who installs LFS root/user

Rod Roark rod at sunsetsystems.com
Tue Oct 10 07:16:59 PDT 2000


This is a very cool idea.  What I like about it the most is that each
file is effectively identified with its associated package, and so it
can be the foundation for a package management system.

Pay attention here.  Other package management systems require the software
to be packaged up in some special, custom way.  This is exactly what
LFS is NOT wanting to do.  Also we avoid needing a separate database
which can get out of sync with the actual contents of the filesystem.

I encourage Matthias to experiment with this and will be very interested
to hear how it goes.  Naturally there will be some exceptional situations,
like packages that want to add information to a system-wide configuration
file, but such things can be dealt with.

Sure you'll be cluttering up /etc/passwd, but worse things could happen
and there are ways to deal with that also.  And of course it doesn't 
help with dependencies, but that can be considered a separate problem
to solve in some other creative way.

-- Rod
   http://www.sunsetsystems.com/

On Tue, 10 Oct 2000, Matthias Benkmann wrote:
> 
> Wouldn't it be useful to create a separate user for every package you 
> install? The full name of the user would contain the package name and 
> version, the home directory could be the src/ directory for the package 
> (or the stow directory if you use stow) and the .plan file could contain 
> installation notes like the ftp:// source for the package. That way a 
> simple finger can identify every file in the system. All these users would 
> be in a group that has write access to bin/, .... but the files in bin/,.. 
> would be chmod go-w. 
> Now if I understand access rights correctly every package would be allowed 
> to
> a) overwrite its own files
> b) create new files
> 
> but would not be allowed to delete or overwrite files that belong to other 
> packages. 
> Root access would only be required for adding a new user for a new package 
> and for su'ing to the user. Neither the make install nor the following 
> chmod to clear the group write flag would require root access.
> 
> For security reasons, those users must be prohibited from logging in 
> directly, of course.
> 
> I was going to try this method when building my LFS system, so I'd 
> appreciate comments, especially security-related. Until now I've only 
> worked with a prefab distribution so I'm not very experienced as a 
> sysadmin.
> 
> MSB

-- 
Unsubscribe: send email to lfs-discuss-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message




More information about the lfs-dev mailing list