who installs LFS root/user

Matthias Benkmann mbenkmann at gmx.de
Tue Oct 10 04:11:24 PDT 2000


> > The only solution I could think of would be creating a user that might be
> > admin.system or something like that (but would that not be against all rules?)
> 
> This could be quite interesting. Such a user would do all the 
> installations. I suggest the user should be created after the setup of 
> LFS is completly done. He is the owner of the /usr/local tree and 
> therefore it would be possible to install things in the local tree but not to 
> overwrite LFS- Systemfiles. Especially not those 'hours-of-work'-/etc-
> files ;-) Hope I think of this when I'm done with LFS.

Wouldn't it be useful to create a separate user for every package you 
install? The full name of the user would contain the package name and 
version, the home directory could be the src/ directory for the package 
(or the stow directory if you use stow) and the .plan file could contain 
installation notes like the ftp:// source for the package. That way a 
simple finger can identify every file in the system. All these users would 
be in a group that has write access to bin/, .... but the files in bin/,.. 
would be chmod go-w. 
Now if I understand access rights correctly every package would be allowed 
to
a) overwrite its own files
b) create new files

but would not be allowed to delete or overwrite files that belong to other 
packages. 
Root access would only be required for adding a new user for a new package 
and for su'ing to the user. Neither the make install nor the following 
chmod to clear the group write flag would require root access.

For security reasons, those users must be prohibited from logging in 
directly, of course.

I was going to try this method when building my LFS system, so I'd 
appreciate comments, especially security-related. Until now I've only 
worked with a prefab distribution so I'm not very experienced as a 
sysadmin.

MSB

----
Ambition is a poor excuse for not having enough sense to be lazy.


-- 
Unsubscribe: send email to lfs-discuss-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message




More information about the lfs-dev mailing list