who installs LFS root/user
mbenkmann at gmx.de
Tue Oct 10 04:11:24 PDT 2000
> > The only solution I could think of would be creating a user that might be
> > admin.system or something like that (but would that not be against all rules?)
> This could be quite interesting. Such a user would do all the
> installations. I suggest the user should be created after the setup of
> LFS is completly done. He is the owner of the /usr/local tree and
> therefore it would be possible to install things in the local tree but not to
> overwrite LFS- Systemfiles. Especially not those 'hours-of-work'-/etc-
> files ;-) Hope I think of this when I'm done with LFS.
Wouldn't it be useful to create a separate user for every package you
install? The full name of the user would contain the package name and
version, the home directory could be the src/ directory for the package
(or the stow directory if you use stow) and the .plan file could contain
installation notes like the ftp:// source for the package. That way a
simple finger can identify every file in the system. All these users would
be in a group that has write access to bin/, .... but the files in bin/,..
would be chmod go-w.
Now if I understand access rights correctly every package would be allowed
a) overwrite its own files
b) create new files
but would not be allowed to delete or overwrite files that belong to other
Root access would only be required for adding a new user for a new package
and for su'ing to the user. Neither the make install nor the following
chmod to clear the group write flag would require root access.
For security reasons, those users must be prohibited from logging in
directly, of course.
I was going to try this method when building my LFS system, so I'd
appreciate comments, especially security-related. Until now I've only
worked with a prefab distribution so I'm not very experienced as a
Ambition is a poor excuse for not having enough sense to be lazy.
Unsubscribe: send email to lfs-discuss-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message
More information about the lfs-dev