1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
2 | <!DOCTYPE section [
|
---|
3 | <!ENTITY % general-entities SYSTEM "../general.ent">
|
---|
4 | %general-entities;
|
---|
5 | ]>
|
---|
6 | <section xmlns="http://docbook.org/docbook-ng"
|
---|
7 | xml:id="ch-system-changingowner">
|
---|
8 | <title>Changing ownership</title>
|
---|
9 | <?dbhtml filename="changingowner.html"?>
|
---|
10 |
|
---|
11 | <para>Right now the <filename class="directory">/tools</filename> directory
|
---|
12 | is owned by the user <emphasis>lfs</emphasis>, a user that exists only on your
|
---|
13 | host system. Although you will probably want to delete the
|
---|
14 | <filename class="directory">/tools</filename> directory once you have
|
---|
15 | finished your LFS system, you may want to keep it around, for example to
|
---|
16 | build more LFS systems. But if you keep the
|
---|
17 | <filename class="directory">/tools</filename> directory as it is, you end up
|
---|
18 | with files owned by a user ID without a corresponding account. This is
|
---|
19 | dangerous because a user account created later on could get this same user ID
|
---|
20 | and would suddenly own the <filename class="directory">/tools</filename>
|
---|
21 | directory and all the files therein, thus exposing these files to possible
|
---|
22 | malicious manipulation.</para>
|
---|
23 |
|
---|
24 | <para>To avoid this issue, you could add the <emphasis>lfs</emphasis> user to
|
---|
25 | your new LFS system later on when creating the <filename>/etc/passwd</filename>
|
---|
26 | file, taking care to assign it the same user and group IDs as on your host
|
---|
27 | system. Alternatively, you can (and the book assumes you do) assign the
|
---|
28 | contents of the <filename class="directory">/tools</filename> directory to
|
---|
29 | user <emphasis>root</emphasis> by running the following command:</para>
|
---|
30 |
|
---|
31 | <screen><userinput>chown -R 0:0 /tools</userinput></screen>
|
---|
32 |
|
---|
33 | <para>The command uses <parameter>0:0</parameter> instead of <parameter>root:root</parameter>,
|
---|
34 | because <userinput>chown</userinput> is unable to resolve the name
|
---|
35 | <quote>root</quote> until the password file has been created.</para>
|
---|
36 |
|
---|
37 | </section>
|
---|