who installs LFS root/user

Jesse Tie Ten Quee highos at highos.com
Tue Oct 10 03:59:05 PDT 2000


First things frist, this is just, In My Humble Opinion and a working
version would be interesting.

On Tue, Oct 10, 2000 at 01:11:24PM +0200, Matthias Benkmann wrote:
> Wouldn't it be useful to create a separate user for every package you 
> install? The full name of the user would contain the package name and 
> version, the home directory could be the src/ directory for the package 
> (or the stow directory if you use stow) and the .plan file could contain 
> installation notes like the ftp:// source for the package. That way a 
> simple finger can identify every file in the system. All these users would 
> be in a group that has write access to bin/, .... but the files in bin/,.. 
> would be chmod go-w. 
> Now if I understand access rights correctly every package would be allowed 
> to

Now, like i said, this would be interesting to see...but (IIRC) a group
can only have 32 users (someone correct me if i'm wrong) and adding a
new user for each package..would be having alot of users on my

The trouble of having a setup like that... i would prefer not to have.
It just seems to complicate things more (why do you think i use LFS? to
get away from complicated stuff that distro's do)

> but would not be allowed to delete or overwrite files that belong to other 
> packages. 

Overwritting packages are good in most cases... take shadow-utils, you
have to replace alot of programs (passwd, etc).

> For security reasons, those users must be prohibited from logging in 
> directly, of course.

Isn't hard todo.

> I was going to try this method when building my LFS system, so I'd 
> appreciate comments, especially security-related. Until now I've only 
> worked with a prefab distribution so I'm not very experienced as a 
> sysadmin.

prefab...*shudders and grins*

> Ambition is a poor excuse for not having enough sense to be lazy.

Ahh..the makings of a Perl Programmer.

Jesse Tie Ten Quee - highos at highos dot com

Unsubscribe: send email to lfs-discuss-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message

More information about the lfs-dev mailing list