r1196 - in trunk/BOOK: boot/common chroot/common

chris at linuxfromscratch.org chris at linuxfromscratch.org
Wed Feb 22 23:11:43 PST 2006


Author: chris
Date: 2006-02-23 00:11:39 -0700 (Thu, 23 Feb 2006)
New Revision: 1196

Modified:
   trunk/BOOK/boot/common/changingowner.xml
   trunk/BOOK/chroot/common/changingowner.xml
Log:
Simplified the Changing Ownership page for boot method

Modified: trunk/BOOK/boot/common/changingowner.xml
===================================================================
--- trunk/BOOK/boot/common/changingowner.xml	2006-02-23 07:08:57 UTC (rev 1195)
+++ trunk/BOOK/boot/common/changingowner.xml	2006-02-23 07:11:39 UTC (rev 1196)
@@ -10,35 +10,14 @@
 
   <title>Changing Ownership</title>
 
-  <para os="a">Currently, the <filename class="directory">/tools</filename>
-  directory, <filename class="directory">/cross-tools</filename> directory, and
-  <filename class="directory">$LFS</filename> directory are owned
-  by the user <systemitem class="username">lfs</systemitem>,
-  a user that exists only on the host system. For security reasons, the
-  $LFS root directory and all of it subdirectories should be owned by
-  <systemitem class="username">root</systemitem>. Change the ownership for $LFS and its subdirectories by running these commands:</para>
+  <para os="a">Currently, the <filename class="directory">$LFS</filename>
+  directory and all of its subdirectories  are owned by the user
+  <systemitem class="username">lfs</systemitem>, a user that exists only
+  on the host system. For security reasons, the $LFS root directory and
+  all of it subdirectories should be owned by
+  <systemitem class="username">root</systemitem>. Change the ownership
+  for $LFS and its subdirectories by running this command:</para>
 
-<screen><userinput>chown -v root:root ${LFS}
-chown -Rv root:root $LFS/{bin,boot,dev,etc,home,lib,media,mnt,opt,proc,root,sbin,srv,sys,tmp,usr,var}</userinput></screen>
+<screen os="b"><userinput>chown -Rv root:root ${LFS}</userinput></screen>
 
-  <para os="b">The same issue also exists with <filename class="directory">/tools</filename> and <filename class="directory">/cross-tools</filename>. Although these directories can be deleted once the
-  LFS system has been finished, they can be retained to build additional
-  LFS systems. If the <filename class="directory">/tools</filename> and <filename class="directory">/cross-tools</filename>
-  directories are kept as is, the files are owned by a user ID without a
-  corresponding account. This is dangerous because a user account created
-  later could get this same user ID and would own the <filename
-  class="directory">/tools</filename> and <filename class="directory">/cross-tools</filename> directories and all the files therein,
-  thus exposing these files to possible malicious manipulation.</para>
-
-  <para os="c">To avoid this issue, add the <systemitem
-  class="username">lfs</systemitem> user to the new LFS system later when
-  creating the <filename>/etc/passwd</filename> file, taking care to assign
-  it the same user and group IDs as on the host system. Alternatively,
-  assign the contents of the <filename class="directory">/tools</filename>
-  and <filename class="directory">/cross-tools</filename> directories to user <systemitem class="username">root</systemitem> by running
-  the following commands:</para>
-
-<screen><userinput>chown -Rv root:root /tools
-chown -Rv root:root /cross-tools</userinput></screen>
-
 </sect1>

Modified: trunk/BOOK/chroot/common/changingowner.xml
===================================================================
--- trunk/BOOK/chroot/common/changingowner.xml	2006-02-23 07:08:57 UTC (rev 1195)
+++ trunk/BOOK/chroot/common/changingowner.xml	2006-02-23 07:11:39 UTC (rev 1196)
@@ -10,7 +10,7 @@
 
   <title>Changing Ownership</title>
 
-    <para>Currently, the <filename class="directory">/tools</filename>
+    <para os="a">Currently, the <filename class="directory">/tools</filename>
     and <filename class="directory">/cross-tools</filename> directories
     are owned by the user <emphasis>lfs</emphasis>, a user that
     exists only on the host system. Although the <filename
@@ -25,14 +25,19 @@
     class="directory">/tools</filename> directory and all the files therein,
     thus exposing these files to possible malicious manipulation.</para>
 
-    <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"
-    href="../../boot/common/changingowner.xml"
-    xpointer="xpointer(//*[@os='c'])"/>
+    <para os="b">To avoid this issue, add the <systemitem
+    class="username">lfs</systemitem> user to the new LFS system later when
+    creating the <filename>/etc/passwd</filename> file, taking care to assign
+    it the same user and group IDs as on the host system. Alternatively,
+    assign the contents of the <filename class="directory">/tools</filename>
+    and <filename class="directory">/cross-tools</filename> directories to
+    user <systemitem class="username">root</systemitem> by running the
+    following commands:</para>
 
-<screen><userinput>chown -Rv 0:0 /tools
+<screen os="c"><userinput>chown -Rv 0:0 /tools
 chown -Rv 0:0 /cross-tools</userinput></screen>
 
-    <para>The commands use <parameter>0:0</parameter> instead of
+    <para os="d">The commands use <parameter>0:0</parameter> instead of
     <parameter>root:root</parameter>, because <command>chown</command>
     is unable to resolve the name <quote>root</quote> until the
     <filename>passwd</filename> file has been created.</para>




More information about the cross-lfs mailing list