wording in "Changing ownership"

Matthias Benkmann matthias at winterdrache.de
Sat Oct 12 16:45:44 PDT 2002

Section "Changing ownership" says 

"The first thing we'll do, now that we're root, is change the ownership of
the files and directories installed in Chapter 5 to root -- because when
later we don't delete the /static directory and start adding new users,
one of these users might end up owning the statically linked programs,
which is not a good idea."

This sentence is 

a) too long

b) clumsy

c) not entirely correct

The main problem is the part "-- because when later we don't delete the
/static directory". This should be the start of a new sentence.
Furthermore "when" (instead of "if") suggests that not deleting /static is
the usual thing to do which it isn't. I also don't like the "we". This
should be "you" as this is strictly a matter of user choice (the book is
very inconsistent regarding "you" and "we" in general, but this is the 1st
location where it really annoys me).

I suggest the following text, which is both more informative and (IMHO)
easier to understand:

Right now the /static directory is owned by the lfs user. However, this
user account exists only on the host system. Although you may delete the
/static directory once you have finished your LFS system, you might want
to keep it around, e.g. for building yet another LFS. But if you keep
/static you will end up with files owned by a user id without a
corresponding account. This is dangerous because a user account created
later could get this user id and would suddenly own /static and all of the
files therein. This could open the /static directory to manipulation by an
untrusted user. To avoid this issue, you can add the lfs user to the new
LFS system later when creating /etc/passwd, taking care to assign it the
same user and group id. Alternatively, you can (and the book will assume
you do) run the following command now, to assign the contents of /static
to root:

chown -R 0:0 /static

The command uses "0:0" instead of "root:root", because chown is unable to
resolve the name "root" until glibc has been installed.

Note, that I've also rephrased the last paragraph to be more accurate ("no
way" is simply untrue) and simpler.


