Context Navigation

source: BOOK/chroot/common/changingowner.xml@ c5eb1ea

Visit:

clfs-2.1 clfs-3.0.0-systemd clfs-3.0.0-sysvinit systemd sysvinit

Last change on this file since c5eb1ea was 5215448, checked in by Joe Ciccone <jciccone@…>, 16 years ago
Add a note that chowning /tools and /cross-tools is not optional when chrooting. Utilities like mount are set u+s and require root privileges.
Property mode set to `100644`
File size: 2.5 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6	]>
7
8	<sect1 id="ch-chroot-changingowner">
9	<?dbhtml filename="changingowner.html"?>
10
11	<title>Changing Ownership</title>
12
13	<note>
14	<para>This step is not optional as some of the binaries in
15	<filename class="directory">/tools</filename> are set u+s.
16	leaving the permissions as is could cause some commands,
17	mount in particular, to fail later.</para>
18	</note>
19
20	<para os="a">Currently, the <filename class="directory">/tools</filename>
21	and <filename class="directory">/cross-tools</filename> directories
22	are owned by the user <emphasis>clfs</emphasis>, a user that
23	exists only on the host system. Although the <filename
24	class="directory">/tools</filename> and <filename
25	class="directory">/cross-tools</filename> directories can be deleted
26	once the CLFS system has been finished, they can be retained to build
27	additional CLFS systems. If the <filename class="directory">/tools</filename>
28	and <filename class="directory">/cross-tools</filename> directories are
29	kept as is, the files are owned by a user ID without a corresponding
30	account. This is dangerous because a user account created later could
31	get this same user ID and would own the <filename
32	class="directory">/tools</filename> directory and all the files therein,
33	thus exposing these files to possible malicious manipulation.</para>
34
35	<para os="b">To avoid this issue, add the <systemitem
36	class="username">clfs</systemitem> user to the new CLFS system later when
37	creating the <filename>/etc/passwd</filename> file, taking care to assign
38	it the same user and group IDs as on the host system. Alternatively,
39	assign the contents of the <filename class="directory">/tools</filename>
40	and <filename class="directory">/cross-tools</filename> directories to
41	user <systemitem class="username">root</systemitem> by running the
42	following commands:</para>
43
44	<screen os="c"><userinput>chown -Rv 0:0 /tools
45	chown -Rv 0:0 /cross-tools</userinput></screen>
46
47	<para os="d">The commands use <parameter>0:0</parameter> instead of
48	<parameter>root:root</parameter>, because <command>chown</command>
49	is unable to resolve the name <quote>root</quote> until the
50	<filename>passwd</filename> file has been created.</para>
51
52	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: