Changeset c97c572
- Timestamp:
- Feb 22, 2006, 11:24:55 PM (19 years ago)
- Children:
- 9f5bc2cc
- Parents:
- bed8e07
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
boot/common/changingowner.xml
rbed8e07 rc97c572 11 11 <title>Changing Ownership</title> 12 12 13 <para os="a">Currently, the <filename class="directory"> /tools</filename>14 directory , <filename class="directory">/cross-tools</filename> directory, and15 < filename class="directory">$LFS</filename> directory are owned16 by the user <systemitem class="username">lfs</systemitem>,17 a user that exists only on the host system. For security reasons, the18 $LFS root directory and all of it subdirectories should be owned by19 <systemitem class="username">root</systemitem>. Change the ownership for $LFS and its subdirectories by running these commands:</para>13 <para os="a">Currently, the <filename class="directory">$LFS</filename> 14 directory and all of its subdirectories are owned by the user 15 <systemitem class="username">lfs</systemitem>, a user that exists only 16 on the host system. For security reasons, the $LFS root directory and 17 all of it subdirectories should be owned by 18 <systemitem class="username">root</systemitem>. Change the ownership 19 for $LFS and its subdirectories by running this command:</para> 20 20 21 <screen><userinput>chown -v root:root ${LFS} 22 chown -Rv root:root $LFS/{bin,boot,dev,etc,home,lib,media,mnt,opt,proc,root,sbin,srv,sys,tmp,usr,var}</userinput></screen> 23 24 <para os="b">The same issue also exists with <filename class="directory">/tools</filename> and <filename class="directory">/cross-tools</filename>. Although these directories can be deleted once the 25 LFS system has been finished, they can be retained to build additional 26 LFS systems. If the <filename class="directory">/tools</filename> and <filename class="directory">/cross-tools</filename> 27 directories are kept as is, the files are owned by a user ID without a 28 corresponding account. This is dangerous because a user account created 29 later could get this same user ID and would own the <filename 30 class="directory">/tools</filename> and <filename class="directory">/cross-tools</filename> directories and all the files therein, 31 thus exposing these files to possible malicious manipulation.</para> 32 33 <para os="c">To avoid this issue, add the <systemitem 34 class="username">lfs</systemitem> user to the new LFS system later when 35 creating the <filename>/etc/passwd</filename> file, taking care to assign 36 it the same user and group IDs as on the host system. Alternatively, 37 assign the contents of the <filename class="directory">/tools</filename> 38 and <filename class="directory">/cross-tools</filename> directories to user <systemitem class="username">root</systemitem> by running 39 the following commands:</para> 40 41 <screen><userinput>chown -Rv root:root /tools 42 chown -Rv root:root /cross-tools</userinput></screen> 21 <screen os="b"><userinput>chown -Rv root:root ${LFS}</userinput></screen> 43 22 44 23 </sect1> -
chroot/common/changingowner.xml
rbed8e07 rc97c572 11 11 <title>Changing Ownership</title> 12 12 13 <para >Currently, the <filename class="directory">/tools</filename>13 <para os="a">Currently, the <filename class="directory">/tools</filename> 14 14 and <filename class="directory">/cross-tools</filename> directories 15 15 are owned by the user <emphasis>lfs</emphasis>, a user that … … 26 26 thus exposing these files to possible malicious manipulation.</para> 27 27 28 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" 29 href="../../boot/common/changingowner.xml" 30 xpointer="xpointer(//*[@os='c'])"/> 28 <para os="b">To avoid this issue, add the <systemitem 29 class="username">lfs</systemitem> user to the new LFS system later when 30 creating the <filename>/etc/passwd</filename> file, taking care to assign 31 it the same user and group IDs as on the host system. Alternatively, 32 assign the contents of the <filename class="directory">/tools</filename> 33 and <filename class="directory">/cross-tools</filename> directories to 34 user <systemitem class="username">root</systemitem> by running the 35 following commands:</para> 31 36 32 <screen ><userinput>chown -Rv 0:0 /tools37 <screen os="c"><userinput>chown -Rv 0:0 /tools 33 38 chown -Rv 0:0 /cross-tools</userinput></screen> 34 39 35 <para >The commands use <parameter>0:0</parameter> instead of40 <para os="d">The commands use <parameter>0:0</parameter> instead of 36 41 <parameter>root:root</parameter>, because <command>chown</command> 37 42 is unable to resolve the name <quote>root</quote> until the
Note:
See TracChangeset
for help on using the changeset viewer.