chrooting. Utilities like mount are set u+s and require root privileges.
  • Property mode set to 100644
File size: 2.5 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4  <!ENTITY % general-entities SYSTEM "../../general.ent">
5  %general-entities;
6]>
7
8<sect1 id="ch-chroot-changingowner">
9  <?dbhtml filename="changingowner.html"?>
10
11  <title>Changing Ownership</title>
12
13    <note>
14      <para>This step is not optional as some of the binaries in
15      <filename class="directory">/tools</filename> are set u+s.
16      leaving the permissions as is could cause some commands,
17      mount in particular, to fail later.</para>
18    </note>
19
20    <para os="a">Currently, the <filename class="directory">/tools</filename>
21    and <filename class="directory">/cross-tools</filename> directories
22    are owned by the user <emphasis>clfs</emphasis>, a user that
23    exists only on the host system. Although the <filename
24    class="directory">/tools</filename> and <filename
25    class="directory">/cross-tools</filename> directories can be deleted
26    once the CLFS system has been finished, they can be retained to build
27    additional CLFS systems. If the <filename class="directory">/tools</filename>
28    and <filename class="directory">/cross-tools</filename> directories are
29    kept as is, the files are owned by a user ID without a corresponding
30    account. This is dangerous because a user account created later could
31    get this same user ID and would own the <filename
32    class="directory">/tools</filename> directory and all the files therein,
33    thus exposing these files to possible malicious manipulation.</para>
34
35    <para os="b">To avoid this issue, add the <systemitem
36    class="username">clfs</systemitem> user to the new CLFS system later when
37    creating the <filename>/etc/passwd</filename> file, taking care to assign
38    it the same user and group IDs as on the host system. Alternatively,
39    assign the contents of the <filename class="directory">/tools</filename>
40    and <filename class="directory">/cross-tools</filename> directories to
41    user <systemitem class="username">root</systemitem> by running the
42    following commands:</para>
43
44<screen os="c"><userinput>chown -Rv 0:0 /tools
45chown -Rv 0:0 /cross-tools</userinput></screen>
46
47    <para os="d">The commands use <parameter>0:0</parameter> instead of
48    <parameter>root:root</parameter>, because <command>chown</command>
49    is unable to resolve the name <quote>root</quote> until the
50    <filename>passwd</filename> file has been created.</para>
51
52</sect1>
Note: See TracBrowser for help on using the repository browser.