1 | <?xml version="1.0" encoding="ISO-8859-1"?> |
---|
2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" |
---|
3 | "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [ |
---|
4 | <!ENTITY % general-entities SYSTEM "../../general.ent"> |
---|
5 | %general-entities; |
---|
6 | ]> |
---|
7 | |
---|
8 | <sect1 id="ch-boot-changingowner"> |
---|
9 | <?dbhtml filename="changingowner.html"?> |
---|
10 | |
---|
11 | <title>Changing Ownership</title> |
---|
12 | |
---|
13 | <para os="a">Currently, the <filename class="directory">/tools</filename> |
---|
14 | directory is owned by the user <systemitem class="username">lfs</systemitem>, |
---|
15 | a user that exists only on the host system. Although the <filename |
---|
16 | class="directory">/tools</filename> directory can be deleted once the |
---|
17 | LFS system has been finished, it can be retained to build additional |
---|
18 | LFS systems. If the <filename class="directory">/tools</filename> |
---|
19 | directory is kept as is, the files are owned by a user ID without a |
---|
20 | corresponding account. This is dangerous because a user account created |
---|
21 | later could get this same user ID and would own the <filename |
---|
22 | class="directory">/tools</filename> directory and all the files therein, |
---|
23 | thus exposing these files to possible malicious manipulation.</para> |
---|
24 | |
---|
25 | <para os="b">To avoid this issue, add the <systemitem |
---|
26 | class="username">lfs</systemitem> user to the new LFS system later when |
---|
27 | creating the <filename>/etc/passwd</filename> file, taking care to assign |
---|
28 | it the same user and group IDs as on the host system. Alternatively, |
---|
29 | assign the contents of the <filename class="directory">/tools</filename> |
---|
30 | directory to user <systemitem class="username">root</systemitem> by running |
---|
31 | the following command:</para> |
---|
32 | |
---|
33 | <screen><userinput>chown -R 0:0 /tools |
---|
34 | chown -R 0:0 ${LFS}</userinput></screen> |
---|
35 | |
---|
36 | <para os="c">The command uses <parameter>0:0</parameter> instead of |
---|
37 | <parameter>root:root</parameter>, because <command>chown</command> |
---|
38 | is unable to resolve the name <quote>root</quote> until the password |
---|
39 | file has been created. This book assumes you ran this |
---|
40 | <command>chown</command> command.</para> |
---|
41 | |
---|
42 | </sect1> |
---|