[bf8c11f] | 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
| 2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
|
---|
| 4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
| 5 | %general-entities;
|
---|
| 6 | ]>
|
---|
| 7 |
|
---|
| 8 | <sect1 id="ch-boot-changingowner">
|
---|
| 9 | <?dbhtml filename="changingowner.html"?>
|
---|
| 10 |
|
---|
| 11 | <title>Changing Ownership</title>
|
---|
| 12 |
|
---|
[cbfa0a3] | 13 | <note os="a">
|
---|
| 14 | <para>From now on, all commands in the rest of the book will be run as the <systemitem class="username">root</systemitem> user.</para>
|
---|
| 15 | </note>
|
---|
| 16 |
|
---|
| 17 | <para os="b">Currently, the <filename class="directory">/tools</filename>
|
---|
| 18 | directory, <filename class="directory">/cross-tools</filename> directory, and
|
---|
| 19 | <filename class="directory">$LFS</filename> directory are owned
|
---|
| 20 | by the user <systemitem class="username">lfs</systemitem>,
|
---|
| 21 | a user that exists only on the host system. For security reasons, the $LFS root directory and all of it subdirectories should be owned by <systemitem class="username">root</systemitem>. Change the ownership for $LFS and its subdirectories by running these commands:</para>
|
---|
| 22 |
|
---|
| 23 | <screen><userinput>chown 0:0 ${LFS}
|
---|
| 24 | chown -R 0:0 $LFS/{bin,boot,dev,etc,home,lib,media,mnt,opt,proc,root,sbin,srv,sys,tmp,usr,var}</userinput></screen>
|
---|
| 25 |
|
---|
[0636f6c] | 26 | <para os="c">The same issue also exists with <filename class="directory">/tools</filename> and <filename class="directory">/cross-tools</filename>. Although these directories can be deleted once the
|
---|
[cbfa0a3] | 27 | LFS system has been finished, they can be retained to build additional
|
---|
| 28 | LFS systems. If the <filename class="directory">/tools</filename> and <filename class="directory">/cross-tools</filename>
|
---|
| 29 | directories are kept as is, the files are owned by a user ID without a
|
---|
[bf8c11f] | 30 | corresponding account. This is dangerous because a user account created
|
---|
| 31 | later could get this same user ID and would own the <filename
|
---|
[cbfa0a3] | 32 | class="directory">/tools</filename> and <filename class="directory">/cross-tools</filename> directories and all the files therein,
|
---|
[bf8c11f] | 33 | thus exposing these files to possible malicious manipulation.</para>
|
---|
| 34 |
|
---|
[cbfa0a3] | 35 | <para os="d">To avoid this issue, add the <systemitem
|
---|
[bf8c11f] | 36 | class="username">lfs</systemitem> user to the new LFS system later when
|
---|
| 37 | creating the <filename>/etc/passwd</filename> file, taking care to assign
|
---|
| 38 | it the same user and group IDs as on the host system. Alternatively,
|
---|
| 39 | assign the contents of the <filename class="directory">/tools</filename>
|
---|
[cbfa0a3] | 40 | and <filename class="directory">/cross-tools</filename> directories to user <systemitem class="username">root</systemitem> by running
|
---|
[bf8c11f] | 41 | the following command:</para>
|
---|
| 42 |
|
---|
| 43 | <screen><userinput>chown -R 0:0 /tools
|
---|
[cbfa0a3] | 44 | chown -R 0:0 /cross-tools</userinput></screen>
|
---|
| 45 |
|
---|
| 46 | <para os="e">This book assumes you ran these <command>chown</command> commands.</para>
|
---|
[bf8c11f] | 47 |
|
---|
[cbfa0a3] | 48 | <!-- <para os="c">The command uses <parameter>0:0</parameter> instead of
|
---|
[bf8c11f] | 49 | <parameter>root:root</parameter>, because <command>chown</command>
|
---|
| 50 | is unable to resolve the name <quote>root</quote> until the password
|
---|
| 51 | file has been created. This book assumes you ran this
|
---|
[cbfa0a3] | 52 | <command>chown</command> command.</para> -->
|
---|
[bf8c11f] | 53 |
|
---|
| 54 | </sect1>
|
---|